Wireshark-users: Re: [Wireshark-users] Question on wireless sniffing and Cisco AP modes

Date Prev · Date Next · Thread Prev · Thread Next
Date Index · Thread Index · Other Months · All Mailing Lists
From: Guy Harris <guy@xxxxxxxxxxxx>
Date: Tue, 28 Apr 2009 16:02:44 -0700

On Apr 27, 2009, at 8:57 AM, Steven Pfister wrote:
I'm trying to learn a little about wireless troubleshooting. In reading about the sniffer mode of Cisco APs, a lot of the Cisco pages I've read say it requires Airopeek. But a Cisco Press book I'm reading says "operates with an Omnipeek, Airmagnet, or Wireshark server." Is there such a thing as a Wireshark server?
Perhaps there is, but nobody appears to have bothered to tell the Wireshark core team about it. :-) 

Googling for

	omnipeek wireshark airmagnet cisco access point

found

	http://www.cisco.com/en/US/docs/wireless/controller/5.0/configuration/guide/c5err.html

which says

	Prerequisites for Wireless Sniffing
To perform wireless sniffing, you need the following hardware and software:
o A dedicated access point—An access point configured as a sniffer cannot simultaneously provide wireless access service on the network. To avoid disrupting coverage, use an access point that is not part of your existing wireless network.
o A remote monitoring device—A computer capable of running the analyzer software.
o Windows XP or Linux operating system—The controller supports sniffing on both Windows XP and Linux machines.
o Software and supporting files, plug-ins, or adapters—Your analyzer software may require specialized files before you can successfully enable sniffing:
–Omnipeek or Airopeek—Go to http://www.wildpackets.com and follow the instructions to purchase, install, and configure the software.
–AirMagnet—Go to http://www.airmagnet.com/products/ea_cisco/#top and follow the instructions to purchase, install, and configure the software.
–Wireshark—Go to http://tools.cisco.com/support/downloads and follow the instructions to download Wireshark and the correct installation wizard for your operating system.
and then proceeds to talk about how to configure the access point - but *not* how to configure the sniffer.
Perhaps they've modified Wireshark - or libpcap/WinPcap - to support remote capture. Or perhaps, given that they mention setting the IP address of the sniffing machine, they have a server process to which the AP sends packets, and you have Wireshark capture from a named pipe that provides access to that server.