DHCP packet dumper
dhcpdump - DHCP packet dumper
dhcpdump [-h regular-expression]
This command parses the output of tcpdump to display the dhcp-packets for easier checking and debugging.
tcpdump -lenx -s 1500 port bootps or port bootpc │ dhcpdump
If you want to filter a specific Client Hardware Address ( CHADDR ), then you can specifiy it as a regular expressions:
tcpdump -lenx -s 1500 port bootps or port bootpc │ dhcpdump -h ^00:c0:4f
This will display only the packets with Client Hardware Addresses which start with 00:c0:4f.
TIME: 15:45:02.084272 IP: 0.0.0.0.68 (0:c0:4f:82:ac:7f) > 255.255.255.255.67 (ff:ff:ff:ff:ff:ff) OP: 1 (BOOTPREQUEST) HTYPE: 1 (Ethernet) HLEN: 6 HOPS: 0 XID: 28f61b03 SECS: 0 FLAGS: 0 CIADDR: 0.0.0.0 YIADDR: 0.0.0.0 SIADDR: 0.0.0.0 GIADDR: 0.0.0.0 CHADDR: 00:c0:4f:82:ac:7f:00:00:00:00:00:00:00:00:00:00 SNAME: . FNAME: . OPTION: 53 ( 1) DHCP message type 3 (DHCPREQUEST) OPTION: 54 ( 4) Server identifier 22.214.171.124 OPTION: 50 ( 4) Request IP address 126.96.36.199 OPTION: 55 ( 7) Parameter Request List 1 (Subnet mask) 3 (Routers) 58 (T1) 59 (T2)At the option field, the first field is the value of the option, the second one (between brackets) is the length of the option-datafield, the third field is the name of the option, the fourth field is the data of the option.
Privileged access is often needed for tcpdump.
Not all the parameter options are printed verbose, because of lack of documentation. Not all the options are tested, because of lack of clients/servers with these options. If you have a dump of one of them, please send them to me and I'll incorperate them.
Ralph Droms and Ted Lemons "The DHCP Handbook", ISBN 1-57870-137-6.
Peter Apian-Bennewitz <firstname.lastname@example.org> for his Client Hardware Address filtering
Edwin Groothuis, email@example.com (http://www.mavetju.org)
dhcpd(8), tcpdump(1), RFC2132
- Site Search
- linux docs
- linux man pages
- page load time
- world sunlight
- moon phase
- trace explorer