{"id":1,"date":"2017-03-03T09:00:52","date_gmt":"2017-03-03T09:00:52","guid":{"rendered":"http:\/\/mackenziewifi.com\/?p=1"},"modified":"2025-05-30T08:48:26","modified_gmt":"2025-05-30T08:48:26","slug":"aruba-iap-capture","status":"publish","type":"post","link":"http:\/\/mackenziewifi.com\/index.php\/2017\/03\/03\/aruba-iap-capture\/","title":{"rendered":"3 Stream 802.11ac Packet Capture with the Aruba IAP-225"},"content":{"rendered":"\n

Where does the future of 802.11 packet capture lie? <\/h2>\n\n\n\n

We are very familiar with performing 802.11 packet capture using USB wireless dongles as capture adaptors. The problem with USB adaptors is that they can only support up to 2 spatial streams due to limitations of the USB bus. With the advent of 3+ spatial streams APs, these USB dongles are no longer adequate capture adaptors. At the Wireless LAN Professionals Summit 2014, Jay Botelho, Director of Product Management, WildPackets, said that he sees capturing from access points as the future of 802.11 packet analysis. Capturing packets from an installed access point can provide an excellent approach for remote troubleshooting.  But how about using an access point as a capture adapter connected directly to your laptop? Below I will show a procedure I used for capturing packets directly from an Aruba IAP-225 into WildPackets OmniPeek.<\/p>\n\n\n\n

Setup<\/h2>\n\n\n\n

In the following example I have an Aruba IAP-225 running 6.3.1.0-4.0.0.0 connected directly to my laptop via an Ethernet cable. On my laptop I\u2019m running OmniPeek version 7.9.1.<\/p>\n\n\n\n

\"image\"\/<\/figure>\n\n\n\n

You will need to make sure you have configured an IP address on both the IAP-225 and your laptop. Test you have basic IP connectivity by pinging the access point from your laptop.<\/p>\n\n\n\n

Procedure<\/h2>\n\n\n\n

Currently packet capture on Aruba Instant APs can only be configured from the cli. So you will need to SSH or Console to the access point.<\/p>\n\n\n\n

1) First we need to determine the BSSID of the radio we are would like to capture on. To do this we type the command: show ap monitor status<\/em> . This command will display a whole wealth of information on the access point, but for this task we are only interested in the BSSID information shown in the figure below. We will see both the 2.4GHz and 5 GHz radio BSSIDs. Copy the BSSID for the radio you wish to capture from. For this example I\u2019m going to use the 2.4GHz radio 18:64:72:d3:d7:a0<\/p>\n\n\n\n

\"image\"\/<\/figure>\n\n\n\n

2) To start a packet capture on an Aruba IAP we use the following command:<\/p>\n\n\n\n

pcap start <BSSID> <IP of capture tool> <port> <format> <max packet size><\/em><\/p>\n\n\n\n

In this example I\u2019m going to capture from the 2.4Ghz radio 18:64:72:d3:d7:a0. The IP address of my laptop running OmniPeek is 192.168.0.10. I\u2019m going to use port 5000, but you could use any port.<\/p>\n\n\n\n

The format parameter is a number indicating the packet format. This allows you to send the packets in the correct format for the analyser of your choice. In this example I\u2019m using WildPackets OmniPeek, but options for analysis such as Wireshark or AirMagnet exist. The different options for this parameter are shown below:<\/p>\n\n\n\n

0 pcap, 1 peek, 2 airmagnet, 3 pcap radio, 4 ppi<\/p>\n\n\n\n

Because I\u2019m using OmniPeek I will choose 1 for peek format.<\/p>\n\n\n\n

 The last parameter is the maximum packet size, for this example I\u2019m going to use a value of 2346.  So for my example setup I would type:<\/p>\n\n\n\n

pcap start 18:64:72:d3:d7:a0 192.168.0.10 5000 1 2346<\/em><\/p>\n\n\n\n

\"image\"\/<\/figure>\n\n\n\n

Notice the pcap-id is shown in the resulting message (see above). This id will be used when we issue the command to stop the capture.  If you want the access point to capture both 2.4GHz and 5GHz traffic simultaneously then issue the pacp start command again but this time use the 5GHz radio BSSID.<\/p>\n\n\n\n

3) Next we need to start an Aruba Remote Adopter capture in OmniPeek. In OmniPeek select the \u2018New Capture\u2019 option from the Start Page. The Capture Options dialog will appear, on the Adapter tab choose \u2018Aruba Remote Adapter\u2019 and double click \u2018New Adapter\u2019<\/p>\n\n\n\n

\"image\"\/<\/figure>\n\n\n\n

Enter a name and the port number. In this example I\u2019m using port 5000. Click ok.<\/p>\n\n\n\n

\"image\"\/<\/figure>\n\n\n\n

Make sure your newly created Aruba adapter is selected and click ok<\/p>\n\n\n\n

\"image\"\/<\/figure>\n\n\n\n

When the capture window opens click \u2018Start Aruba Capture\u2019<\/p>\n\n\n\n

\"image\"\/<\/figure>\n\n\n\n

Your packets should now start to appear. Happy Analysis!<\/p>\n\n\n\n

\"image\"\/<\/figure>\n\n\n\n

4) When you have finished capturing remember to stop the capture on the access point.<\/p>\n\n\n\n

pcap stop 18:64:72:d3:d7:a0 1<\/p>\n\n\n\n

In this command the digit 1 is the pcap id, this was displayed when I started the capture.  If you can\u2019t remember the pcap id then you can use the command show pcap to see your current captures.<\/p>\n\n\n\n

\"image\"\/<\/figure>\n\n\n\n

If you started a capture from the 5 GHz radio, then you will need to stop this one too.<\/p>\n","protected":false},"excerpt":{"rendered":"

Where does the future of 802.11 packet capture lie?  We are very familiar with performing 802.11 packet capture using USB wireless dongles as capture adaptors. The problem with USB adaptors is that they can only support up to 2 spatial streams due to limitations of the USB bus. With the advent of 3+ spatial streamsContinue reading →<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[1],"tags":[],"class_list":["post-1","post","type-post","status-publish","format-standard","hentry","category-uncategorized","no-thumb"],"jetpack_featured_media_url":"","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"http:\/\/mackenziewifi.com\/index.php\/wp-json\/wp\/v2\/posts\/1","targetHints":{"allow":["GET"]}}],"collection":[{"href":"http:\/\/mackenziewifi.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/mackenziewifi.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"http:\/\/mackenziewifi.com\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"http:\/\/mackenziewifi.com\/index.php\/wp-json\/wp\/v2\/comments?post=1"}],"version-history":[{"count":2,"href":"http:\/\/mackenziewifi.com\/index.php\/wp-json\/wp\/v2\/posts\/1\/revisions"}],"predecessor-version":[{"id":33,"href":"http:\/\/mackenziewifi.com\/index.php\/wp-json\/wp\/v2\/posts\/1\/revisions\/33"}],"wp:attachment":[{"href":"http:\/\/mackenziewifi.com\/index.php\/wp-json\/wp\/v2\/media?parent=1"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/mackenziewifi.com\/index.php\/wp-json\/wp\/v2\/categories?post=1"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/mackenziewifi.com\/index.php\/wp-json\/wp\/v2\/tags?post=1"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}