How can wireless packets be captured from APs managed by a Controller?

Zyxel_Judy
Zyxel_Judy Posts: 1,579  Zyxel Employee
Zyxel Certified Network Engineer Level 2 - Nebula Zyxel Certified Network Engineer Level 2 - Switch Zyxel Certified Network Engineer Level 2 - Security Zyxel Certified Network Engineer Level 1 - Nebula
edited May 6 in Other Topics

This FAQ applies to Wi-Fi 6 models with firmware versions older than 6.70, Wi-Fi 5 models and small business models such as the NWA50AX, NWA90AX, NWA55AXE, NWA50AX PRO, and NWA90AX PRO.

Scenario

An IT engineer want to monitor wireless traffic to make sure the entire flow when a wireless station connecting to an SSID.

Typology

image.png

Prerequisite

  • Since the listed Access Point (AP) above cannot capture the wireless frames it transmits, if there is only one AP in the network, an additional AP is required to capture the wireless frames.
    • Service AP: This is the AP that needs monitoring.
    • Monitor AP: This AP listens and monitors the communication between the Service AP and devices, such as a phone.
  • Ensure that both APs are set to the same radio frequency, channel width, and channel to capture packets effectively. For instance, set both APs to use the 5GHz radio frequency, a channel width of 20 MHz, and channel 36. This configuration ensures that the packet capture is comprehensive.

Configuration

In Controller

  • Configuration > Object > AP Profile > Radio > Fix the radio, channel width and channel.
image.png
  • Configuration > Wireless > AP Management > AP Group > Apply SSID and radio for 2 APs.
image.png
  • Maintenance > Diagnostics > Packet capture > Remote captures > Remote capture > Select the Monitor AP > Click Query > Input Server Port as 2002 and click Start
image.png

In the laptop where Wireshark has already installed inside

  • Click the “Capture” button on the dashboard, or the gear icon on the menu bar.
image.png
  • Click “Manage Interfaces” button on the pop-up window.
image.png
  • Move to the third tab “Remote Interface”, and then click the + plus icon on it.
image.png
  • Type the IP address of the Monitor AP and the port number (Zyxel set default as port 2002) > Press “OK
image.png
  • Select the interface(radiotap0 = 2.4GHz radio interface, radiotap2 = 5GHz radio interface), and then press OK and Start
image.png
image.png
  • Allow the wireless client to connect to the SSID and capture packets for several minutes. Then, click "Stop" in the Wireshark tool to end the packet capture.

After completing the packet capture, the packet file can be analyzed to review the captured information.

Note

There are some other interfaces, such as “eth0” represents Uplink and LAN port interface, and wlan-1-1 is the interface of the first SSID in 2.4GHz radio.

Untitled Image

Share your feedback through our survey, make your voice heard, and win a WiFi 7 AP!

https://bit.ly/2024_Survey_Community

Categories

EnglishTiếng ViệtРусскийไทย中文(台灣)