Remote Frame Captures & Application Issues on Wi-Fi
After the deployment of new Extreme Aerohive Wireless solution at an Enterprise office, a number of user complaints were received for applications resetting and disconnecting while working on Wi-Fi. The users did not have this problem while working from other offices or their home.
Some of the applications like Teradata SQL Assistant & other applications which used SQL backend reset itself while executing queries. From the Wi-Fi standpoint, the client had no issues with the Signal/Noise/RSSI which was received.
Teradata SQL and other SQL application use TCP port 125. After engaging the TAC team requested for remote pcap aka frames for wireless for wired/wireless interfaces of the Extreme Access Points. Below are the steps required to run the remote captures.
- Enable remote capture on the Extreme Aerohive AP 650/510C with the cli command – exec capture remote-sniffer
- Logon to the machine with Wireshark installed and configure the remote interfaces. Enter the management IP of the Access Point (Host), leave the port field blank.
3. Install Wireshark on a remote machine and apply packet slicing as the pcap/frame capture will be huge. Make sure the system capturing has enough disk space for doing so.
4. Choose all the interfaces/required interfaces and start the capture.
After analysing the pcap it was found that there were some TCP retransmissions being caused on TCP port 1025 but the root cause/reason was not yet determined.
After a few days of captures and analysing the frames, it was discovered that the issues were primarily caused due to DoS prevention rule in place for the SSID as an optional setting. We had to disable this feature and the issue just vanished. The below option caused TCP to reset if the client IP session was idle.
Though it took a while to come to this it was interesting to learn on how to perform remote frame captures which is still helpful to understand and analyse on what is going on the wireless end.
As in most cases, this was not a radio/wireless issue all together but still resolved from the vendor side after disabling the feature.
