You are here: Home > CLI Commands > Just_CLI_Topics > ap packet capture

ap packet-capture

ap packet-capture

   clear <ap-name|ip-addr|ip6-addr>] <pcap-id> radio <0|1>

   close-port <port>

   interactive <ap-name|ip-addr|ip6-addr> <filter-spec> <target-ip> <target-port> radio <0|1> channel <channel>

   open-port <port>

   pause <ap-name|ip-addr|ip6-addr> <pcap-id> radio <0|1>

   raw-start [<ap-name|ip-addr|ip6-addr>] <target-ip> <target-port> <format> radio <0|1> channel <channel> maxlen <maxlen>

   resume [<ap-name|ip-addr|ip6-addr>] <pcap-id> radio <0|1>

   stop <ap-name|ip-addr|ip6-addr> <pcap-id> radio <0|1>

   wired-start <ap-name|ip-addr|ip6-addr> <target-ip> <target-port>

   wired-stop <ap-name|ip-addr|ip6-addr> <target-ip> <target-port>

Description

These commands manage WiFi packet capture (PCAP) on Aruba APs. The WiFi packets are encapsulated in a UDPUser Datagram Protocol. UDP is a part of the TCP/IP family of protocols used for data transfer. UDP is typically used for streaming media. UDP is a stateless protocol, which means it does not acknowledge that the packets being sent have been received. header and sent to a client running a packet analyzer like Wildpacket’s Airopeek, Omnipeek, or Wireshark.

Syntax

Parameter

Description

clear

Clears the packet capture session.

ap-name <ap-name>

Name of the AP.

ip-addr <ip-addr>

IP address of the AP.

ip6-addr <ip6-addr>

IPv6 address of the AP.

<pcap-id>

ID of the PCAP session.

radio <0-1>

ID of the radio sending the packets

close-port <port>

(CPsecControl Plane Security. CPsec is a secure form of communication between a controller and APs to protect the control plane communications. This is performed by means of using public-key self-signed certificates created by each master controller.  Campus APsCampus APs are used in private networks where APs connect over private links (LAN, WLAN, WAN or MPLS) and terminate directly on controllers. Campus APs are deployed as part of the indoor campus solution in enterprise office buildings, warehouses, hospitals, universities, and so on. and Remote APsRemote APs extend corporate network to the users working from home or at temporary work sites. Remote APs are deplyed at branch office sites and are connected to the central network on a WAN link. only) Close or disallow access to this UDPUser Datagram Protocol. UDP is a part of the TCP/IP family of protocols used for data transfer. UDP is typically used for streaming media. UDP is a stateless protocol, which means it does not acknowledge that the packets being sent have been received. port on the AP for packet capture purposes.

interactive

Start an interactive packet capture session between an AP and a client running a packet analyzer.

ap-name <ap-name>

Name of the AP.

ip-addr <ip-addr>

IP address of the AP.

ip6-addr <ip6-addr>

IPv6 address of the AP.

<filter-spec>

Packet Capture filter specification. See Usage Guidelines for details.

<target-ip>

IP address of the client running the packet analyzer.

<target-port>

UDPUser Datagram Protocol. UDP is a part of the TCP/IP family of protocols used for data transfer. UDP is typically used for streaming media. UDP is a stateless protocol, which means it does not acknowledge that the packets being sent have been received. port number on the client station where the captured packets are sent.

radio <0-1>

ID of the radio sending the packets

channel <channel>

(Optional or Applicable only in AMAir Monitor. AM is a mode of operation supported on wireless APs. When an AP operates in the Air Monitor mode, it enhances the wireless networks by collecting statistics, monitoring traffic, detecting intrusions, enforcing security policies, balancing wireless traffic load, self-healing coverage gaps, and more. However, clients cannot connect to APs operating in the AM mode. mode) Number of a radio channel to tune into to capture packets.

open-port <port>

(CPsecControl Plane Security. CPsec is a secure form of communication between a controller and APs to protect the control plane communications. This is performed by means of using public-key self-signed certificates created by each master controller.  Campus APsCampus APs are used in private networks where APs connect over private links (LAN, WLAN, WAN or MPLS) and terminate directly on controllers. Campus APs are deployed as part of the indoor campus solution in enterprise office buildings, warehouses, hospitals, universities, and so on. and Remote APsRemote APs extend corporate network to the users working from home or at temporary work sites. Remote APs are deplyed at branch office sites and are connected to the central network on a WAN link. only) Enable or allow access to this UDPUser Datagram Protocol. UDP is a part of the TCP/IP family of protocols used for data transfer. UDP is typically used for streaming media. UDP is a stateless protocol, which means it does not acknowledge that the packets being sent have been received. port on the AP for packet capture purposes.

pause

Pause a packet capture session.

ap-name <ap-name>

Name of the AP.

ip-addr <ip-addr>

IP address of the AP.

ip6-addr <ip6-addr>

IPv6 address of the AP.

<pcap-id>

ID of the PCAP session.

radio <0-1>

ID of the radio sending the packets

raw-start

Stream packets from the driver to a client running the packet analyzer.

ap-name <ap-name>

Name of the AP.

ip-addr <ip-addr>

IP address of the AP.

ip6-addr <ip6-addr>

IPv6 address of the AP.

<target-ip>

IP address of the client running the packet analyzer.

<target-port>

UDPUser Datagram Protocol. UDP is a part of the TCP/IP family of protocols used for data transfer. UDP is typically used for streaming media. UDP is a stateless protocol, which means it does not acknowledge that the packets being sent have been received. port number on the client station where the captured packets are sent.

radio <0-1>

ID of the radio sending the packets

channel <channel>

(Optional or Applicable only in AMAir Monitor. AM is a mode of operation supported on wireless APs. When an AP operates in the Air Monitor mode, it enhances the wireless networks by collecting statistics, monitoring traffic, detecting intrusions, enforcing security policies, balancing wireless traffic load, self-healing coverage gaps, and more. However, clients cannot connect to APs operating in the AM mode. mode) Number of a radio channel to tune into to capture packets.

maxlen <maxlen>

(Optional) Limit the length of 802.11802.11 is an evolving family of specifications for wireless LANs developed by a working group of the Institute of Electrical and Electronics Engineers (IEEE). 802.11 standards use the Ethernet protocol and Carrier Sense Multiple Access with collision avoidance (CSMA/CA) for path sharing. frames to include in the capture to a specified maximum.

resume

Resume a packet capture session.

ap-name <ap-name>

Name of the AP.

ip-addr <ip-addr>

IP address of the AP.

ip6-addr <ip6-addr>

IPv6 address of the AP.

<pcap-id>

ID of the PCAP session.

radio <0-1>

ID of the radio sending the packets.

stop

Stop a packet capture session.

ap-name <ap-name>

Name of the AP.

ip-addr <ip-addr>

IP address of the AP.

ip6-addr <ip6-addr>

IPv6 address of the AP.

<pcap-id>

ID of the PCAP session.

radio <0-1>

ID of the radio sending the packets

wired-start

Start a wired ethernet packet stream to an external viewer.

ap-name <ap-name>

Name of the AP.

ip-addr <ip-addr>

IP address of the AP.

ip6-addr <ip6-addr>

IPv6 address of the AP.

<target-ip>

IP address of the client running the packet analyzer.

<target-port>

UDPUser Datagram Protocol. UDP is a part of the TCP/IP family of protocols used for data transfer. UDP is typically used for streaming media. UDP is a stateless protocol, which means it does not acknowledge that the packets being sent have been received. port number on the client station where the captured packets are sent.

wired-stop

Halt a wired ethernet packet stream currently being sent to an external viewer.

ap-name <ap-name>

Name of the AP.

ip-addr <ip-addr>

IP address of the AP.

ip6-addr <ip6-addr>

IPv6 address of the AP.

<target-ip>

IP address of the client running the packet analyzer.

<target-port>

UDPUser Datagram Protocol. UDP is a part of the TCP/IP family of protocols used for data transfer. UDP is typically used for streaming media. UDP is a stateless protocol, which means it does not acknowledge that the packets being sent have been received. port number on the client station where the captured packets are sent.

Usage Guidelines

These commands direct an AP to send Wi-FiWi-Fi is a technology that allows electronic devices to connect to a WLAN network, mainly using the 2.4 GHz and 5 GHz radio bands. Wi-Fi can apply to products that use any 802.11 standard. packet captures to a client packet analyzer utility such as Airmagnet, Wireshark and so on, on a remote client.

Before using these commands, you need to start the packet analyzer utility on the client and open a capture window for the port from which you are capturing packets. The packet analyzer cannot be used to control the flow or type of packets sent from APs.

The packet analyzer processes all packets. However, you can apply display filters on the capture window to control the number and type of packets being displayed. In the capture window, the time stamp displayed corresponds to the time that the packet is received by the client and is not synchronized with the time on the AP.

Filter specification (used in ap packet-capture interactive) supports the following:

type (beacon/rts/cts/data/ack/ctrl/mgmt/all)

sta (mac address)

bss (mac address)

da (mac address)

sa (mac address)

dir (tods, fromds)

retry (1, 0)

frag (1, 0)

wep (1, 0)

Filter spec examples:

(type eq beacon) or ((sta eq 000000010203) and (dir eq tods))

(type == data) && ((sta = 000000010203) || (sta == 000000010203))

(type != beacon)

(wep nq 1)

(type eq all)

Examples

The following command starts a raw packet capture session for the AP ly115 on radio 0, and sends the packets to the client at 10.64.102.4 on port 5000.

(host) [mynode] (config) #ap packet-capture raw-start ap-name ly115 10.64.102.4 5000 0 radio 0

Packet capture has started for pcap-id:1

The following commands start an interactive packet capture session for the AP ap1.

#ap packet-capture open-port 5555

#ap packet-capture interactive ap-name ap1 "type eq all" 192.168.0.3 5555 radio 0

 

The output of the command in the example below displays packet capture session statistics for the AP ap1. In this example, the output has been divided into multiple sections to better fit on the pages of this document. In the actual CLICommand-Line Interface. A console interface with a command line shell that allows users to execute text input as commands and convert these commands to appropriate functions., it will appear in a single, long table.

#show ap packet-capture status ap-name ap1

 

Packet Capture Sessions at ap1, IP 10.3.44.167

----------------------------------------------

pcap-id filter type intf channel max-pkts

------- ------ ---- ---- ------- --------

1 type eq all interactive 6c:f3:7f:ba:65:70 153 0

 

 

max-pkt-size num-pkts status url target Radio ID

------------ -------- ------ ------ ------

65536 3759 in-progress 192.168.0.3/5555 0

Related Commands

Command

Description

vlan

To view the status of outstanding packet capture sessions.

Command History

Release

Modification

ArubaOS 8.0.0.0

Command Introduced.

Command Information

Platforms

License

Command Mode

All platforms

Base operating system.

Works in Access Point, AMAir Monitor. AM is a mode of operation supported on wireless APs. When an AP operates in the Air Monitor mode, it enhances the wireless networks by collecting statistics, monitoring traffic, detecting intrusions, enforcing security policies, balancing wireless traffic load, self-healing coverage gaps, and more. However, clients cannot connect to APs operating in the AM mode., and Spectrum Monitor modes on all AP models in enable mode.

/*]]>*/