Remote Wireshark Ruckus Wifi
by Jeff on January 5th, 2016 4 Comments »
Capture packets in wireshark from the rpcacp://[IP]/any interface


    Jan Fuchs says:

    Can you tell me how to put the wlan interface into “monitor” (mon) mode on a Ruckus AP (esp. R710)?

    negeric says:

    You should not have to explicitly put an interface into monitor mode. Each WLAN interface should have a monitor interface associated. What is the output of the get wanlist command?

    Jan Fuchs says:

    Thanks for the reply!
    There is no “MON” interface on my R710.
    The request output of a R710 (Version:

    rkscli: get wlanlist
    name status type wlanID radioID bssid ssid
    svcp down AP wlan0 0 00:00:00:00:00:00 Wireless1
    home down AP wlan1 0 00:00:00:00:00:00 Wireless2
    rcks down AP wlan2 0 00:00:00:00:00:00 Wireless3
    mdfx down AP wlan3 0 00:00:00:00:00:00 Wireless4
    wlan4 down AP wlan4 0 00:00:00:00:00:00 Wireless5
    wlan5 down AP wlan5 0 00:00:00:00:00:00 Wireless6
    wlan6 down AP wlan6 0 00:00:00:00:00:00 Wireless7
    wlan7 down AP wlan7 0 00:00:00:00:00:00 Wireless8
    recovery-ssid up AP wlan102 0 38:ff:36:xx:xx:xx island-xxxxxx
    wlan8 down AP wlan8 1 00:00:00:00:00:00 Wireless9
    wlan9 up AP wlan9 1 38:ff:36:xx:xx:xx Wireless10
    wlan10 down AP wlan10 1 00:00:00:00:00:00 Wireless11
    wlan11 down AP wlan11 1 00:00:00:00:00:00 Wireless12
    wlan12 down AP wlan12 1 00:00:00:00:00:00 Wireless13
    wlan13 down AP wlan13 1 00:00:00:00:00:00 Wireless14
    wlan14 down AP wlan14 1 00:00:00:00:00:00 Wireless15
    wlan15 down AP wlan15 1 00:00:00:00:00:00 Wireless16
    recovery-ssid up AP wlan103 1 38:ff:36:xx:xx:xx island-xxxxxx

    (MAC-Adresses were modified by me ;))

    negeric says:

    Interesting, we are using 7372 units and have a monitor on each radio.
    wlan100 down MON wlan100 0 00:00:00:00:00:00
    wlan101 down MON wlan101 1 00:00:00:00:00:00

    You can try to connect wireshark to wlan100 and wlan101 to see if it’s just hidden in the output.

