Hi all, Sory I'm new to this and I'm trying to analyse the DHCP packets between clients and the servers. I don't have that much information on the whole network. Will using bootp filter helps me to put together the whole flow ?
I can see thet 192.168.70.x are coming form clients and 192.168.100.1 seems to be the DHCP server ?
asked 05 Nov '16, 08:39
You can just use the display filter: bootp
answered 05 Nov '16, 14:00
You can see the DHCP messages:
DHCP Discover - Client to server
DHCP Inform - Client to server
DHCP ACK - Server to Client
Further infos you can find here: https://en.wikipedia.org/wiki/Dynamic_Host_Configuration_Protocol
answered 05 Nov '16, 15:20
edited 05 Nov '16, 15:21
You can also add the ethernet address(eth.addr) of the client and using "bootp". This will be a better filter as your nic might also capture Dhcp messages of other devices in the network.
answered 06 Nov '16, 23:09