×
Siemens Industry Online Support
Siemens AG
Entry type: FAQ Entry ID: 109750887, Entry date: 11/03/2017
(1)
Rate

How do you record the network traffic on the SCALANCE W with Wireshark?

  • Entry
  • Associated product(s)
The SCALANCE W devices with firmware V6.1 (CLI) and higher and V6.2 (WBM and CLI) and higher support the "Remote Capture" function. The "Remote Capture" function permits you to record the network traffic from remote interfaces at the Access Point with Wireshark.

Task
The network traffic between two devices is to be recorded at the WLAN interface or at the Ethernet interface in order to detect connection problems or generally analyze the connection.
Normally, for this you need special hardware (a TAP, for example) or specific tools (AirPCap, for example).
The SCALANCE W client is located in a remote place.

Solution
With Wireshark you can record the network traffic at the local interface. Wireshark can also record the network traffic across the whole network. To make these recordings, Wireshark uses the "Remote Packet Capture Protocol Service".

For Wireshark to be able to record the network data from the remote SCALANCE W you must enable the "Remote Capture" function in the SCALANCE W via the Command Line Interface or the web-based management and in Wireshark configure a "Remote Capture" interface.

In the configuration manual of the SCALANCE W you will find detailed instructions for enabling the "Remote Capture" function and configuring the interface in Wireshark.

Notes
If you would like to record and analyze the remote network traffic with Wireshark, please note the following:

  • If you use the "iPCF" protocol in the WLAN, the "iPCF" frames will be marked as defective in Wireshark. "iPCF" is a SIEMENS proprietary protocol.
  • Enable the "Remote Capture" function for analyzing. The increased data traffic might affect the performance of the device and the network.

  • Make sure that you can reach the SCALANCE W via Port 2002 and that no firewall prevents this access. The "Remote Packet Capture Protocol Service" in the SCALANCE W is addressed via this port number.
     

Security information
In order to protect technical infrastructures, systems, machines and networks against cyber threats, it is necessary to implement – and continuously maintain – a holistic, state-of-the-art IT security concept. Siemens’ products and solutions constitute one element of such a concept. For more information about cyber security, please visit
https://www.siemens.com/cybersecurity#Ouraspiration.