dhcpdump(1) [suse man page]
DHCPDUMP(1) General Commands Manual DHCPDUMP(1) NAME
dhcpdump - DHCP packet dumper SYNOPSIS
dhcpdump [-h regular-expression] DESCRIPTION
This command parses the output of tcpdump to display the dhcp-packets for easier checking and debugging. USAGE
tcpdump -lenx -s 1500 port bootps or port bootpc | dhcpdump If you want to filter a specific Client Hardware Address (CHADDR), then you can specifiy it as a regular expressions: tcpdump -lenx -s 1500 port bootps or port bootpc | dhcpdump -h ^00:c0:4f This will display only the packets with Client Hardware Addresses which start with 00:c0:4f. OUTPUT
TIME: 15:45:02.084272 IP: 0.0.0.0.68 (0:c0:4f:82:ac:7f) > 255.255.255.255.67 (ff:ff:ff:ff:ff:ff) OP: 1 (BOOTPREQUEST) HTYPE: 1 (Ethernet) HLEN: 6 HOPS: 0 XID: 28f61b03 SECS: 0 FLAGS: 0 CIADDR: 0.0.0.0 YIADDR: 0.0.0.0 SIADDR: 0.0.0.0 GIADDR: 0.0.0.0 CHADDR: 00:c0:4f:82:ac:7f:00:00:00:00:00:00:00:00:00:00 SNAME: . FNAME: . OPTION: 53 ( 1) DHCP message type 3 (DHCPREQUEST) OPTION: 54 ( 4) Server identifier 130.139.64.101 OPTION: 50 ( 4) Request IP address 130.139.64.143 OPTION: 55 ( 7) Parameter Request List 1 (Subnet mask) 3 (Routers) 58 (T1) 59 (T2) At the option field, the first field is the value of the option, the second one (between brackets) is the length of the option-datafield, the third field is the name of the option, the fourth field is the data of the option. RETURN VALUES
Always 0. NOTES
Privileged access is often needed for tcpdump. BUGS
Not all the parameter options are printed verbose, because of lack of documentation. Not all the options are tested, because of lack of clients/servers with these options. If you have a dump of one of them, please send them to me and I'll incorperate them. THANKS TO
Ralph Droms and Ted Lemons "The DHCP Handbook", ISBN 1-57870-137-6. Peter Apian-Bennewitz <apian@ise.fhg.de> for his Client Hardware Address filtering AUTHOR
Edwin Groothuis, edwin@mavetju.org (http://www.mavetju.org) SEE ALSO
dhcpd(8), tcpdump(1), RFC2132 November 21, 2003 November 21, 2003 DHCPDUMP(1)
Check Out this Related Man Page
DHCPING(8) General Commands Manual DHCPING(8) NAME
dhcping - send a DHCP request to DHCP server to see if it's up and running SYNOPSIS
dhcping [-v] [-q] [-i] [-r] -t maxwait -c client-IP-address -s server-IP-address -h client-hardware-address [-g gateway-IP-address] DESCRIPTION
This command allows the system administrator to check if a remote DHCP server is still functioning. Options are: -v Verbose, print some information. -i Use DHCPINFORM packets. -r Use DHCPREQUEST packets (default behaviour). -q Quiet, print nothing on the screen. -t maxwait Maximum time to wait for an answer from the server in seconds. Default is 3 seconds. -c client-IP-address Request this IP address. Note that this is also the IP address the answer will be sent to. -s server-IP-address Send the DHCP packet to this IP address. -h client-hardware-address Use this hardware-address in the DHCP request. It can be up to sixteen octets seperated by colons (i.e. 01:02:03:04) -g gateway-IP-address Use this IP address for the gateway IP address in the DHCP packet. This option is currently broken. RETURN VALUES
If everything goes okay, it returns 0. If there went something wrong, it returns 1. SETUP
This program should be installed setuid root or ran by root only. See SECURITY for more information. On your DHCP server, add these lines to the dhcpd.conf: host <your monitoring host FQDN> { hardware ethernet <your monitor host mac address>; fixed-address <your monitoring host IP address>; } Then try it: $ dhcping -c your monitoring host IP address -s your DHCP server IP address -h your monitor host mac address It will either respond with "no answer" or "Got answer from: your DHCP server IP address" The DHCP server logfile will give: DHCPREQUEST for 192.168.1.1 from 00:20:18:56:29:8f via ed0 DHCPACK on 192.168.1.1 to 00:20:18:56:29:8f via ed0 DHCPRELEASE of 192.168.1.1 from 00:20:18:56:29:8f via ed0 (found) Running in DHCPINFORM mode with -i: If you see "DHCPINFORM from 192.168.1.1 via xl0: not authoritative for subnet 192.168.1.0", you should add the authoritative statement to the subnet, See dhcpd.conf(5) for details. When running in very verbose mode, dhcping tries to dump all data of the send and received DHCP packets. It will first dump the packet in hex-format, then decodes the header and finally the options. HOW IT WORKS
The client either sends a DHCPREQUEST or DHCPINFORM packet to the server and waits for an answer. Then, if a DHCPREQUEST was send, it will send a DHCPRELEASE back to the server. SECURITY
This program is installed setuid root as it requires the privileges to bind itself to port 68 (bootpc). Root privileges are dropped as soon as the program has bound itself to that port. BUGS
Currently (this may, or may not, change in the future) the ISC DHCP daemon does not write leases with a fixed IP address in the dhcpd.leases file. DHCPINFORM packets can only be used on subnets the server is authori- tative for. If the monitoring script runs on a subnet the server isn't authoritative for, it should use the DHCPREQUEST packets. I also experienced some problems with ISC DHCPD v2 servers, but that is also in the README of it. The -V option is still working, but shouldn't be used for debugging of the packets. Better use dhcpdump(8) for that, which is available on my website. I wanted to remove it, but decided only to do it from the documentation, not from the code. Maybe I'll need it one day for debugging. AUTHOR
Edwin Groothuis, edwin@mavetju.org (http://www.mavetju.org) SEE ALSO
dhcpd(8), dhclient(8), dhcpd.conf(5), dhcpdump(8) Januari 27, 2002 Januari 27, 2002 DHCPING(8)