Scribd
Upload
22 views5 pages

OTA Streaming Pcap Steps

Uploaded by

ahamedamanullah786
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
22 views5 pages

OTA Streaming Pcap Steps

Uploaded by

ahamedamanullah786
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 5

Ver 1.

Ruckus OTA streaming capture using ZD and 9.4 + FW

1- Make note of the IP address of the AP you will use to do the OTA(over the air) capture.

2- Don't forget to select the radio interface first on in the Diagnostics configuration of the ZD

( 2.4 or 5GHz )

3-From ZD administer/diagnostics tab - Packet Capture = select the AP (MAC) you intend to as a PCAP
capture device

You need to start streaming before you begin setting the WireShark Interface selection.

4-Select “streaming mode” and START

Use Wireshark 1.10.+ for best results.

From the Menu Select Options first…


Ver 1.0
Open Manage Interfaces and keep promiscuous mode set on all INT

Select Remote Interfaces / Add /enter AP IP address / Null Auth / OK

If this fails to start as shown below : check the status of the designated target capture AP in the ZD GUI
“stop” is indicating the interfaces are available to WShark.

Select the INT (WIF) you have enabled in the ZD interface for PCAP - Apply then close

WIF is shown as rpcap://[IP]/ WLAN100 for 2.4GHz, or WLAN101 for 5GHz INT.
Ver 1.0
Before enabling capture streaming mode, use check mark to hide all of the extra interfaces that you
don’t need listed as available capture interfaces.

Now the AP enabled (unchecked) interfaces should show up as available to Wireshark

Select the WLAN100/101 as pcap INT, and uncheck the rest of them- the Click START

NOTE : You should only enable the capture interfaces you are planning to for this specific capture. This
will prevent Wireshark from opening multiple application level instances on your windows OS- which
gets messy..
Ver 1.0

If this happens go to the Windows task manager and clear them out (end them all)

Once cleared out - Start over with the Wireshark Interface designation, enable and selection.

Note : It is important to get all pcaps specific to the reported issue, and label the files appropriately so
that the capture information contained points to the targeted information or event.

It is best not to set any filters when doing the capture which may possibly hide an issue or some network
congestion, a faulty interface, or any malicious activity on the network.
Ver 1.0
SA AP mode support

If the ZD based capture is not an option, the AP can be set to streaming mode using SSH into the CLI.

Be sure to disable this when you are finished capturing.

set capture wlan[100|101] [idle | [stream|local] [-no [b][c][d][p]] <filter>]

get capture wlan[100|101] [state|copy <desthost> <destfile>]

Where ( depending on FW levels – 50/51 is older FW INT designation

50/100 = 2.4 GHz radio

51/101 = 5 GHz radio

idle = turns off packet capture

stream = enables streaming mode

local = enables local mode

-nobcdp = excludes 802.11 beacons/control/data packets or isn’t promiscuous

(captures only packets to/from the AP, and not all packets in the air)

filter = pcap-filter syntax (i.e. filter only certain MAC or IP Address)

In the AP cli u can do the following to enable streaming mode on the AP

If u want to catch in the 2.4G then

Rkscli: set capture wlan100 stream

If u want to capture in the 5 G, then

Rkscli: set capture wlan101 stream

You might also like