How can wireless packets be captured from APs in Standalone mode?

Options
Zyxel_Judy
Zyxel_Judy Posts: 944  Zyxel Employee
First Anniversary 10 Comments Friend Collector First Answer
edited April 25 in Other Topics

This FAQ applies to Wi-Fi 6 models with firmware versions older than 6.70, Wi-Fi 5 models and small business models such as the NWA50AX, NWA90AX, NWA55AXE, NWA50AX PRO, and NWA90AX PRO.

Scenario

An IT engineer want to monitor wireless traffic to make sure the entire flow when a wireless station connecting to an SSID.

Typology

image.png

Prerequisite

  • Since the listed Access Point (AP) above cannot capture the wireless frames it transmits, if there is only one AP in the network, an additional AP is required to capture the wireless frames.
    • Service AP: This is the AP that needs monitoring.
    • Monitor AP: This AP listens and monitors the communication between the Service AP and devices, such as a phone.
  • Ensure that both APs are set to the same radio frequency, channel width, and channel to capture packets effectively. For instance, set both APs to use the 5GHz radio frequency, a channel width of 20 MHz, and channel 36. This configuration ensures that the packet capture is comprehensive.

Configuration

In both Service AP and Monitor AP

  • Configuration > Object > AP Profile > Radio > Fix the radio, channel width and channel.
image.png
  • Configuration > Wireless > AP Management > Apply SSID and radio for 2 APs.
image.png

In the Monitor AP

  • Maintenance > Diagnostics > Remote captures > Remote capture > Input Server Port as 2002 and click Start
image.png

In the laptop where Wireshark has already installed inside

  • Click the “Capture” button on the dashboard, or the gear icon on the menu bar.
image.png
  • Click “Manage Interfaces” button on the pop-up window.
image.png
  • Move to the third tab “Remote Interface”, and then click the + plus icon on it.
image.png
  • Type the IP address of the Monitor AP and the port number (Zyxel set default as port 2002) > Press “OK
image.png
  • Select the interface(radiotap0 = 2.4GHz radio interface, radiotap2 = 5GHz radio interface), and then press OK and Start
image.png
image.png

After completing the packet capture, the packet file can be analyzed to review the captured information.

Note

There are some other interfaces, such as “eth0” represents Uplink and LAN port interface, and wlan-1-1 is the interface of the first SSID in 2.4GHz radio.

Be a Community MVP: Win a VIP Deal Dash on Your Next Zyxel Purchase!

Categories

EnglishTiếng ViệtРусскийไทย中文(台灣)