Remote capture using linux

  • 1
  • Question
  • Updated 6 months ago
Hi all.... Does anyone already implemented a remote capture for linux using the sniffer mode available on Ruckus AP's? Using wireshark on windows I have the "Remote Interfaces" feature... However, I need to perform a capture using linux command line (ex. tcpdump, tshark, or similar). I already tried the rpcap for linux but this is not working.
I'm using the standalone AP R730 without controller.






Photo of Óscar Leal

Óscar Leal

  • 4 Posts
  • 0 Reply Likes

Posted 6 months ago

  • 1
Photo of Syamantak Omer

Syamantak Omer, Official Rep

  • 276 Posts
  • 103 Reply Likes
Hi Oscar,

All Ruckus APs supports remote streaming capture feature but running tcpdump is not available.
You can access standard CLI called "rkscli" over SSH, which is on top of linux, but shell access to any Ruckus AP is not available for consumers. It is limited to Ruckus engineering and Ruckus support.

Regards,
Syamantak Omer
Photo of Óscar Leal

Óscar Leal

  • 4 Posts
  • 0 Reply Likes
Hi @Syamantak Omer,

Thanks for your answer. I have SSH access, can I use "rkscli" on my device to enable the capture? 
Today I'm using the following CLI commands to enable a stop the capture.
- set capture wlan100 stream (start)
- set capture wlan100 idle (stop)

With Windows I'm able to receive the packets, however, using linux I'm not able to receive the packets.

Thanks.
Photo of Syamantak Omer

Syamantak Omer, Official Rep

  • 212 Posts
  • 78 Reply Likes
Hi Oscar,

"rkscli" is the name of the CLI prompt, it is not a command.

To start the captures over the radio, please refer below commands.

For 5 G OTA

- set capture wifi1 stream (start)
- set capture wifi1 idle (stop)

For 2.4 G OTA
 
- set capture wifi0 stream (start)
- set capture wifi0 idle (stop)

Regards,
Syamantak Omer
Photo of Óscar Leal

Óscar Leal

  • 4 Posts
  • 0 Reply Likes
Hi Syamantak,

I know how to enable the captures :)

I just need to undestand how to receive the captures on linux. Do you have a solution for me?
Photo of Sanjay Kumar

Sanjay Kumar, Employee

  • 163 Posts
  • 64 Reply Likes
Hi Oscar,

This probably might help you:

1. From the linux machine, SSH into the AP.
2. Run a tcpdump from the CLI for the interface you want.
3. Save the logs in a pcap format.
4. Export the file to the local system via a FTP server.

Note: TCPDUMP command has to be run from the AP shell mode, you need to contact our support team to get this done.
Photo of Óscar Leal

Óscar Leal

  • 4 Posts
  • 0 Reply Likes
Hi,

Thanks for your support.
I already sent an email to our support. Let's see if they are able to enable the shell access.

Last question... Do you know if the shell access is persistent across reboots?

Thanks.
Photo of Syamantak Omer

Syamantak Omer, Official Rep

  • 212 Posts
  • 78 Reply Likes
Hi Oscar,

As I have explained before, shell access is only limited to Ruckus Support and Ruckus engineering.

As per my understanding, you want to know how you can see the APs remote capture stream on your linux system (same way we see on Windows system using Wireshark's remote interface option). Correct me if I am wrong.

I have checked internally and externally and can confirm that Wireshark only supports remote interface option in Windows. Wireshark on Linux and MAC OS do not supports remote capture feature.

If it is just one time requirement then support should be able to join a web session with you and allow you the limited time access to shell mode, to run tcpdump and then export the file using TFTP or FTP but permanent access to AP shell is not allowed.

While reading some thirdparty pages, I have found below link which talks about "kismet", which seems a tool for linux. You may try this.

https://www.kismetwireless.net/docs/readme/datasources_remote_capture/

I hope this will help.

Regards,
Syamantak Omer