Debugging of wireless-related issues often need analysis of wireless packets in the air. Capturing such frames using an independent sniffer needs presence in the proximity of access point & wireless clients. This task becomes more difficult when the access point is using directional antennas and/or is mounted on a tower.
However, these challenges can be overcome if access point itself can do the sniffing while serving the wireless clients and send these captures to the remote server. At the remote server, these captures can be filtered and analyzed easily.
One might worry about increased bandwidth consumption while sending wireless packets to the remote server. To handle such concerns, wireless filters at access point level along with timed duration (or packet count) can be used while doing such capture.
Starting 3.6 builds, cambium access points (all platforms) now support this feature along with wired capture.
CLI for Radio Capture
Redirect option under packet-capture provides the mechanism to stream wired and wireless packets to the remote server. For streaming wireless packets, pick up radio of interest and remote server IP as the mandatory parameters (other parameters are optional and are meant for packet filtering and controlling packet count/duration).
Streaming will automatically stop (based on packet-count or duration) or can be stopped manually using "packet-capture redirect stop" command.
CLI for Wired Capture
Wired capture can be done on ETH, VLAN and WLAN interfaces.
Flow:
A stream of packets is sent to the remote server using TZSP frames which are UDP packets sent on port 37008. The payload of such UDP frames contains TZSP header and wired/wireless packet data. In case of wireless packets, TZSP header also contains the radio tap information such as channel, signal strength, and data rate etc.
Whenever packet capture command (wired or wireless) with redirect option is started it starts TZSP process in the system which starts capturing data on the specified interface. Any such captured frame will be sent to the remote server by the TZSP process. Capturing is stopped with the completion of TZSP process.
Capturing wireless packets on radio involves creating a monitor WLAN and attaching TZSP process to the same (done automatically by packet-capture command). Hence, when packet capturing is required the access point can run at max 15 WLANs otherwise the packet capture command will fail.
Note: Data packets from the secured SSID on the AP (where packet-capture is running) will be captured as an unencrypted packet which gives more flexibility for debugging compared to standalone sniffers. Since data is on the wired network, it doesn't compromise the system in any way.
Capture on Radio Interface
Capture on Wired Interface
Note:
After Packet Streaming is completed on the radio, it is mandatory to stop it (using packet-capture redirect stop) otherwise radio channel on AP cannot be changed.