Dynamic and Manual Packet Captures
SUMMARY The Juniper Mist portal provides both dynamic and manual packet captures to help identify the source of communication failures between the client and AP.
Mist does not collect or store any payload data from packets capture. Only transmission and connection data are used.
Dynamic Packet Captures
Whenever a connection failure event occurs between the wireless client and AP, it automatically triggers a short-term dynamic packet capture. These include DHCP issues (timeout, denied, terminated), authorization failures (RADIUS not responding, Access-Reject, incomplete authorization), and roaming issues (11r FBT and OKC authorization failures).
Packet captures are saved to the cloud, where they are associated with the triggering event in the Juniper Mist portal. You can view or download the packet capture from the events sections (such as Client Events) on the Insights panel.
The following image shows dynamic packet captures stored under Client Events (Monitor > Service Levels | Insights > Client Events ):
Manual Packet Captures
Wired packet capture applies to the wired ports of APs (not the switch ports). WAN packet captures support SSR and SRX WAN edge device ports.
For manual packet captures, go to Site > Packet Captures, where you can:
-
Choose which network type to capture packets from: wired, wireless, or WAN.
-
Restrict the packet capture to specific clients, WLANs, APs, or wireless bands.
-
Configure the number of packets captured, packet size in bytes, and the duration of the capture session.
-
Configure other capture parameters such as header inclusion and capture filters. See Table 1 for details.
After downloading the packet capture to your computer, follow the steps below to view them in Wireshark.
Configure IEEE 802.11 on Wireshark
Packet inspection requires Wireshark. See https://www.wireshark.org for the download file and related information.
To configure Wireshark to view packets captured from the Juniper Mist portal, follow the steps below:
View Wireless Packet Captures in Wireshark
You can capture packets from both your wired and wireless networks. The following configuration regards wireless packet, for which you can see:
-
Wireless channel information
-
Wireless data rate
-
Received signal strength indicator (RSSI)
To accomplish this task, you must download and install the Wireshark application on your computer. In a Web browser, navigate to https://www.wireshark.org for Wireshark application downloads and detailed information about Wireshark. For additional information about Wireshark, see https://www.wireshark.org/docs/.
This topic provides minimal guidance about how to configure Wireshark for use in examining wireless packet captures gathered from the Juniper Mist portal.
Manual Packet Capture Options
Option Name | Option Function | Usage Notes | Firmware Notes |
---|---|---|---|
Include Network Headers | Include packet headers in addition to the packet data. | Packet capture works by buffering packets locally on the device, meaning there is limited space available for storage. By default, Mist truncates header data from the captured packets to reduce the size of capture files while still providing the most relevant information. | – |
Local Capture | Do not stream the live capture data to the Mist GUI. | Earlier AP firmware did not support live streaming packet captures to the Juniper Mist portal. | Required for AP firmware versions before 0.10.x. |
Canned Filters | Pre-defined filters that vary based on the type of packet capture you're performing. | The filters available in the list change depending on whether you're capturing wireless, wired, or WAN packets. For example, beacon frames are only available for wireless packet captures. | – |
Advanced Filters | Create your own packet filters for the capture session using
tcpdump syntax. |
0.10.x or later | |
Expression Builder | Interactive GUI tool to build custom filters in
tcpdump syntax for use in the capture
session. |
You can let the builder start the filter entry and then add to or delete from the entry manually. | 0.10.x or later |