Packet capture for troubleshooting

The cnPilot E400, E500 and ePMP1000 Hotspot support capturing packets on the ethernet port as well as the radio interface of the AP, for troubleshooting purposes. The APs use the standard linux tool tcpdump for this, and support filtering of packets following the standard tcpdump syntax. 

Packet capture can be initiated from the CLI or the GUI on the device. It is also supported from cnMaestro.

The options from the CLI include:

E400-AABBCC(config)# packet-capture wlan 1 

  Specify wlan number (1-32) followed optionally by a filter. e.g.: 
        Format: <protocol>   <direction>   <type>
                             src or dst    [host], net, port
        ether dst  <aa:bb:cc:dd:ee:ff>  # Matches packet's destination MAC address
        ether src  <aa:bb:cc:dd:ee:ff>  # Matches packet's source MAC address
        [ip] dst  <a.b.c.d>  # Matches packet's destination IP address
        [ip] src  <a.b.c.d>  # Matches packet's src IP address

        tcp dst port X  # Matches packet's tcp destination port
        tcp src port X  # Matches packet's tcp source port

        udp dst port X  # Matches packet's udp destination port
        udp src port X  # Matches packet's udp source port

        dst port X # Matches packet's tcp or udp destination port
        src port X # Matches packet's tcp or udp source port

On the GUI the capture point for wireless can be specified either through the SSID, or the index (1..16) of the WLAN. Screen captures below show examples of packets being filtered either by the MAC address of a particular wireless client (ether host 00:11:22:33:44:55) or its IP address (host or all packets matching a particular port number, in this case port 80 which is used for HTTP/WWW browsing.




Lastly it is also possible to build filters with multiple matching rules, combined together with and or or tokens, such as the case below that looks for both a particular port number, as well as an IP address:

All the packet capture is currently an 'inline display' that can be copy-pasted out. We are looking to provide the option to save the packets for external viewing (through Wireshark for instance) in a future release.

1 Like