Information About Packet Capture
To resolve issues such as voice and security on wireless networks, you might need to dump packets from the AP for analysis while the AP continues to operate normally. The packets can be dumped on to an FTP server. This process of dumping packets for analysis is called Packet Capture. Use the controller to start or stop packet capture for clients. You can choose the type of packets that need to be captured using the controller CLI from the following types:
-
Management Packets
-
Control Packets
-
Data Packets -
Dot1X
-
ARP
-
IAPP
-
All IP
-
UDP with matching port number
-
DHCP
-
TCP with matching port number
-
Multicast frames
-
Broadcast frames
-
The packets are captured and dumped in the order of arrival or transmit of packets except for beacons and probe responses. The packet capture contains information such as channel, RSSI, data rate, SNR, and timestamp. Each packet is appended with additional information from the AP. You can choose to dump either just packet headers or full packets.
-
If FTP transfer time is slower than the packet rate, some of the packets do not appear in the capture file.
-
If the buffer does not contain any packets, a known dummy packet is dumped to keep the connection alive.
-
A file is created on the FTP server for each AP based on unique AP and controller name and timestamp. Ensure that the FTP server is reachable by the AP.
-
If the FTP transfer fails or FTP connection is lost during packet capture, the AP stops capturing packets, notifies with an error message and SNMP trap, and a new FTP connection is established.