Help
Wireless Controller
Dedicated Wi-Fi control and management for high density and mobility
mp2
Staff
Staff

Created on ‎06-01-2020 10:38 PM

Article Id 198460

Technical Tip: Setup FortiAP as sniffer to collect air packet capture

Description
This document describes how to configure FortiAP as a sniffer to collect air packet capture.

Related links.
https://docs.fortinet.com/product/wireless-controller/8.5
Page# 502: https://fortinetweb.s3.amazonaws.com/docs.fortinet.com/v2/attachments/f8902d66-dfb2-11e9-8977-005056...

Solution
Below steps explain how to collect Wireless captures using the nearest sibling AP.
The sniffing FortiAP has to be near by the problem client and its associated AP within -60 dbm RSSI for better results.

1) Need to remove the ess-profile/vap entries from the sniffer FortiAP before starting the capture.
2) Commands to enable the sniffer:
wlc#conn ap <ap-id>
ap-id>sniff destport 9177
ap-id>sniff destmode l3
ap-id>sniff destaddr                     <----- IP of the PC with Wireshark. 
ap-id>sniff enable on all
3) Once capture is completed, stop the sniffer on the FortiAP by executing the below command.
ap-id>sniff enable off all
Note.
After getting the captures, make sure to disable the sniffer and add the initially removed ess-ap-table entries back on the sniffer FortiAP.

From GUI.
Before starting the FortiAP packet capture, remove the ess-profile/VAP from the sniffer FortiAP.

Go to Configuration -> Devices -> AP Packet Capture and add a profile.




864
0 Kudos
Submit Article Idea
Contributors
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.