I took the following instruction from the Help Guide.
Remote Packet Sniffer
(This option is unavailable on Aerohive switches.) You can configure a device to accept connections from remote Wireshark packet sniffers to capture packets for troubleshooting network issues. The system from which you intend to perform packet sniffing must be running Windows and have Wireshark, a free packet analyzer, already installed. The following steps explain how to use HiveManager and the CLI to configure a device to permit packet sniffing, how to configure Wireshark to connect to the remote device to capture packets and then view the packet contents in detail.
Configuring the Device
Enter the following to configure a device to accept connection requests from a device running Wireshark:
- Click Configuration > All Devices > device > Utilities > Diagnostics > Remote Sniffer.
Click Monitor > All Devices > device > Utilities > Diagnostics > Remote Sniffer.
- In the Remote Sniffer dialog box that appears, enter the following, and then click Save:
Enable remote sniffer: (select)
User Name: Enter the same user name here that Wireshark submits when connecting to the device.
Password: Enter the same password that Wireshark submits when connecting to the device.
Port: Enter the port number on which the device listens for connection attempts from remote packet sniffers.
Sniffer Host Name/IP Address: Enter the IP address or domain name from which the device allows connections for packet sniffing.
Enable WiFi interfaces to operate in promiscuous mode when packet capturing: Select if you want the WiFi interfaces to operate in promiscuous mode during packet capturing. (When an interface operates in promiscuous mode, it processes all traffic it receives rather than only the frames addressed to it. Note that this increased level of processing will increase the CPU load and might negatively affect performance. By default, promiscuous mode is disabled.)
Enter the following to configure Wireshark so that it can connect to the device and begin packet sniffing:
- Click Start > All Programs > Wireshark > Capture > Options.
- In the Wireshark Capture Options dialog box that appears, enter the following, and then click Start:
In the Wireshark Remote Interface dialog box that appears, enter the following, and then click OK:
Host: Enter the IP address of the device.
Port: Enter the port number on which the device listens for remote sniffers to connect to it. This must be the same port number that you previously set on the device.
Password authentication: (select)
Username: Enter the user name that Wireshark submits when connecting to the device.
Password: Enter the password that Wireshark submits when connecting to the device.
Interface: From the interface drop-down list, choose the interface that you want to sniff:
- Only the AP300 series has dual Ethernet interfaces and the AP110 can use only one wifi interface at a time.
- After you click Start, summaries of the captured packets begin appearing in the Wireshark packet list pane. Click a particular packet summary to view its contents in the packet details pane. You can then expand various sections of the packet to drill down to see contents of the selected section in detail.
Stopping Remote Packet Sniffing
To stop packet sniffing in Wireshark, click Capture > Stop.
To disable the support of remote packet sniffing on a device through HiveManager, do either of the following:
Click Configuration > All Devices > device > Utilities > Diagnostics > Remote Sniffer, clear Enable remote sniffer, and then click Save.
Click Monitor > All Devices > device > Utilities > Diagnostics > Remote Sniffer, clear Enable remote sniffer, and then click Save.
"Can't get list of interfaces. The host is not in the allowed host list. Connection refused."
The following is my structure:
1- Aerohive AP with static ip 220.127.116.11 gateway 18.104.22.168 configured with remote sniffer as below:
exec capture remote-sniffer user <admin> <pass> host-allowed <22.214.171.124> local-port 5554 promiscuous
2- Router with static ip 126.96.36.199 start ip range 188.8.131.52 end ip range 184.108.40.206
3- Server with static ip 220.127.116.11 gateway 18.104.22.168 with wireshark installed
Router connects Aerohive AP and Server
after the above, an error message mentioned above resulted. Please help.
from Aerohive side you have to put the capture machine[wireshark] IP
if you [capture machine] are behind a firewall using nat, your capture machine will need a static nat entry as opposed to pat.