The cnPilot E400, E500 and ePMP1000 Hotspot support capturing packets on the ethernet port as well as the radio interface of the AP, for troubleshooting purposes. The APs use the standard linux tool tcpdump for this, and support filtering of packets following the standard tcpdump syntax.
Packet capture can be initiated from the CLI or the GUI on the device. It is also supported from cnMaestro.
The options from the CLI include:
E400-AABBCC(config)# packet-capture wlan 1 Specify wlan number (1-32) followed optionally by a filter. e.g.: Format: <protocol> <direction> <type> src or dst [host], net, port arp icmp ether dst <aa:bb:cc:dd:ee:ff> # Matches packet's destination MAC address ether src <aa:bb:cc:dd:ee:ff> # Matches packet's source MAC address [ip] dst <a.b.c.d> # Matches packet's destination IP address [ip] src <a.b.c.d> # Matches packet's src IP address tcp dst port X # Matches packet's tcp destination port tcp src port X # Matches packet's tcp source port udp dst port X # Matches packet's udp destination port udp src port X # Matches packet's udp source port dst port X # Matches packet's tcp or udp destination port src port X # Matches packet's tcp or udp source port
On the GUI the capture point for wireless can be specified either through the SSID, or the index (1..16) of the WLAN. Screen captures below show examples of packets being filtered either by the MAC address of a particular wireless client (ether host 00:11:22:33:44:55) or its IP address (host 10.140.134.7) or all packets matching a particular port number, in this case port 80 which is used for HTTP/WWW browsing.
Lastly it is also possible to build filters with multiple matching rules, combined together with and or or tokens, such as the case below that looks for both a particular port number, as well as an IP address:
All the packet capture is currently an 'inline display' that can be copy-pasted out. We are looking to provide the option to save the packets for external viewing (through Wireshark for instance) in a future release.