Meraki

Community

Feature request AP local packet capture inside site survey mode

GIdenJoe
Kind of a big deal
Kind of a big deal
‎Jun 19 2023 10:25 AM
‎Jun 19 2023 10:25 AM

Feature request AP local packet capture inside site survey mode

Wi-Fi standards change quickly and after some time your measurement devices can still do wireless surveys for design and tweaking, however when a new Wi-Fi standard comes out you can't capture the newest frame types since you need hardware to support it.

 

Usually AP hardware is quite quick to come to market to support the new standards.

 

At this time I'm using an Ekahau Sidekick 1 since we only have that for about 3 years now.  That device can still be used to measure RF energy (site surveys).  However since the chips inside those devices ship with two 802.11ac NIC's inside you cannot capture 802.11ax traffic.  You could say, just upgrade to the Sidekick 2 which would be correct.  But that takes a long time of nagging in my company and presenting of usecases before they will finally invest that 4k for the new device 😉  And then when we have that device after a few years the Wi-Fi 7 (802.11be) standard will be out and I will once again not be able to capture those frames.

 

Wouldn't it be awesome that outside of the regular dashboard based packet captures we can do on AP's (which cannot capture frames coming from that same AP btw) we would be able to do local packet captures with a mobile AP connected to a small PoE switch and a laptop with wireshark?

 

We wouldn't have to worry about the dashboard not taking that giant amount of traffic and then having to download it via the internet and everytime a new standard comes out we can just use the newest AP to perform such packet capturing for troubleshooting purposes and education of the new frametypes and information elements.

 

Of course this would make sense to add this feature to the site survey mode of an AP since it has to be able to be booted offline.  And then of course the site survey mode should be stable and without bugs!

5 Replies 5
PhilipDAth
Kind of a big deal
Kind of a big deal
‎Jun 19 2023 1:38 PM
‎Jun 19 2023 1:38 PM

Yeah, something on the local status page.  And the same on switches and MXs.  I'm not thinking of your case so much, but general diagnostic capabilities.

0 Kudos
TBHPTL
A model citizen
‎Jun 19 2023 6:44 PM
‎Jun 19 2023 6:44 PM

The ESK-1 is  802.11ax (esque).... the ESK-2 is 802.11ax with 6GHz

 

Ekahau Sidekick® https://www.ekahau.com/wp-content/uploads/2020/05/Ekahau-Sidekick-Data-Sheet-2.pdf

management frames,  probes, and beacons are what really matter. 5 GHz is 5GHz amd the basic rates are the basic rates...

 

0 Kudos
In response to TBHPTL
GIdenJoe
Kind of a big deal
Kind of a big deal
‎Jun 19 2023 11:23 PM
‎Jun 19 2023 11:23 PM

Not exactly.  The sidekick 1's two NIC's are 802.11ac and can thusly not capture HE-frames but only up to VHT.

If you ever wanted to capture a phone call wirelessly just to see if WMM tags are applied correctly in both directions you can't if your client and AP are having an 802.11ax communication.

Even without the ability to see inside the frame due to lack of full frame captures on the sidekick you can still gues which frames are from a phonecall by the size and frequency of those frames.

 

Troubleshooting goes beyond the OFDM-based management frames and could be solved if for example an AP can do the capture.

 

Having said that if you DO have a Meraki controller AP on the network that is online to the dashboard you could theoretically have a copy of the session keys.  Would it be possible in that case to be able to decrypt those frames?  Hmm but that's beyond me both technically and legally since decrypting traffic is not something you should do outside of pure troubleshooting.

0 Kudos
In response to GIdenJoe
TBHPTL
A model citizen
‎Jun 20 2023 5:56 AM
‎Jun 20 2023 5:56 AM

Management frames arent encrypted unless u are using 802.1w .... Keys really only matter if you are doing 802.1X you wuld need the 4 way handshake as well as a wired packet capture.. anyone can decrypt PSK (WPA2) with enough time

0 Kudos
In response to TBHPTL
GIdenJoe
Kind of a big deal
Kind of a big deal
‎Jun 20 2023 9:46 AM
‎Jun 20 2023 9:46 AM

I don't think you're understanding what I'm trying to say 😉
I'm clearly wanting to be able to troubleshoot dataframes just to see if the endpoints and the applications are being correctly tagged.  If RU's are effectively being used etc...

 

I know I can decrypt WPA2 personal frames if I catch the 4 way handshake of the client.  But that's not what I mean.  I mean since the AP's work together anyway it should be theoretically possible to have the AP's that share the PTK and GTK between each other so you can always have unencrypted frames for troubleshooting of course.

0 Kudos
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels
© 2024 Cisco Systems, Inc.