mailose.blogg.se

We already know that the 5555 is the UDP port, but the "0" is specifying the data structure.

Think of this as a database structure or field structure. However, when you sent the data, you told the AP to send it using a specific structure. You do this by using the following command prior to performing the capture, "ap packet-capture open-port 5555" and then when you are done, closing it up by using the command "ap packet-capture close-port 5555"Īt this point the AP will send the capture data to the computer running the packet analyzer. This is an issue when doing a packet capture, you need to tell the AP to continue to encrypt its communications with the controller, except for UDP 5555 (or 5000) frames that are being sent to the analyzer. If you have CPsec enabled, CPsec tells the AP that its communications should be performed encrypted using IPsec. Wireshark typically uses UDP 5555, Omnipeek uses UDP 5000. So you will need to tell the analyzer software to look for UDP 5555 frames, grab the contents of these frames, and treat them as a packet stream. The 5555 tells the packet analyzer software that the capture data is encapsulated in UDP 5555 frames. When the AP sends the capture information to this computer, the AP needs to encapsulate the capture (package the capture data) in order for the analyzer to know that it is a capture and not a data frame.

This is the computer that will be running Wireshark, Omnipeek, or whatever analyzer you have running. The IP address is specifying the computer that you will be analyzing the capture from. This could have been "ap-name " or it could have been the MAC address of the AP. The next piece is "ip-addr 172.23.2.249" which is specifying the AP that the capture is being performed from. The first part is "ap packet-capture raw-start" which states that you want to capture from an AP and you want to capture all of the data (raw-start) that the radio of the AP hears or that the AP is transmitting. Let's take a look at the command that you used: Anyway, when doing an AP Packet Capture (or PCAP from an IAP) there are a few key components of the capture. I couldn't find a link to it, but its you can, check it out. I did a session at ATM19 "AB250: Capturing the Data" which discusses the 4 different types of capturing on an Aruba controller.