How to Capture Packets from a Cisco Lightweight AP in Sniffer Mode

Put the AP in Sniffer Mode

1. Log into the WLC

2. Click Wireless and select the AP from which to capture packets

3. Change the AP Mode to Sniffer

4. Click Apply

This will reboot the AP

Configure Sniffer Properties

1. Navigate to Wireless > Access Points > 802.11a/n/ac (or 802.11b/g/n for 2.4)

2. Hover over the blue drop down arrow to the right of the Sniffer Mode AP and click Configure

1. You can search for it by AP Name if you have a lot of APs.

3. Check the box next to Sniff under Sniffer Channel Assignment

4. Set the Channel

• (Channel 100 in this example)

5. Set the Server IP Address of a computer that will run Wireshark

• (10.150.60.46 is the ip address of my computer that is running Wireshark)

6. Click Apply

Configure Wireshark

1. Open Wireshark and configure a capture filter for udp port 5555

2. Select the Local Area Connection (or whatever NIC is configured as the Server IP Address in the Sniffer Mode AP section)

3. Click Start

4. Click Analyze > Decode As

5. Click the plus sign and set “Field” to UDP Port, “Value” to 5555, and “Current” to PEEKREMOTE for UDP 5555

6. Click OK

S