Wireshark-users: Re: [Wireshark-users] Question on wireless sniffing and Cisco AP modes
On Apr 27, 2009, at 8:57 AM, Steven Pfister wrote:
I'm trying to learn a little about wireless troubleshooting. In
reading about the sniffer mode of Cisco APs, a lot of the Cisco
pages I've read say it requires Airopeek. But a Cisco Press book I'm
reading says "operates with an Omnipeek, Airmagnet, or Wireshark
server." Is there such a thing as a Wireshark server?
Perhaps there is, but nobody appears to have bothered to tell the
Wireshark core team about it. :-)
Googling for
omnipeek wireshark airmagnet cisco access point
found
http://www.cisco.com/en/US/docs/wireless/controller/5.0/configuration/guide/c5err.html
which says
Prerequisites for Wireless Sniffing
To perform wireless sniffing, you need the following hardware and
software:
o A dedicated access point—An access point configured as a sniffer
cannot simultaneously provide wireless access service on the network.
To avoid disrupting coverage, use an access point that is not part of
your existing wireless network.
o A remote monitoring device—A computer capable of running the
analyzer software.
o Windows XP or Linux operating system—The controller supports
sniffing on both Windows XP and Linux machines.
o Software and supporting files, plug-ins, or adapters—Your
analyzer software may require specialized files before you can
successfully enable sniffing:
–Omnipeek or Airopeek—Go to http://www.wildpackets.com and follow
the instructions to purchase, install, and configure the software.
–AirMagnet—Go to http://www.airmagnet.com/products/ea_cisco/#top
and follow the instructions to purchase, install, and configure the
software.
–Wireshark—Go to http://tools.cisco.com/support/downloads and
follow the instructions to download Wireshark and the correct
installation wizard for your operating system.
and then proceeds to talk about how to configure the access point -
but *not* how to configure the sniffer.
Perhaps they've modified Wireshark - or libpcap/WinPcap - to support
remote capture. Or perhaps, given that they mention setting the IP
address of the sniffing machine, they have a server process to which
the AP sends packets, and you have Wireshark capture from a named pipe
that provides access to that server.