Specifications

ManualsBrandsEnterasys ManualsComputer equipmentRoamAbout RBT-8100

521

522

523

524

525

526

527

528

529

530

Remotely Monitoring Traffic

RoamAbout Mobility System Software Configuration Guide A-19

Displaying Remote Traffic Monitoring Statistics

TheAPcollectsstatisticsfor packetsthatmatchtheenabledsnoopfiltersmappedtoitsradios.The

APretainsstatisticsforasnoopfilteruntilthefilterischangedordisabled.TheAPthenclearsthe

statistics.

Todisplaystatisticsforpacketsmatchingasnoopfilter,usethefollowingcommand:

show snoop stats [filter-name [dap-num [radio {1 | 2}]]]

Thefollowingcommandshowsstatisticsforsnoopfiltersnoop1:

RBT-8100# show snoop stats snoop1

Filter Dap Radio Rx Match Tx Match Dropped Stop-After

===============================================================================

snoop1 3 1 96 4 0 stopped

Preparing an Observer and Capturing Traffic

Toobservemonitoredtraffic,installthefollowingapplicationsontheobserver:

• EtherealorTetherealVersion0.10.8orlater

•Netcat(anyversion),ifnotalreadyinstalled

EtherealandTetherealdecode802.11packetsembeddedinTZSPwithoutanyconfiguration.

UseNetcattolistentoUDPpacketsontheTZSPport.Thisavoidsaconstant

flowofICMP

destinationunreachable messagesfromtheobserverbacktotheradio.YoucanobtainNetcat

throughthefollowinglink:

http://www.securityfocus.com/tools/139/scoreit

IftheobserverisaPC,youcan useaTclscriptinsteadofNetcatifpreferred.

1. Installtherequiredsoftwareontheobserver.

2. ConfigureandmapsnoopfiltersinMSS.

3. StartNetcat:

–OnLinuxorUnix,useacommandsuchasthefollowing:

nc -l -u -p 37008 ip-addr > /dev/null &

–OnWindows,use thefollowingcommand:

netcat -u -p 37008 -v -v

Whereip‐addristheIPaddressoftheDistributedAPtowhichthesnoopfilterismapped.(To

displaytheDistributedAP’sIPaddress,usetheshowdapstatuscommand.)

4. Startthecaptureapplication:

–ForEtherealcapture,useetherealfilterport37008.

–ForTetherealcapture,usetethereal‐Vport37008.



5. Disabletheoptiontodecrypt802.11payloads.BecausetheAPalwaysdecryptsthedatabefore 

sendingittotheobserver,theobserverdoesnotneedtoperformanydecryption.Infact,if

youleavedecryptionenabledontheobserver,thepayloaddatabecomesunreadable.

TodisablethedecryptionoptioninEthereal:

a. Inthedecodewindow,right‐clickontheIEEE802.11line.