Using Wireshark With UniFi Access Points for Real Time Packet Capture

Commands used in video:

Connect to Access Point and filter for only VLAN tag 100
wireshark -k -i <(ssh thomas@ -p 22 tcpdump -i br0.100 -U -w - )

Connect to Access Point and filter for only VLAN tag 69
wireshark -k -i <(ssh thomas@ -p 22 tcpdump -i br0.69 -U -w - )

Connect to Access Point and filter out source connection address
wireshark -k -i <(ssh thomas@ -p 22 tcpdump -i br0 host not -U -w - )

How to make sure you can run Wireshark from your user:
sudo dpkg-reconfigure wireshark-common
Choose yes to allow non-superusers to capture packets

Allow user to run dupmpcap
sudo chmod +x /usr/bin/dumpcap


I am stuck from the word Wireshark. No seriously permission denied running the and when I try sudo dpkg-reconfigure wireshark-common I get -
-ash: dpkg-reconfigure: not found

I have tried two waps, both nano-hd, one running 4.3.21, the other 4.0.54 and they both have the same problem. Where can I find some hints to overcome this?

I am having a horrible time getting any nano-hd with firmware higher than 4.0.54 to work with any of our 175 Honeywell thermostats. Any Firmware over 4.0.54 and the thermostats constantly request an IP and the DHCP server Offers but it either isn’t getting back out of the nano-hd or the thermostat doesn’t find the packet acceptable. Being able to do wireshark through the WAP would be an enourmous help, but definitely beyond my skillset at the moment. My linux is wanting…

1 Like

A week after I viewed the video a customer reported that WiFi was not working in the second building on their property. The problem was with a UAP-AC-Pro so I was able to directly apply what I learned from your video. The business SSID worked but the guest SSID did not work so I know that the the Point to Multi-Point (PTMP) radio link is functional. The PTMP contains a Nano Station M5 and a Rocket 5AC Prism with an omni-directional antenna connect to an EdgeRouter PoE 5.

I learned two things from the packet capture from the UAP-AC-Pro.

  1. My Pixel 5 phone made a proper DHCP request but the DHCP server never responded.

  2. My Pixel 5 uses a randomized MAC that caused some interesting messages to be displayed by Wireshark.

DHCP services are provided by an EdgeRouter PoE 5 so I captured packets from the router port that is connected to the PTMP link. I will look at the packet capture after I finish this message.

Thanks for sharing the knowledge!

Best Regards,
Roger M. Jenson


A packet capture from the EdgeRouter PoE 5 Ethernet port connected to the PTMP link showed that the DHCP request did not reach the port. There are three devices between the EdgeRouter PoE 5 and the UAP-AC-Pro.

  1. Rocket 5 AC Prism with an omnidirectional antenna (for future expansion)
  2. NanoStationM 5
  3. US-8-150W PoE switch

I decided to start with the US-8-150W PoE switch since it was easy to mirror ports that connected to the access point and the uplink. I saw the DHCP request at the port that the access point connected to but not the uplink port. This indicated that the problem was within the switch. Once I added the “Profile” column to the port configuration display I noticed that the wrong profile was selected. Once I set the port profile to “All” the DHCP server responded with an IP address.

Best Regards,
Roger M. Jenson