3/17/2023 0 Comments Wireshark capture filter ssid![]() ![]() ![]() Once created, you can apply that capture filter to Ethernet interface as shown below. (Read this article for more information on capture filter options) You can create a capture filter by Capture > Capture Filter menu on wireshark as shown below. To filter wireless traffic, you can apply a capture filter with UDP port number 5555. In wireless analysis, you are not interested to see that traffic. You notice, addition to those wireless frames you will see traffic going in/out from windows PC (192.168.20.124). Once you do this, you will see those 802.11 wireless frames that you did not able to see previously. You can simply right-click & choose “Decode As” option shown below. If you want to see inside packets detail, you have to decode these frame as “PEEKREMOTE”. Note that most of traffic is UDP traffic from src port 5555 to dst port 5000 (from WLC IP to Wireshark PC IP). ![]() Now if you start capturing on Ethernet Interface of your windows laptop, you will see something like below. As my OEAP operate in 40MHz, selected that in sniffer config (if you want to capture 80MHz, 802.11ac frames, you have to set it to 80MHz) Then go to Wireless > 802.11a/n/ac > tick “sniff” check box & specify the Wireshark running PC as server IP address as shown below. Once 3702-1 registered with 2504, you can simply change it to “Sniffer” mode. ![]() Client Servicing AP configured as Office Extend (OEAP) registered to a Corp WLC with personal SSID (mrn-cciew) enabled with a PSK. My monitoring PC running Windows 10 with wireshark 2.6.4 version. I have used 2504 WLC & 3702 AP in Sniffer mode. (In a previous post we did same thing using Omnipeek which is a commercial product) In this post we will see how you can use Cisco AP in sniffer mode to capture wireless packets with Wireshark which is a free tool. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |