3Com WX2200 3CRWX220095A Switch User Manual


 
644 CHAPTER A: TROUBLESHOOTING A WX SWITCH
Use Netcat to listen to UDP packets on the TZSP port. This avoids a constant
flow of ICMP destination unreachable messages from the observer back to
the radio. You can obtain Netcat through the following link:
http://www.vulnwatch.org/netcat/
If the observer is a PC, you can use a Tcl script instead of Netcat if preferred.
1 Install the required software on the observer.
2 Configure and map snoop filters in MSS.
3 Start Netcat:
On Windows, use the following command:
netcat -l -u -p 37008 -v -v
Where ip-addr is the IP address of the Distributed MAP to which the
snoop filter is mapped. (To display the Distributed MAP’s IP address, use
the display ap status command.)
4 Start the capture application:
For Ethereal capture, use ethereal filter port 37008.
For Tethereal capture, use tethereal -V port 37008.
5 Disable the option to decrypt 802.11 payloads. Because the MAP always
decrypts the data before sending it to the observer, the observer does not
need to perform any decryption. In fact, if you leave decryption enabled
on the observer, the payload data becomes unreadable.
To disable the decryption option in Ethereal:
a In the decode window, right-click on the IEEE 802.11 line.
b Select Protocol Preferences to display the 802.11 Protocol
Preferences dialog.
c Click next to Ignore the WEP bit to deselect the option. This option
is applicable for any type of data encryption used by MAP radios.
d Enable the snoop filter on the MAP, using the following command:
set snoop {filter-name | all} mode {enable | disable}
e Stop the Ethereal capture and view the monitored packets.
The source IP address of a monitored packet identifies the Distributed
MAP that copied the packet’s payload and sent it to the observer.