Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 
ON THIS PAGE
 

Dynamic and Manual Packet Captures

SUMMARY The Juniper Mist portal provides both dynamic and manual packet captures to help identify the source of communication failures between the client and AP.

Note:

Mist does not collect or store any payload data from packets capture. Only transmission and connection data are used.

Dynamic Packet Captures

Whenever a connection failure event occurs between the wireless client and AP, it automatically triggers a short-term dynamic packet capture. These include DHCP issues (timeout, denied, terminated), authorization failures (RADIUS not responding, Access-Reject, incomplete authorization), and roaming issues (11r FBT and OKC authorization failures).

Packet captures are saved to the cloud, where they are associated with the triggering event in the Juniper Mist portal. You can view or download the packet capture from the events sections (such as Client Events) on the Insights panel.

The following image shows dynamic packet captures stored under Client Events (Monitor > Service Levels | Insights > Client Events ):

Manual Packet Captures

Wired packet capture applies to the wired ports of APs (not the switch ports). WAN packet captures support SSR and SRX WAN edge device ports.

For manual packet captures, go to Site > Packet Captures, where you can:

  • Choose which network type to capture packets from: wired, wireless, or WAN.

  • Restrict the packet capture to specific clients, WLANs, APs, or wireless bands.

  • Configure the number of packets captured, packet size in bytes, and the duration of the capture session.

  • Configure other capture parameters such as header inclusion and capture filters. See Table 1 for details.

After downloading the packet capture to your computer, follow the steps below to view them in Wireshark.

Configure IEEE 802.11 on Wireshark

Packet inspection requires Wireshark. See https://www.wireshark.org for the download file and related information.

To configure Wireshark to view packets captured from the Juniper Mist portal, follow the steps below:

  1. Open the Wireshark application on your computer
  2. Open the Wireshark Preferences window:

    On a Windows computer navigate to Edit > Preferences

    On a Mac computer navigate to Wireshark > Preferences

  3. In the Preferences window, expand the Protocols menu option and scroll down to IEEE 802.11
    1. Select Yes - with IV and then click OK, as shown in the following image:

View Wireless Packet Captures in Wireshark

You can capture packets from both your wired and wireless networks. The following configuration regards wireless packet, for which you can see:

  • Wireless channel information

  • Wireless data rate

  • Received signal strength indicator (RSSI)

To accomplish this task, you must download and install the Wireshark application on your computer. In a Web browser, navigate to https://www.wireshark.org for Wireshark application downloads and detailed information about Wireshark. For additional information about Wireshark, see https://www.wireshark.org/docs/.

This topic provides minimal guidance about how to configure Wireshark for use in examining wireless packet captures gathered from the Juniper Mist portal.

  1. Open the Wireshark application on your computer.
  2. Open the Wireshark Preferences window:

    On a Windows computer navigate to Edit > Preferences.

    On a Mac computer navigate to Wireshark > Preferences.

  3. In the Preferences window, navigate to Appearance > Columns.
  4. Click the Add (+) button to add a new radiotap column to the Wireshark display (radiotap headers include wireless packet frames that would otherwise not be displayed. See: https://www.wireshark.org/docs/dfref/r/radiotap.html.
    Wireshark adds a new line called New Column, and the type Number.
    1. Double-click the New Column title and type Channel as the title.
    2. Double-click the Type column and select Frequency/Channel from the drop-down menu.
    3. Leave the Displayed column selected.
  5. Repeat Step 4 two times
    1. The first time, use Data Rate for the column title and IEEE 802.11 TX Rate for the type.
    2. The second time, use RSSI as the column title and IEEE 802.11 RSSI for the type.
  6. Click OK to save your changes.
    Wireshark will display the new columns when you open a packet capture (.pcap) file for viewing.

Manual Packet Capture Options

By default, Juniper Mist streams the packet capture session data, including beacon frames, to the Mist portal. The following table describes the packet capture options that you can use when you create a packet capture session.
Table 1: Packet Capture Options
Option Name Option Function Usage Notes Firmware Notes
Include Network Headers Include packet headers in addition to the packet data. Packet capture works by buffering packets locally on the device, meaning there is limited space available for storage. By default, Mist truncates header data from the captured packets to reduce the size of capture files while still providing the most relevant information.
Local Capture Do not stream the live capture data to the Mist GUI. Earlier AP firmware did not support live streaming packet captures to the Juniper Mist portal. Required for AP firmware versions before 0.10.x.
Canned Filters Pre-defined filters that vary based on the type of packet capture you're performing. The filters available in the list change depending on whether you're capturing wireless, wired, or WAN packets. For example, beacon frames are only available for wireless packet captures.
Advanced Filters Create your own packet filters for the capture session using tcpdump syntax.   0.10.x or later
Expression Builder Interactive GUI tool to build custom filters in tcpdump syntax for use in the capture session. You can let the builder start the filter entry and then add to or delete from the entry manually. 0.10.x or later