Packet Capture on Meraki Devices

Packet captures allows you to analyze the traffic passing between the wireless client and AP, as well as the AP and the wired LAN.  Every MR access point supports live packet capture via the Dashboard interface. This powerful tool grants great insight into potential issues can be used by network administrators to troubleshoot a wide number of issues.

 

Taking a Live Packet Capture

Navigate to Monitor -> Packet Capture in Dashboard.

Select your AP

Select the APs for which you would like to perform a packet capture.  It is possible to select all of the APs in your network, or isolate specific APs. It is also possible to select Air Marshal APs or Non Air Marshal APs only.

Select your Output

Choose your preferred output method. Dashboard supports live capture output, which can be useful for rapid debugging. If you prefer to view packet captures within a 3rd party application (e.g. WireShark) or you want preserve the capture for later reference, you can also choose to download the capture into a pcap file.

Capture Size

The capture will stop after 60 seconds, or when 5000 packets have been captured.

Other options

Ignore Options

You can choose to ignore both Multicast and/or Broadcast packets. This will remove packets destined to multicast and/or broadcast MAC addresses.

Filter Expressions

You can optionally enter a filter expresssion to narrow the packets displayed or captured. Here are a few sample filter expressions:

host 10.1.27.253
packets to and from ip address 10.1.27.253
host 10.1.27.253 and port 53
packets to and from ip address 10.1.27.253 and TCP or UDP port 53 (DNS)
icmp[icmptype] != icmp-echo and icmp[icmptype] != icmp-echoreply
all ICMP packets that are not echo requests/replies (i.e., not ping packets):
ether host 11:22:33:44:55:66
packets to and from ethernet host 11:22:33:44:55:66

Mark as helpful.

Posted in: Network