Capture wireless packets from remote access points to diagnose and troubleshoot network issues.
Go to Wireless > Diagnostics > Packet Capture and set up packet capture for your access points.
For more information on diagnosing and troubleshooting issues see Frequently asked questions.
The access point acts as a distributed sniffer, and captures packets on the configured channel and configured channel width from remote access points. If you have configured Autochannel, the access points will capture packets on the channel picked by Autochannel. See Access Point Details.
The access point can't capture its own transmitted packets. It can only capture received (rx) packets.
Packet capture across all access points
|Access points||Band: 2.4 Ghz |
SSID: Not configured
|Band: 2.4 Ghz |
|Band: 5 Ghz |
SSID: Not configured
|Band: 5 Ghz |
|All packets received by the access point in the channel are captured.||Packets intended for the access point and broadcasts are captured.||All packets received by the access point in the channel are captured.||All packets received by the access point in the channel are captured.|
The access point uses TaZmen Sniffer Protocol (TZSP) as an encapsulation protocol that runs over User Datagram Protocol (UDP). The access point encapsulates the wireless packets with TZSP and sends it to the configured server (running Wireshark) on UDP port 37008.
If the UDP port 37008 is not open, an Internet Control Message Protocol (ICMP) packet with the error "destination port unreachable" is generated for every packet sent by the access point.
You can use a display filter in your capture tool such as Wireshark to see only wireless packets. For example, you can use
tzsp && !(icmp) as a filter.
You can search access points either by name or serial number. You can also filter access points based on the sites. By default, all the access points are displayed.
Before you start you need to check the following:
- Make sure the IP address configured for the packet capture is reachable.
- Install Wireshark on the server or PC.
- The server might have multiple interfaces and so run Wireshark on the interface which has the configured IP address.
- To check only the wireless traffic sent by access point, apply the filter
tzsp && !(icmp).
- You can save packets on the server using Save in Wireshark.
Use the configured server IP address and port number to start capturing network packets. You need to set the following options.
Status: You can capture packets only when the access point status is green.
Status Description Access point is online. Access point is offline.
Access Point Name: Access point hostname.
Serial Number: Serial number of the access point.
Client MAC: (Optional). Access point will capture packets from this MAC address.
Server IP: Access point sends packets to this server on UDP port 37008.
You must run a packet capture tool such as Wireshark on the server to see the packets. We recommend that you use a server in the same subnet as the access point. If the server is in a different subnet or in the cloud, you must allow the UDP port in the firewall.
Duration (sec): Time interval for the packet capture.
Action: Start or stop the packet capture.
Status: Status of the packet capture.
Status Description Started Packet capture has started. Completed Packet capture is complete. Not Supported The firmware on the access point doesn’t support packet capture. Server not reachable Access point is unable to reach the IP address.