If you need to use another interface, change the interface accordingly. The command above would capture all DHCP related traffic that arrives on the network interface eth0 of the linux host you're running the command on. One way of capturing DHCP traffic is by using tcpdump, probably the most used commandline-based network capturing tool. As there's no fixed IP address involved in the first stage of a request, we initially can't filter on IP, although we could filter on MAC address if needed. In order to capture DHCP traffic, we would then have to monitor packets specifically on port 67/udp and 68/udp. For more information on DHCP, read the explanation on Wikipedia. It works by sending broadcasts using IP/UDP on ports 67 (servers) and 68 (clients). There are a lot of ways on how this is accomplished, so I won't go into too much detail on all the methods available, nor will I explain what DHCP does or how it works.ĭHCP (Dynamic Host Configuration Protocol) is used for automatic configuration of a host's network settings, such as IP address, gateway, routing, and more. For proper troubleshooting of DHCP traffic, it may sometimes be necessary to capture live data on your network.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |