Skip to main content

 

Cisco Meraki Documentation

Obtaining Packet Captures For A Support Case Regarding Wireless Client Issues

Learn more with this free online training course on the Meraki Learning Hub:

Sign in with your Cisco SSO or create a free account to start training.

Overview

Packet captures are required for network troubleshooting.

Packet captures are an important part of troubleshooting network issues. For example, troubleshooting web pages or applications not loading, the inability for clients connect to an SSID, client packet loss, or clients unable to access hosts on the LAN or their default gateway. When captures are taken from multiple points in the physical network path, it is possible to uses this data to narrow down the issue to a certain area of the network or network device where the loss or network failure is occurring.

Packet captures from an administrator may be required when troubleshooting a wireless network issue. This is especially common when the problem is intermittent and difficult to reproduce on demand. Administrators can use the Packet Capture feature in the Meraki dashboard and Wireshark to obtain the necessary captures when the issue occurs and then upload them to the support case.

 

Where in the Network Packet Captures Need to be Taken

When the network issues occur, packet captures should be taken from each point in the physical network path so that packets can be tracked as they traverse different network segments. The key to successfully following the round trip of packets between the client machine and a host is getting the packet captures simultaneously. This can result in up to 6 separate capture files. 

Note: Cisco Meraki Support can advise you in determining at which points in the network the captures should be taken, if needed as part of a support case.

 

Capture 1: A packet capture from the wireless network adapter of the affected wireless client showing all packets being transmitted and received. Wireshark, a free packet capture utility, can be downloaded to the client and used to obtain this capture. The resulting file from this capture should be named using the convention case-number_wireless_client. For example: 00001234_wireless_client.

 Capture 2: A packet capture from the wireless interface of the AP the client is connected to show all packets being transmitted and received on the AP. This capture can be taken from the dashboard. The resulting file from this capture should be named using the convention case_wireless_ap for example 00001234_wireless_ap.

 Capture 3: A packet capture from the wired interface of the AP showing all packets being transmitted and received on the AP's wired interface. This capture can be taken from the dashboard. The resulting file from this capture should be named using the convention case-number_wired_ap. For example: 00001234_wired_ap.

Capture 4: A packet capture from the switch port the AP is connected to showing packets flowing in and out of the switch port. A port mirror can be used to obtain this capture. The resulting file from this capture should be named using the convention case-number_switchport. For example: 00001234_switchport.

Capture 5: A packet capture from the host the client is trying to access show packets being sent and received. A port mirror or Wireshark installed on the host can be used to obtain this capture. The resulting file from this capture should be named using the convention case-number_host. For example: 00001234_host.

Capture 6: If a customer hosted RADIUS server is being used, a packet capture showing incoming and outgoing RADIUS messages on the RADIUS server needs to be obtained. The resulting file from this capture should be named using the convention case-number_radius_server-ip. For example: 00001234_radius_1.1.1.1.

 In order to get these captures simultaneously, start by capturing on the client device, remote host, port mirror and/or RADIUS server first, since a dashboard capture can only be 60 seconds or 5000 frames. Once those captures are running, generate some traffic from the client and start the other captures in the dashboard.  

 

Below are the basic steps to get packet captures from each point in the network. For more information about the dashboard Packet Capture feature, see Packet Capture Overview.

Getting a Capture From a Client, a Device Connected to a Port Mirror, or a Destination Host

  1. Download and install Wireshark on the affected client.
  2. Launch Wireshark.
  3. Find the Capture section.
  4. Start a capture on the correct network interface as shown below.
  5. Stop the capture when finished. 
  6. Save the capture file with the correct file name.

Wireless client:

9e20545a-791b-456e-ad03-2e98e9802368

Wired host or port mirror host:

575acf40-b8cb-4a12-865b-16b97ba1aa2b

Getting a Capture From Both Interfaces of an Access Point Simultaneously

  1. Launch 2 browser windows side by side or stacked.
  2. Login to the dashboard in both browsers.
  3. Navigate to the Network-wide Monitor > Packet Capture page in both browsers.
  4. Select the AP the client is connected to under the Access point drop down in both browsers.
  5. In one browser the capture Interface will be Wireless, and in the other, the capture Interface will be Wired.
  6. The Output should be Download .pcap file (for Wireshark) in both browsers.
  7. Obtain captures simultaneously by clicking the Start capture button at the same time in both browsers.
  8. Once the captures are finished, you will need to save them. Make sure to name them based on the conventions indicated earlier.

08_42_41-Packet capture - Meraki Dashboard.png           0 08_44_09-Packet capture - Meraki Dashboard.png

Sharing Packet Captures With Support

Each packet capture file should have a file name that contains the case number and where the file was taken. Once each capture is saved, place them into a zip folder and upload them to the case in the dashboard. This can be done by navigating to ? > Get help & cases > Pick a Tile to Contact Support Submit a case. Click on the case, then use the Upload file button in the Files section. Please note the upload feature only accepts files 5MB or less. If the zip folder is too large, each file will need to be uploaded separately. Alternatively, Cisco Meraki Support can also accept links to other sharing mechanisms, such as Dropbox. 

 

Required Information for Analyzing Packet Captures

In order to analyze traffic that is specific to the problem, please provide the following in the Comments section of the case. This can be done under ? > Get help & cases > Recent cases. Click on the relevant case, then use the Add comment button in the Comments section.

  1. MAC Address or serial number of the AP
  2. MAC address of the affected client
  3. SSID the affected client is connecting to
  4. IP address or MAC address of the destination host
  5. IP address of the RADIUS server 
  • Was this article helpful?