how-to_‎ > ‎cisco_wlc_‎ > ‎

Airopeek Remote Sniffing using Wireshark

posted Mar 3, 2014, 5:41 AM by Daniele Albrizio   [ updated Mar 3, 2014, 7:02 AM ]
This poorly documented feature enables remotely sniffing the airspece usine an lightweight AP in Sniffer mode.

  1. Select your favourite AP and begin sniffing by first electing his AP mode as sniffer
  2. Wait for the AP to reboot and check the admin status is enabled
  3. For each of the AP radio  in Radios > 802.11a/n/ac and Radios > 802.11b/g/n select:
    1. sniff > on
    2. channel > central channel to sniff on
    3. Server > ip address of a machine running wireshark
  4. On the machine running wireshark expect udp packets from WLC management IP port 5555 to your wireshark machine ip port 5000
  5. Start capturing with wireshark (filter: port 5000) then right click on one packet from the capture windows and select decode as PeekRemote dissector

More info : https://supportforums.cisco.com/docs/DOC-19214

Comments