★ THE BLOG ★ Ramblings on WiFi & stuff.

How to Perform a PCAP with Aruba Instant AP

Estimated reading time: 1 minute, 7 seconds. Contains 224 words

So, this guy at WLAN Pros Conference says, “I wish I could do a packet capture on Aruba Instant”. This other guy says, “I don’t think they can do that”. I say, “Oh, yes, they can.” The other guy say, “Really? Are you sure?” And I say, “Absolutely. I think. Hold on.”

So, I proceed to login to my knowledge base, download, and then e-mail the first guy this PDF that PROVES - beyond a shadow of a doubt - that I am nobody’s fool!

I was wrong.

Wrong, wrong, wrong, wrong, wrong…

Or, so I thought! I sent him the wrong document. Turns out you CAN do pcap on Aruba Instant I just didn’t know that I didn’t know what I was talking about.

Anyways. here’s how it’s done. I stole it from Aruba AirHeads.

- - - - - - - - - - - - - - - - -

Make sure you’ve upgraded to the latest version of Instant OS so you can use the pcap command to do the wireless packet capture on the IAP.

Run the Aruba version of Wireshark on the PC, on the capture interface, select ARUBA udp-port=5555

SSH into IAP

Use “pcap start <base bssid> <ip address of PC with Aruba version of Wireshark installed> <port> 0 1518”

Use “show pcap” to check the active pcap session

Use “pcap stop <base bssid> <pcap-id> to stop the capture