Ubiquiti Airmax gear has tcpdump included. We can easily use it to capture packets to a file and then use SCP from the device to copy the file for analysis.

SSH to the device

ssh ubnt@192.168.1.20
cd /tmp/

Start tcpdump with the following command. Change ath0 and file.cap to the appropriate interface and file name.

tcpdump -i ath0 -w file.cap

After we are done collecting, we can quit with ctrl + c

Now we can use scp or sftp to copy the files off. There is an issue using scp or sftp from a normal Linux machine to the radio, fails with a “sh: /usr/libexec/sftp-server: not found”. It works fine if you initiate scp from the radio.

scp /tmp/file.cap username@remoteip:~/