How do you record the network traffic on the SCALANCE W with Wireshark?
The network traffic between two devices is to be recorded at the WLAN interface or at the Ethernet interface in order to detect connection problems or generally analyze the connection.
Normally, for this you need special hardware (a TAP, for example) or specific tools (AirPCap, for example).
The SCALANCE W client is located in a remote place.
With Wireshark you can record the network traffic at the local interface. Wireshark can also record the network traffic across the whole network. To make these recordings, Wireshark uses the "Remote Packet Capture Protocol Service".
For Wireshark to be able to record the network data from the remote SCALANCE W you must enable the "Remote Capture" function in the SCALANCE W via the Command Line Interface or the web-based management and in Wireshark configure a "Remote Capture" interface.
In the configuration manual of the SCALANCE W you will find detailed instructions for enabling the "Remote Capture" function and configuring the interface in Wireshark.
If you would like to record and analyze the remote network traffic with Wireshark, please note the following:
- If you use the "iPCF" protocol in the WLAN, the "iPCF" frames will be marked as defective in Wireshark. "iPCF" is a SIEMENS proprietary protocol.
Enable the "Remote Capture" function for analyzing. The increased data traffic might affect the performance of the device and the network.
Make sure that you can reach the SCALANCE W via Port 2002 and that no firewall prevents this access. The "Remote Packet Capture Protocol Service" in the SCALANCE W is addressed via this port number.