Regarding remote sniffer under Utilities ...

  • 1
  • Question
  • Updated 5 years ago
  • Answered

We are a school and utilize AeroHive (for now small deployment of two AP141 but I plan to do more as I see the power of the Hive).

So I have this one client, a netbook, that is transferring a lot of data comparative to other clients connected to the AP141. Does the 'remote sniffer' capability let me sniff what the packet header & loads are for this netwbook?

Thank you!
Photo of Takuya Sato

Takuya Sato

  • 10 Posts
  • 0 Reply Likes
  • thankful that Tier 1 resolved my mesh issue last night!

Posted 5 years ago

  • 1
Photo of Andrew MacTaggart

Andrew MacTaggart, Champ

  • 483 Posts
  • 86 Reply Likes
you pipe everything to wireshark on a remote station and then filter with wireshark for what you are looking for.

add ip of remote capture device
port 2002
make a user name
make a passwd

***you can select promiscuous mode, but if AP is a busy AP performance may suffer.

then in wireshark go to capture options

add remote interface
plugin AP ip port 2002
the username and passwd you created above

hide the interfaces you don't want to capture

and select the wifi0 or wifi1 interface you want to capture

then filter on client IP or Mac Address from wireshark filtering

you can color code wireshark for the different frame types as well
Photo of Takuya Sato

Takuya Sato

  • 10 Posts
  • 0 Reply Likes
Hi Andy,

THANK YOU for the thorough steps. AeroHive devices amaze me every time I learn of their buried capabilities! Amazing that they have promiscuous mode too as it usually is a hit-or-miss with NICs on the laptop so this is wonderful.

I'm a bit under the weather but as soon as I get back to school I'm going to try your instructions.

Again, appreciate you taking the time to give me the detailed instructions!