Remote Wireshark Ruckus Wifi
Remote Wireshark Ruckus Wifi
by Jeff on January 5th, 2016 4 Comments »
 , ,

http://wlanimp.blogspot.com/2014/04/capturing-80211-frames-with-ruckus.html

Capture packets in wireshark from the rpcacp://[IP]/any interface

  • Jan Fuchs

    Can you tell me how to put the wlan interface into “monitor” (mon) mode on a Ruckus AP (esp. R710)?

    • negeric

      You should not have to explicitly put an interface into monitor mode. Each WLAN interface should have a monitor interface associated. What is the output of the get wanlist command?

      • Jan Fuchs

        Thanks for the reply!
        There is no “MON” interface on my R710.
        The request output of a R710 (Version: 100.2.1.0.148):

        rkscli: get wlanlist
        name status type wlanID radioID bssid ssid
        ————————————————————————————————–
        svcp down AP wlan0 0 00:00:00:00:00:00 Wireless1
        home down AP wlan1 0 00:00:00:00:00:00 Wireless2
        rcks down AP wlan2 0 00:00:00:00:00:00 Wireless3
        mdfx down AP wlan3 0 00:00:00:00:00:00 Wireless4
        wlan4 down AP wlan4 0 00:00:00:00:00:00 Wireless5
        wlan5 down AP wlan5 0 00:00:00:00:00:00 Wireless6
        wlan6 down AP wlan6 0 00:00:00:00:00:00 Wireless7
        wlan7 down AP wlan7 0 00:00:00:00:00:00 Wireless8
        recovery-ssid up AP wlan102 0 38:ff:36:xx:xx:xx island-xxxxxx
        wlan8 down AP wlan8 1 00:00:00:00:00:00 Wireless9
        wlan9 up AP wlan9 1 38:ff:36:xx:xx:xx Wireless10
        wlan10 down AP wlan10 1 00:00:00:00:00:00 Wireless11
        wlan11 down AP wlan11 1 00:00:00:00:00:00 Wireless12
        wlan12 down AP wlan12 1 00:00:00:00:00:00 Wireless13
        wlan13 down AP wlan13 1 00:00:00:00:00:00 Wireless14
        wlan14 down AP wlan14 1 00:00:00:00:00:00 Wireless15
        wlan15 down AP wlan15 1 00:00:00:00:00:00 Wireless16
        recovery-ssid up AP wlan103 1 38:ff:36:xx:xx:xx island-xxxxxx

        (MAC-Adresses were modified by me ;))

        • negeric

          Interesting, we are using 7372 units and have a monitor on each radio.
          wlan100 down MON wlan100 0 00:00:00:00:00:00
          wlan101 down MON wlan101 1 00:00:00:00:00:00

          You can try to connect wireshark to wlan100 and wlan101 to see if it’s just hidden in the output.