Wireshark-users: Re: [Wireshark-users] Question on wireless sniffing and Cisco AP modes

Date Prev · Date Next · Thread Prev · Thread Next
Date Index · Thread Index · Other Months · All Mailing Lists
From: Guy Harris <guy@xxxxxxxxxxxx>
Date: Tue, 28 Apr 2009 16:02:44 -0700
On Apr 27, 2009, at 8:57 AM, Steven Pfister wrote:
I'm trying to learn a little about wireless troubleshooting. In reading about the sniffer mode of Cisco APs, a lot of the Cisco pages I've read say it requires Airopeek. But a Cisco Press book I'm reading says "operates with an Omnipeek, Airmagnet, or Wireshark server." Is there such a thing as a Wireshark server? 
Perhaps there is, but nobody appears to have bothered to tell the  
Wireshark core team about it. :-)

Googling for

	omnipeek wireshark airmagnet cisco access point

found

	http://www.cisco.com/en/US/docs/wireless/controller/5.0/configuration/guide/c5err.html

which says

	Prerequisites for Wireless Sniffing


	  To perform wireless sniffing, you need the following hardware and  
software:

	  o A dedicated access point—An access point configured as a sniffer  
cannot simultaneously provide wireless access service on the network.  
To avoid disrupting coverage, use an access point that is not part of  
your existing wireless network.

	  o A remote monitoring device—A computer capable of running the  
analyzer software.

	  o Windows XP or Linux operating system—The controller supports  
sniffing on both Windows XP and Linux machines.

	  o Software and supporting files, plug-ins, or adapters—Your  
analyzer software may require specialized files before you can  
successfully enable sniffing:

	    –Omnipeek or Airopeek—Go to http://www.wildpackets.com and follow  
the instructions to purchase, install, and configure the software.

	    –AirMagnet—Go to http://www.airmagnet.com/products/ea_cisco/#top  
and follow the instructions to purchase, install, and configure the  
software.

	    –Wireshark—Go to http://tools.cisco.com/support/downloads and  
follow the instructions to download Wireshark and the correct  
installation wizard for your operating system.

and then proceeds to talk about how to configure the access point -  
but *not* how to configure the sniffer.

Perhaps they've modified Wireshark - or libpcap/WinPcap - to support  
remote capture.  Or perhaps, given that they mention setting the IP  
address of the sniffing machine, they have a server process to which  
the AP sends packets, and you have Wireshark capture from a named pipe  
that provides access to that server.