tcpdump mailing list archives
Re: How to print BOOTP/DHCP packets
From: Guy Harris <guy () alum mit edu>
Date: Thu, 7 May 2009 09:24:49 -0700
On May 7, 2009, at 7:34 AM, Javier Gálvez Guerrero wrote:
I want to get the information included in bootp/dhcp packets captured through tcpdump. I tried adding -v, -vv and -vvv options to the issued command but all the information I got was like this:
...
I know that more information could be printed due to print-bootp.c file, which loops through all existing dhcp options, but I don't know how to doit. Could anyone point me to the right tcpdump option, please?
The right option is "-s". "-s 0", to be precise: pike:/home/dulceangustia/tcpdump-4.0.0# tcpdump -i ra0 port bootps -vvvThe lack of a "-s" option means the default snapshot length will be used; in tcpdump 4.0 and previous versions, it's 96 bytes for versions of tcpdump that include IPv6 support and 68 bytes for versions that don't. That means only the first 68 or 96 bytes of the packet are supplied to tcpdump.
tcpdump: listening on ra0, link-type EN10MB (Ethernet), capture size 96 bytes
"capture size 96 bytes" means that the snapshot length is, indeed, 96 bytes.
15:55:05.002857 IP (tos 0x10, ttl 128, id 0, offset 0, flags [none], proto
UDP (17), length 328) 0.0.0.0.bootpc > 255.255.255.255.bootps: BOOTP/DHCP, Request from00:1c:f0:0f:fb:84 (oui Unknown), length 300, xid 0x400a6f75, Flags [none]
(0x0000) Client-Ethernet-Address 00:1c:f0:0f:fb:84 (oui Unknown) [|bootp]15:55:05.014049 IP (tos 0x0, ttl 64, id 28669, offset 0, flags [none], proto
UDP (17), length 328)"|bootp" means that the bootp print routines ran into the end of the captured data and stopped.
Try tcpdump -i ra0 -vvv -s 0 port bootps so that tcpdump sees all the data in each packet. - This is the tcpdump-workers list. Visit https://cod.sandelman.ca/ to unsubscribe.
Current thread:
- How to print BOOTP/DHCP packets Javier Gálvez Guerrero (May 07)
- Re: How to print BOOTP/DHCP packets Guy Harris (May 07)
- Re: How to print BOOTP/DHCP packets Jefferson Ogata (May 07)
- Re: How to print BOOTP/DHCP packets Javier Gálvez Guerrero (May 08)