It is possible to use Cisco Aironet as wifi sniffer. The device can operate in monitor mode and sending packets to specified destination. This is implemented by WIDS (Wireless IDS?) protocol.
In this case, the packets were capturing using Wireshak. I configured access point to work in monitor mode and to send packets to my computer on address 192.168.51.24 and on 5555 port.
1 2 3 4 5 6 7 8 |
ap#config Configuring from terminal, memory, or network [terminal]? Enter configuration commands, one per line. End with CNTL/Z. ap(config)#interface dot11Radio 0 ap(config-if)#station-role scanner ap(config-if)#monitor frames endpoint ip address 192.168.51.24 port 5555 ap(config-if)#channel 6 |
Now device sends packets to my computer, I can launch Wireshark and see them. There is need to set proper packets decoding as CWIDS.
Additionally I set filters to only see traffic from the access point.
1 |
((udp.dstport == 5555) && (ip.proto == 17)) && !(icmp.code == 3) |
It is important to note, that the device is able to monitor only one channel in the same time, but channel can be easily changed:
1 |
ap(config-if)#channel 7 |