Packet Capture

Capture wireless packets from remote access points to diagnose and troubleshoot network issues.

The access point acts as a distributed sniffer, and captures packets on the configured channel and configured channel width from remote access points. If you have configured Autochannel , the access points will capture packets on the channel picked by Autochannel.

The access point can't capture its own transmitted packets. It can only capture received (rx) packets.

Table 1. Packet capture across all access points

Access points

Band: 2.4 Ghz

SSID: Not configured

Band: 2.4 Ghz

SSID: Configured

Band: 5 Ghz

SSID: Not configured

Band: 5 Ghz

SSID: Configured

AP15C

AP100

APX

All packets received by the access point in the channel are captured.

Packets intended for the access point and broadcasts are captured.

All packets received by the access point in the channel are captured.

All packets received by the access point in the channel are captured.

The access point uses TaZmen Sniffer Protocol (TZSP) as an encapsulation protocol that runs over User Datagram Protocol (UDP). The access point encapsulates the wireless packets with TZSP and sends it to the configured server (running Wireshark) on UDP port 37008.

If the UDP port 37008 is not open, an Internet Control Message Protocol (ICMP) packet with the error "destination port unreachable" is generated for every packet sent by the access point.

You can use a display filter in your capture tool such as Wireshark to see only wireless packets. For example, you can use wlan or tzsp && !(icmp)as a filter.

You can search access points either by name or serial number. You can also filter access points based on the sites. By default, all the access points are displayed.

Configuration Prerequisites

Before you start you need to check the following:

  • Make sure the IP address configured for the packet capture is reachable.
  • Install Wireshark on the server or PC.
  • The server might have multiple interfaces and so run Wireshark on the interface which has the configured IP address.
  • To check only the wireless traffic sent by access point, apply the filter wlan or tzsp && !(icmp).
  • You can save packets on the server using Save in Wireshark.

Configuration

Use the configured server IP address and port number to start capturing network packets. You need to set the following options.

Status: You can capture packets only when the access point status is green.

Status

Description

Green filled circle

Access point is online.

Grey filled circle

Access point is offline.

Access Point Name: Access point hostname.

Serial Number: Serial number of the access point.

Client MAC: (Optional). Access point will capture packets from this MAC address.

Server IP: Access point sends packets to this server on UDP port 37008. You must run a packet capture tool such as Wireshark on the server to see the packets. We recommend that you use a server in the same subnet as the access point. If the server is in a different subnet or in the cloud, you must allow the UDP port in the firewall.

Duration (sec): Time interval for the packet capture.

Action: Start or stop the packet capture.

Status: Status of the packet capture.

Status

Description

Started

Packet capture has started.

Completed

Packet capture is complete.

Not Supported

The firmware on the access point doesn’t support packet capture.

Server not reachable

Access point is unable to reach the IP address.