To minimize the performance impact on the WAP device during traffic capture, install capture filters to limit which traffic is sent to the Wireshark tool. The performance of the WAP device also is negatively impacted during packet capture, and this impact continues to a lesser extent even when there is no active Wireshark session. Packet capture parameters (other than the mode) are saved in NVRAM.Įnabling the packet capture feature can create a security issue: Unauthorized clients may be able to connect to the WAP device and trace user data. If the WAP device resets, the capture mode is disabled and then you must enable it again to resume capturing traffic. For example, if the Wireshark IP port is configured to be 58000, then this capture filter is automatically installed on the WAP device: not port range 58000-58004ĭue to performance and security issues, the packet capture mode is not saved in NVRAM on the WAP device. To avoid a traffic flood caused by tracing the packets, the WAP device automatically installs a capture filter to filter out all packets destined to the Wireshark application. Depending on the location of the Wireshark tool, the traffic can be sent on an Ethernet interface or one of the radios. In remote capture mode, traffic is sent to the computer running Wireshark through one of the network interfaces. !(wlan.fc.type_subtype = 8 | | wlan.fc.type = 1)Īll traffic to and from a specific client:
Some examples of useful display filters are: Traffic on specific Basic Service Set IDs (BSSIDs). You can set up a display filter to show only: When you are capturing traffic on the radio interface, you can disable beacon capture, but other 802.11 control frames are still sent to Wireshark. We recommend that if you do not use the default port use a port number greater than 1024. Verify that you have four consecutive port numbers available. The system uses four consecutive port numbers, starting with the configured port for the remote packet capture sessions.
0 kommentar(er)
