• SonicOS7.0
• About Access Points
• Settings
  • Synchronize Access Points
  • Provisioning Overview
  • Creating/Modifying Provisioning Profiles
    • Adding/Editing a Provisioning Profile - Getting Started
    • General Settings for Provisioning Profiles
    • 5GHz/2.4GHz Radio Basic Settings for Provisioning Profiles
      • Radio Settings
      • Wireless Security
      • Protected Management Frames (PMF Option)
      • About Local Radius Servers and EAP Authentication Balancing
      • Configuring Radius Server Settings
      • ACL Enforcement
      • Remote MAC Address Access Control Settings
    • 5GHz/2.4GHz Radio Advanced Settings for Provisioning Profiles
      • Configuring the RSSI Threshold
      • Configuring IEEE802.11r Settings for Secure Fast Roaming
      • Configuring IEEE802.11k Settings for Dynamic Radio Management
      • Configuring IEEE802.11v Settings for Dynamic Environment Management
    • Sensor Settings for WIDP in Provisioning Profiles
    • Mesh Network Settings for Provisioning Profiles
      • Setting Up a Mesh Network
      • Enabling a Multi-hop Mesh Network
      • Active/Active Clustering Full Mesh
    • 3G/4G/LTE WWAN Settings for Provisioning Profiles
      • Manually Configuring the 3G/4G/LTE WWAN Profile
      • Configuring Load Balancing among Multiple USB Modems
    • Bluetooth LE Settings for Provisioning Profiles
    • Deleting Access Point Profiles
    • Product Specific Configuration Notes
  • Managing Access Point Objects
    • Deleting Access Point Objects
    • Rebooting Access Point Objects
    • Modifying Access Point Objects
• Firmware Management
  • About Firmware Management
  • Obtaining the Latest SonicWall Firmware
  • Downloading Firmware from a Specific URL
  • Uploading Firmware to an Access Point
• Floor Plan View
  • Managing the Floor Plans
    • Selecting a Floor Plan
    • Creating a Floor Plan
    • Editing a Floor Plan
  • Managing Access Points
    • Available Devices
    • Added Access Points
    • Removing Access Points
    • Export Image
    • Context Menu
• Station Status
• Intrusion Detection Services
  • Scanning Access Points
  • Authorizing Access Points
• Advanced IDP
  • Enabling Wireless IDP on a Profile
  • Configuring Wireless IDP Settings
  • Viewing KRACK Sniffer Packets
• Packet Capture
• Virtual Access Points
  • Before Configuring VAPs
    • Determining Your VAP Needs
    • Determining Security Configurations
    • Sample Network Definitions
    • Prerequisites
    • VAP Configuration Worksheet
  • Access Point VAP Configuration Task List
  • Virtual Access Point Groups
  • Virtual Access Point Objects
    • General Tab
    • Advanced Tab
  • Virtual Access Point Profiles
    • Virtual Access Point Schedule Settings
    • Virtual Access Point Profile Settings
    • Remote MAC Address Access Control Settings
    • ACL Enforcement
    • IEEE802.11R Settings
    • IEEE802.11K Settings
    • IEEE802.11V Settings
    • Agile Multiband Settings
• RF Monitoring
  • Prerequisites
  • RF Monitoring Summary
  • 802.11 General Frame Setting
  • 802.11 Management Frame Setting
  • 802.11 Data Frame Setting
  • Discovered RF Threat Stations
  • Adding a Threat Station to the Watch List
  • Practical RF Monitoring Field Applications
    • Using Sensor ID to Determine RF Threat Location
    • Using RSSI to Determine RF Threat Proximity
• RF Analysis
  • Using RF Analysis on SonicWall Access Points
    • Understanding the RF Score
    • Channel Utilization Graphs and Information
    • Viewing Overloaded Channels
    • RFA Highly Interfered Channels
• RF Spectrum
• FairNet
  • Supported Platforms
  • FairNet Features
  • Management Interface Overview
  • Configuring FairNet
• Wi-Fi Multimedia
  • WMM Access Categories
  • Assigning Traffic to Access Categories
  • Configuring Wi-Fi Multimedia Parameters
    • Configuring WMM
    • Creating a WMM Profile for an Access Point
• 3G/4G/LTE WWAN
• Bluetooth LE Devices
  • Viewing BLE Scanned Data
• Radio Management
  • Configuring Radio Management
  • Configuring Dynamic Channel Selection Settings
• SonicWall Support
  • About This Document

Packet Capture

The DEVICE | Access Points > Packet Capture feature provides an in-depth type of wireless troubleshooting that you can use to gather wireless data from a client site or network and output the data into a readable Packet Capture (PCAP) file. This feature is supported for most SonicWave access points. SonicWave radios can also be configured to capture 802.11 frames into a PCAP file for download.

Because the antenna of the scan radio is 1x1, some data frames cannot be captured by the scan radio because of hardware restrictions.

The Packet Capture page shows the status of the SonicWave, the number of packets captured, and the size of the packet buffer. At the right, hover on the SonicWave to configure the capture settings for each SonicWave.

To capture the data for one of configured SonicWave radios, click Download for that row on the Packet Capture page. The capture file is named with the format, “wirelessCapture_[SW name].cap,” where SW name is the SonicWave name. Wireshark™ can be used to read the file.

Using the Edit feature, you can configure the Mode, Radio Band and Standard Channel Capture Radio Settings in the Edit SonicWave Capture Settings dialog, allowing you to capture wireless packets in a specific channel. You can configure up to five source and destination MAC addresses. Click Edit icon for the SonicWave you want to configure.

SonicWave Capture Radio Settings

1. From the Mode drop-down menu, select the capture radio channel for the appropriate SonicWave.

2. Select an appropriate radio frequency band from the Radio Band drop-down menu.

3. Indicate the standard allowable frequency channel associated with the selected radio band from the Standard Channel drop-down menu.

SonicWave 802.11 Packet Capture Settings

1. Click Enable Packet Capture to begin capturing wireless packets for this specific SonicWave.

2. To continue capturing packets after the buffer fills up, select Wrap Capture Buffer Once Full. Selecting this option causes packet capture to start writing captured packets at the beginning of the buffer again after the buffer fills.

SonicWave Packet Capture Filter Settings

1. For Source AC Address(es), enter the MAC address(es) of your wireless adapter(s). Enter a dash between each pair of characters. You can enter up to five addresses.

   For example: 00-12-34-56-78-AB

2. For Destination MAC Address(es), enter the destination MAC address(es) of your wireless adapter(s). Enter a dash between each pair of characters. You can enter up to five addresses.

3. Enter the BSSID. A BSSID (Basic Service Set IDentifier) is the wireless equivalent of a MAC (Media Access Control) address, or a unique hardware address of an access point or VAP for the purposes of identification. The client on the SonicWall ESSID moves away from AP1 and toward AP2, the strength of the signal from the former decreases while the latter increases. The client’s wireless card and driver constantly monitors these levels, differentiating between the (V)APs by their BSSID. When the card/driver’s criteria for roaming are met, the client detaches from the BSSID of AP1 and attaches to the BSSID or AP2, all the while remaining connected the SonicWall ESSID.

4. Enter the ESSID. An ESSID (Extended Service Set IDentifier) is a collection of access points (or Virtual Access Points) sharing the same SSID. A typical wireless network comprises more than one access point for the purpose of covering geographic areas larger than can be serviced by a single access point. As clients move through the wireless network, the strength of their wireless connection decreases as they move away from one access point (AP1) and increases as they move toward another (AP2). Providing AP1 and AP2 are on the same ESSID (for example, SonicWall) and that the (V)APs share the same SSID and security configurations, the client can roam from one to the other. This roaming process is controlled by the wireless client hardware and driver, so roaming behavior can differ from one client to the next, but it is generally dependent upon the signal strength of each access point within an ESSID.

5. Select Enable Bidirectional Address Matching to match IP addresses specified in the MAC source and/or destination fields against both the source and/or destination fields in each packet.

6. Your SonicWave broadcasts a beacon (announcements of availability of a wireless network) for every SSID configured. By default, the SSID is included within the beacon so that wireless clients can see the wireless networks. The option to suppress the SSID within the beacon is provided on a per-SSID (for example, per-VAP or per-AP) basis to help conceal the presence of a wireless network, while still allowing clients to connect by manually specifying the SSID. You can disable this feature by clicking Exclude Beacon.

7. Exclude Probe Request suppresses broadcasting of the SSID name and disables responses to probe requests. Click this option if you do not wish for your SSID to be seen by unauthorized wireless clients.

8. When a wireless client sends out a probe request, the attacker sends back a response with a Null SSID. This response causes many popular wireless cards and devices to stop responding. You can disable this by clicking Exclude Probe Response.

9. Click Exclude Control to remove general control of the wireless client.

10. Your SonicWave tracks individual data packets that traverse all your SonicWall firewall appliances. Packets can be either monitored or mirrored. The monitored packets contain both data and addressing information. You can disable this tracking by enabling Exclude Data.