[*] Packet Dump using AireOS

To resolve issues such as voice and security on wireless networks, you might need to dump packets from the AP for analysis while the AP continues to operate normally. The packets can be dumped on to an FTP server. This process of dumping packets for analysis is called Packet Capture.

Let's jump in:

config ap packet-dump ftp serverip 10.139.12.57 path / user bob pass 123456

config ap packet-dump classifier management enable
config ap packet-dump classifier ip enable
config ap packet-dump classifier arp enable
config ap packet-dump classifier control enable
config ap packet-dump classifier tcp enable    
config ap packet-dump classifier udp enable
config ap packet-dump classifier broadcast enable
config ap packet-dump classifier data enable    

(Cisco Controller) >show ap packet-dump status                        

Packet Capture Status............................ Stopped
FTP Server IP Address............................ 10.139.12.57
FTP Server Path.................................. /
FTP Server Username.............................. bob
FTP Server Password.............................. ********
Buffer Size for Capture.......................... 2048 KB
Packet Capture Time.............................. 10 Minutes
Packet Truncate Length........................... Unspecified
Packet Capture Classifier........................ 802.11 Management
Packet Capture Classifier........................ 802.11 Data
Packet Capture Classifier........................ 802.11 Control
Packet Capture Classifier........................ ARP
Packet Capture Classifier........................ IP
Packet Capture Classifier........................ Multicast
Packet Capture Classifier........................ Broadcast
 

config ap packet start xx:xx:xx:xx:xx:xx {mac-client} ap1600 {ap-name}
config ap packet-dump stop

The output is like this: http://pastebin.com/3WXU2PHF

Have fun with Tshoot!

.!!!!

.!.!. 

biOos