DHCPDUMP(1) General Commands Manual DHCPDUMP(1)NAME
dhcpdump - DHCP packet dumper
SYNOPSIS
dhcpdump [-h regular-expression]
DESCRIPTION
This command parses the output of tcpdump to display the dhcp-packets for easier checking and debugging.
USAGE
tcpdump -lenx -s 1500 port bootps or port bootpc | dhcpdump
If you want to filter a specific Client Hardware Address (CHADDR), then you can specifiy it as a regular expressions:
tcpdump -lenx -s 1500 port bootps or port bootpc | dhcpdump -h ^00:c0:4f
This will display only the packets with Client Hardware Addresses which start with 00:c0:4f.
OUTPUT
TIME: 15:45:02.084272
IP: 0.0.0.0.68 (0:c0:4f:82:ac:7f) > 255.255.255.255.67 (ff:ff:ff:ff:ff:ff)
OP: 1 (BOOTPREQUEST)
HTYPE: 1 (Ethernet)
HLEN: 6
HOPS: 0
XID: 28f61b03
SECS: 0
FLAGS: 0
CIADDR: 0.0.0.0
YIADDR: 0.0.0.0
SIADDR: 0.0.0.0
GIADDR: 0.0.0.0
CHADDR: 00:c0:4f:82:ac:7f:00:00:00:00:00:00:00:00:00:00
SNAME: .
FNAME: .
OPTION: 53 ( 1) DHCP message type 3 (DHCPREQUEST)
OPTION: 54 ( 4) Server identifier 130.139.64.101
OPTION: 50 ( 4) Request IP address 130.139.64.143
OPTION: 55 ( 7) Parameter Request List 1 (Subnet mask)
3 (Routers)
58 (T1)
59 (T2)
At the option field, the first field is the value of the option, the second one (between brackets) is the length of the option-datafield,
the third field is the name of the option, the fourth field is the data of the option.
RETURN VALUES
Always 0.
NOTES
Privileged access is often needed for tcpdump.
BUGS
Not all the parameter options are printed verbose, because of lack of documentation. Not all the options are tested, because of lack of
clients/servers with these options. If you have a dump of one of them, please send them to me and I'll incorperate them.
THANKS TO
Ralph Droms and Ted Lemons "The DHCP Handbook", ISBN 1-57870-137-6.
Peter Apian-Bennewitz <apian@ise.fhg.de> for his Client Hardware Address filtering
AUTHOR
Edwin Groothuis, edwin@mavetju.org (http://www.mavetju.org)
SEE ALSO dhcpd(8), tcpdump(1), RFC2132
November 21, 2003 November 21, 2003 DHCPDUMP(1)
Check Out this Related Man Page
IPGRAB(8) System Manager's Manual IPGRAB(8)NAME
ipgrab - A Verbose Packet Sniffer
SYNOPSIS
ipgrab [ -ablmnPprTtwx ] [ -c cnt ] [ -i if ] [ expr ]
DESCRIPTION
ipgrab reads and parses packets from the link layer through the application layer, dumping explicit header information along the way. It
is a lot like tcpdump except that it prints almost every header field.
Options
-a Do not display application layer data.
-b Buffer standard output. Useful when you're redirecting output to a file.
-c cnt, --count cnt
Terminate after receiving cnt packets.
-C proto, --CCP proto
Assume a particular CCP protocol, such as MPPC. MPPC is the only one supported as yet.
-d Dump extra padding in packets. For example, according to an IP header, the packet ends at a certain point, but the link layer may
have padded it beyond that. This option displays the padding. Not valid in minimal mode.
-h, --help
Display usage screen with a brief description of the command line options.
-i if, --interface if
Makes ipgrab listen to packets on interface if, e.g., eth0. If this option is not used, the default interface will be assumed.
-l Don't display link-layer headers. The following protocols are considered to be link layer: ARP, CHAP, Ethernet, IPCP, LCP, LLC,
Loopback, PPP, PPPoE, Raw, Slip.
-m Minimal mode output. When operating in this mode, ipgrab displays only brief header information.
-n Don't display network-layer headers. The following protocols are considered to be network layer: AH, ESP, GRE, ICMP, ICMPv6, IGMP,
IP, IPv6, IPX, IPXRIP.
-P string
Initiate a dynamic port mapping. This option must be followed by a string of the form `<protocol>=<port>', such as `http=8080'.
-p Dump packet payloads beyond what IPgrab parses. In other words, if IPgrab does not parse a particular application, this option will
dump application data in hex and text format.
-r FILE
Read packets from a file, rather than an interface. The file shoule be created in "raw" format, such as with '-w' option.
-T Do not display timestamps in minimal mode.
-t Don't display transport layer headers. The following protocols are considered to be transport layer: SPX, TCP, UDP.
-v, --version
Display version number and then quit.
-w FILE
Write the raw packets to a file, rather than the screen. The packets will not be parsed. The file can be read with the '-r' option.
-x Hex dump mode. After processing each layer, dump out the contents of that layer in hex and text. Only valid in main mode.
expr Berkeley packet filter expression. See tcpdump(8) man page for details and examples.
SEE ALSO tcpdump(8)NOTES
Requires libpcap version 0.3 or greater to be installed.
AUTHOR
Michael S. Borella
http://www.borella.net/mike/
mike@borella.net
07 March 2007 IPGRAB(8)