Summary

UniFi OS is the operating system developed by Ubiquiti Inc. that powers their UniFi family of applications and controllers. It provides a unified platform for managing multiple Ubiquiti services from a single interface.

Packet Capture

Remote PCap via SSH

 Info:  For this to work, Wireshark must be installed with the "Sshdump and Ciscodump" option selected. If you don't see SSH Remote Capture listed as an interface in your Wireshark, you can re-run the installation program to select "Sshdump and Ciscodump".

Follow the instructions below to perform a remote packet capture from your UniFi device to Wireshark on your workstation, over SSH.

Enable SSH Password Authentication

1. SSH into your UniFi device and edit the /etc/ssh/sshd_config file.
2. Change PasswordAuthentication to yes, and save the file.
3. Restart SSHD (non-service-impacting) by running systemctl restart sshd

Configure Wireshark

Open Wireshark and select SSH Remote Capture as the interface. If the Interface Options window doesn't pop up, click the gear next to SSH Remote Capture.

Go thru the four tabs and configure as follows:

Server

Remote SSH server address

IP/hostname of your UniFi device.

Remote SSH server port

22

Authentication

Remote SSH server username

root

Remote SSH server password

<root_password>

Leave the rest as default values.

Capture

Remote interface

interface name obtained from ip addr

Remote capture command selection

tcpdump

Remote capture command

/usr/sbin/tcpdump -nn -s 0 -w -

Gain capture privilege on the remote machine

sudo

Leave the rest as default values.

Debug

Leave all as default values.

 Info:  You will have to re-enter the Remote SSH server password each time you open Wireshark.