Wired Packet Capture

Wired Packet Capture (requires 0.5.x or newer firmware)

Wireless packet captures are helpful when trying to dissect and dig down into the root cause of any wireless issue between a client and AP.  You can determine if packets being sent are actually reaching their destination as well as identify if packets are corrupted.  

With our enhanced packet capture flow, we are introducing the ability to capture packets on the wired side of your network as well.  This data is captured from the Eth0 port of your AP, and will examine the packets between the AP and the rest of your wired network. This includes any RADIUS, DHCP, or DNS servers you have set up.  With this expanded range of visibility, network admins now have the ability to capture the wired side packets to debug issues with servers on their own network. For example, with wired packet captures we can see the AP send DHCP requests.  If no DHCP responses are coming back then we can then pinpoint the DHCP server as the culprit behind the failing connection attempts in the network.

Please navigate to Network > Packet Captures to start your capture.  NOTE: Currently we only have the ability to capture either Wireless OR Wired packets.  Simultaneous capture of both is not yet available at the moment.

The capture configuration allows you to adjust the packet capture settings by specifying the number of packets captured (if set to 0, then there will be no limit), duration of the capture, as well as the maximum packet length.  Select the Access Point you wish to capture packets for. If none are selected, then the packets on all APs will get captured.

The wired PCAP uses TCP Dump (a packet analyzer tool) on the AP side to retrieve data.  Use the TCP Dump Expression Builder provided on our UI to fill in your desired fields. The TCP Dump expression will be automatically generated for you at the page.  Feel free to directly edit this expression if you are familiar with the TCP dump formatting.

NOTE: You may have noticed that the expression builder automatically inputs “vlan” regardless of if you entered a VLAN or not.  This is the intended behavior. If you are editing the expression directly, please do not remove “vlan” as this may cause trouble for the packet capture.

Select Start Capture and your packet capture will appear on this page in a list format for you to download and examine using Wireshark. 

Please refer to this page to make sure your Wireshark client is set up to properly open PCAP files: https://www.mist.com/documentation/setting-wireshark-packet-captures