Add and Start a Packet Capture Session

Go to any of the following user interfaces:

  • Manage > Devices <select an IQ Engine AP > Utilities > Tools > Packet Capture

  • Manage > Client Monitor & Diagnosis > Packet Capture
  • ML Insights > Client 360 <optionally, select an active client > Utility > Packet Capture

    Note

    Note

    If a packet capture is initiated through Client 360 and an active client is selected, when the New Packet Capture window opens, the client's MAC address is prefilled in the Clients field, and the client's associated AP is preselected. Add other APs to the packet capture, as required.

Use this procedure to configure Packet Capture parameters and start a Packet Capture session.

Note

Note

After a session starts, package capture parameters cannot be modified.
  1. Select to add a new Packet Capture session.
  2. Select one or more target APs from the list. Optionally, narrow the list of APs displayed in the list using the Location filter or Search field.
  3. Configure the Packet Capture settings.
    Note

    Note

    If the target APs selected in step 2 include model types that support Enhanced Packet Capture and other model types that support basic Packet Capture, only the basic Packet Capture parameters are available for configuration.
    Table 1. Enhanced Packet Capture Settings
    Parameter Description
    Filter Settings
    Direction Filters packet capture on the basis of the direction of packet flow. Options are:
    • Both — Capture packets transmitted and received by the AP. This is the default value.
    • In — Capture packets received by the AP.
    • Out — Capture packets transmitted by the AP.
    Clients Filters packet capture on the basis of packets received from and transmitted to clients associated with the selected AP. Options are:
    • All — Capture packets from all clients. This is the default value.
    • Enter the MAC address of a specific client.
    • Initiate packet capture through ML Insights > Client 360 with an Active client selected, and the client's MAC address automatically appears in this field.
    Where has the client recently roamed? Provides the option to add to the Packet Capture session any APs involved in client roaming over the previous seven days.

    Select Update Selected APs. In the Select APs from Client Trail pop-up window, select one or more APs, then select OK.

    VLANs Filters packet capture on the basis of packet transmission over specific VLANs.

    Enter an individual VLAN ID or a range of VLAN IDs.

    Indicate a range with a hyphen. Separate VLAN entries with commas. Example: 2,4,5-10.

    Protocol Filters packet capture on the basis of protocol. Choose from the following options:
    • Any (default)
    • User defined

      Enter a value in the range of 0-255 representing the IP Protocol number in the Protocol field of an IPv4 header or the Next Header field of an IPv6 header. See IP Protocol Numbers for more information.

    • ICMP
    • ICMPv6
    • TCP
    • UDP
    • GRE
    • IPSec ESP
    • IPSec AH
    Wireless
    Band Filters packet capture on the basis of radio band.

    Select Band, then use the drop-down list to choose from of the following options:

    • All
    • 2.4 GHz
    • 5 GHz
    • 6 GHz
    Note: ExtremeCloud IQ automatically discovers the radio interface(s) on the target AP that support the selected radio band(s). If there is no radio on the AP to support the configured band, the packet capture session fails.
    Interface Filters packet capture on the basis of radio interface.

    Select Interface, then use the drop-down list to choose from of the following options:

    • All (default)
    • Radio 1
    • Radio 2
    • Radio 3
      Note: The Radio 3 option is not available for AP3000/AP3000X models.

      If target APs include AP3000/AP3000X and model types that do support the Radio 3 option, then the Radio 3 option is available. However, the capture result for the AP3000/AP3000X models' Wi-Fi 2 interface fails.

    WLANs Filters packet capture on the basis of the traffic over WLAN(s).

    Use the drop-down list to choose from of the following options:

    • Select Any to capture packets transmitted over any WLAN.
    • Select a pre-configured Broadcast Name associated with a Wireless Network SSID to capture packets from the specified WLAN.
    Filters Filters packet capture on the basis of network traffic functions.

    Select one or more of the following options:

    • Management
    • Control
    • Data
    • EAPOL
    • Beacons
    • Probes
    Wired
    Interface Filters packet capture on the basis of Ethernet port.

    Use the drop-down list to choose either:

    • eth0 (default)
    • eth1
    • All — At least one wired interface on each target AP must be enabled.
    Note: If a target AP has a disabled Ethernet port that is specified here, the packet capture for the interface fails.
    Filters Filters packet capture on the basis of protocol.

    Select one or more of the following options:

    • DHCP
    • Radius
    • LLDP
    • ARP
    • mDNS
    Capture Settings
    Duration Indicates the period of time after Start Capture is selected during which packets are captured. This option is enabled by default. Options are:
    • Enter a value in the range of 5-604800 seconds. The default value is 30 seconds. The capture operation continues until the specified duration has elapsed or until the maximum allowable size of captured packet data files for the platform is reached.

    • Deselect Duration to capture packets for an unspecified period of time. The capture operation continues until the maximum allowable size of captured packet data files for the platform is reached.
    Upload to CloudShark Indicates whether tar files containing PCAP files from packet capture operations on individual interfaces are uploaded to CloudShark. This option is enabled by default.
    Note: Uploading files to CloudShark requires an existing account.
    CloudShark API Token Specifies the API access token.

    Enter a value consisting of 32 hex characters (0-9, a-f).

    Table 2. Basic Packet Capture Settings
    Parameter Description
    Wireless
    Interface Filters packet capture on the basis of radio interface.
    • All (default)
    • Radio 1
    • Radio 2
    • Radio 3
      Note: Radio 3 is not available for AP3000/AP3000X models.
    Capture Settings
    Duration Indicates the period of time after Start Capture is selected during which packets are captured. This option is enabled by default. Options are:
    • Enter a value in the range of 5-604800 seconds. The default value is 30 seconds. The capture operation continues until the specified duration has elapsed or until a maximum of 100000 packets are captured.

    • Deselect Duration to capture packets for an unspecified period of time. The capture operation continues until a maximum of 100000 packets are captured.
    Upload to CloudShark Indicates whether tar files containing PCAP files from packet capture operations on individual interfaces are uploaded to CloudShark. This option is enabled by default.
    Note: Uploading files to CloudShark requires an existing account.
    CloudShark API Token Specifies the API access token.

    Enter a value consisting of 32 hex characters (0-9, a-f).

  4. Select Start Capture.
  5. After the configured packet capture session Duration has elapsed, select to refresh the capture session list and view the results of the latest session.