D-Link DWL-3600AP Users Manual - Page 125

Unified Access Point Administrator's Guide Packet Capture Configuration and Settings Packet File Capture In Packet File Capture mode the AP stores captured packets in the RAM file system. Upon activation, the packet capture proceeds until one of the following occurs: • The capture time reaches configured duration • The capture file reaches its maximum size • The administrator stops the capture During the capture, you can monitor the capture status, elapsed capture time, and the current capture file size. This information can be updated, while the capture is in progress, by clicking Refresh. Table 49 describes the fields to configure the packet capture status. Field Capture Interface Capture Duration Max Capture File Size Table 49: Packet File Capture Description Select an AP Capture Interface name from the drop‐down menu. AP capture interface names are eligible for packet capture are: • brtrunk ‐ Linux bridge interface in the AP • eth0 ‐ 802.3 traffic on the Ethernet port. • wlan0 ‐ VAP0 traffic on radio 1. • wlan1 ‐ VAP0 traffic on radio 2. • radio1 ‐ 802.11 traffic on radio 1. • radio2 ‐ 802.11 traffic on radio 2. Note: The DWL‐3600AP has only one radio. The available options on the DWL‐3600AP do not include wlan0 or radio1. Specify the time duration in seconds for the capture (range 10 to 3600). Specify the maximum allowed size for the capture file in KB (range 64 to 4096). Remote Packet Capture Remote Packet Capture allows you to specify a remote port as the destination for packet captures. This feature works in conjunction with the Wireshark network analyzer tool for Windows. A packet capture server runs on the AP and sends the captured packets via a TCP connection to the Wireshark tool. A Windows PC running the Wireshark tool allows you to display, log, and analyze captured traffic. When the remote capture mode is in use, the AP doesn't store any captured data locally in its file system. Your can trace up to five interfaces on the AP at the same time. However, you must start a separate Wireshark session for each interface. You can configure the IP port number used for connecting Wireshark to the AP. The default port number is 2002. The system uses 5 consecutive port numbers starting with the configured port for the packet capture sessions. If a firewall is installed between the Wireshark PC and the AP, these ports must be allowed to pass through the firewall. The firewall must also be configured to allow the Wireshark PC to initiate TCP connection to the AP. D-Link November 2011 Unified Access Point Administrator's Guide Page 125