This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

sniffer setup help needed

0

I'm trying to put together a sniff environment where wireless client hit a WAP, the waps wired ethernet port brings the traffic back to a port mirror switch for me to look at. Does anyone know how to get a WAP to stop "local switching" (the wap seems to switch the local traffic and only allows traffic destined to a different network to come over the wired port. I want to see everything). Once I'm at the wired switch, wireshark can do its thing.

thnx

asked 02 Apr '12, 12:51

wakelt's gravatar image

wakelt
13101013
accept rate: 0%

That's not so much a Wireshark question but a WAP configuration question, like how to setup a monitor port on a switch. Without make and model this is rather fruitless.

(02 Apr '12, 23:49) Jaap ♦

The WAP is a Cisco/Linksys WAP610N, and yes this is more of a packet capture environment question. I figured Wireshark folks would be the experts in setting up an environment.

I guess the crux of my question is, can a WAP (any WAP device) be configured to not "switch" local wireless traffic and simply act as a mux and forward the traffic on to another device that would actually perform the switching ??? If not a WAP device, what device could I use as a wireless mux/demux ? Specific device recommendations welcome.

thanks,wk

(03 Apr '12, 05:31) wakelt

One Answer:

0

Maybe you could use a Wireless LAN Controller and a dumb Access Point and port mirror the WLC, it might just pose a whole new array of questions though.. A WLC should handle most of the traffic of an AP , what exactly are you hoping to find?

answered 05 Apr '12, 01:20

Marc's gravatar image

Marc
147101316
accept rate: 27%

Not sure what you mean by a "dumb access point" ?? If there is an access point that doesn't do any "local wireless switching", and simply forwards ALL wireless traffic on the wired side of the wap so a wired switch could perform the forwarding (and mirroring to a sniffer port, then I'd be most interested in a pointer to such a wap.

I want to capture ALL wireless and wired traffic in a network in a single sniff. We can't guarantee that all traffic will be wireless, so we to be prepared to capture wireless and wired traffic hitting a single switch. I am hoping to find a "really dumb wap" that forwards ALL rx'd wireless traffic upstreamed in wired fashion so I can have a single sniff point.

(05 Apr '12, 08:18) wakelt

I think by dumb he means an access point that is no smarter than a hub. All it could do is the physical later stuff thus requiring a switch to control it. I've worked with some rather dumb access points in a past job and honestly it has never occurred to me if the AP handles the local traffic or not on it's own. I'm pretty sure all the modern Cisco stuff will switch locally and I doubt you will be able to do much of any configuration on anything Linksys. Only suggestion I have, if this is just for testing purposes, is to setup a wireless network using a computer and perform the capture there.

(06 Apr '12, 08:33) networkguy09