Hi all, Sory I'm new to this and I'm trying to analyse the DHCP packets between clients and the servers. I don't have that much information on the whole network. Will using bootp filter helps me to put together the whole flow ? I can see thet 192.168.70.x are coming form clients and 192.168.100.1 seems to be the DHCP server ?
asked 05 Nov '16, 08:39  doran_lum |
3 Answers:
That's it. You can just use the display filter: bootp answered 05 Nov '16, 14:00  Amato_C |
You can see the DHCP messages: DHCP Discover - Client to server DHCP Inform - Client to server DHCP ACK - Server to Client Further infos you can find here: https://en.wikipedia.org/wiki/Dynamic_Host_Configuration_Protocol answered 05 Nov '16, 15:20  Christian_R edited 05 Nov '16, 15:21 |
You can also add the ethernet address(eth.addr) of the client and using "bootp". This will be a better filter as your nic might also capture Dhcp messages of other devices in the network. answered 06 Nov '16, 23:09  koundi |
