From my Win7 box, is there a way to sniff the authentication traffic between me and the AP, locally? Or will I need to use another machine, on the wireless, to see this traffic?
wireshark?
well of course I tried that :)
But it doesn't see any EAP requests when I filter it down to EAP. My suspicion is maybe Windows sees the interface as "down" until after it associates with the AP...
Have you read through this wiki article on the Wireshark site?
http://wiki.wireshark.org/CaptureSetup/WLAN
Quote from: SimonV on January 12, 2015, 02:50:34 PM
Have you read through this wiki article on the Wireshark site?
http://wiki.wireshark.org/CaptureSetup/WLAN
didnt't see that one yet. I'll take a read :)
I found the solution to this, at least for my situation, a while ago. Just wanted to update in case someone stumbles upon this thread :)
http://wifinigel.blogspot.com/2014/08/cisco-wlc-per-client-packet-capture.html
The commands I used, I believe, were:
config ap packet-dump ftp serverip <ip-address> path <path> username <user_ID> password <password>
config ap packet-dump classifier dot1x enable
config ap packet-dump classifier data enable
config ap packet-dump start <client-mac-address> <ap-name>
After I disconnected and joined the two dot1x SSID's, I stopped the packet capture
config ap packet-dump stop
Cool, thanks for the follow-up!