Login or Register to Ask a Question and Join Our Community

Linux and UNIX Man Pages

Linux & Unix Commands - Search Man Pages

dhcpdump(1) [suse man page]

DHCPDUMP(1)						      General Commands Manual						       DHCPDUMP(1)

NAME

       dhcpdump - DHCP packet dumper

SYNOPSIS

       dhcpdump [-h regular-expression]

DESCRIPTION

       This command parses the output of tcpdump to display the dhcp-packets for easier checking and debugging.

USAGE

       tcpdump -lenx -s 1500 port bootps or port bootpc | dhcpdump

       If you want to filter a specific Client Hardware Address (CHADDR), then you can specifiy it as a regular expressions:

       tcpdump -lenx -s 1500 port bootps or port bootpc | dhcpdump -h ^00:c0:4f

       This will display only the packets with Client Hardware Addresses which start with 00:c0:4f.

OUTPUT

	 TIME: 15:45:02.084272
	   IP: 0.0.0.0.68 (0:c0:4f:82:ac:7f) > 255.255.255.255.67 (ff:ff:ff:ff:ff:ff)
	   OP: 1 (BOOTPREQUEST)
	HTYPE: 1 (Ethernet)
	 HLEN: 6
	 HOPS: 0
	  XID: 28f61b03
	 SECS: 0
	FLAGS: 0
       CIADDR: 0.0.0.0
       YIADDR: 0.0.0.0
       SIADDR: 0.0.0.0
       GIADDR: 0.0.0.0
       CHADDR: 00:c0:4f:82:ac:7f:00:00:00:00:00:00:00:00:00:00
	SNAME: .
	FNAME: .
       OPTION:	53 (  1) DHCP message type	   3 (DHCPREQUEST)
       OPTION:	54 (  4) Server identifier	   130.139.64.101
       OPTION:	50 (  4) Request IP address	   130.139.64.143
       OPTION:	55 (  7) Parameter Request List      1 (Subnet mask)
						     3 (Routers)
						    58 (T1)
						    59 (T2)

       At the option field, the first field is the value of the option, the second one (between brackets) is the length of the option-datafield,
       the third field is the name of the option, the fourth field is the data of the option.

RETURN VALUES

       Always 0.

NOTES

       Privileged access is often needed for tcpdump.

BUGS

       Not all the parameter options are printed verbose, because of lack of documentation. Not all the options are tested, because of lack of
       clients/servers with these options. If you have a dump of one of them, please send them to me and I'll incorperate them.

THANKS TO

       Ralph Droms and Ted Lemons "The DHCP Handbook", ISBN 1-57870-137-6.

       Peter Apian-Bennewitz <apian@ise.fhg.de> for his Client Hardware Address filtering

AUTHOR

       Edwin Groothuis, edwin@mavetju.org (http://www.mavetju.org)

SEE ALSO

       dhcpd(8), tcpdump(1), RFC2132

November 21, 2003						 November 21, 2003						       DHCPDUMP(1)

Check Out this Related Man Page

IPGRAB(8)						      System Manager's Manual							 IPGRAB(8)

NAME

       ipgrab - A Verbose Packet Sniffer

SYNOPSIS

       ipgrab [ -ablmnPprTtwx ] [ -c cnt ] [ -i if ] [ expr ]

DESCRIPTION

       ipgrab  reads  and parses packets from the link layer through the application layer, dumping explicit header information along the way.	It
       is a lot like tcpdump except that it prints almost every header field.

   Options
       -a     Do not display application layer data.

       -b     Buffer standard output. Useful when you're redirecting output to a file.

       -c cnt, --count cnt
	      Terminate after receiving cnt packets.

       -C proto, --CCP proto
	      Assume a particular CCP protocol, such as MPPC. MPPC is the only one supported as yet.

       -d     Dump extra padding in packets. For example, according to an IP header, the packet ends at a certain point, but the  link	layer  may
	      have padded it beyond that. This option displays the padding. Not valid in minimal mode.

       -h, --help
	      Display usage screen with a brief description of the command line options.

       -i if, --interface if
	      Makes ipgrab listen to packets on interface if, e.g., eth0. If this option is not used, the default interface will be assumed.

       -l     Don't  display  link-layer  headers.  The  following protocols are considered to be link layer: ARP, CHAP, Ethernet, IPCP, LCP, LLC,
	      Loopback, PPP, PPPoE, Raw, Slip.

       -m     Minimal mode output. When operating in this mode, ipgrab displays only brief header information.

       -n     Don't display network-layer headers. The following protocols are considered to be network layer: AH, ESP, GRE, ICMP,  ICMPv6,  IGMP,
	      IP, IPv6, IPX, IPXRIP.

       -P string
	      Initiate a dynamic port mapping. This option must be followed by a string of the form `<protocol>=<port>', such as `http=8080'.

       -p     Dump  packet payloads beyond what IPgrab parses. In other words, if IPgrab does not parse a particular application, this option will
	      dump application data in hex and text format.

       -r FILE
	      Read packets from a file, rather than an interface. The file shoule be created in "raw" format, such as with '-w' option.

       -T     Do not display timestamps in minimal mode.

       -t     Don't display transport layer headers. The following protocols are considered to be transport layer: SPX, TCP, UDP.

       -v, --version
	      Display version number and then quit.

       -w FILE
	      Write the raw packets to a file, rather than the screen. The packets will not be parsed. The file can be read with the '-r' option.

       -x     Hex dump mode. After processing each layer, dump out the contents of that layer in hex and text. Only valid in main mode.

       expr   Berkeley packet filter expression.  See tcpdump(8) man page for details and examples.

SEE ALSO

       tcpdump(8)

NOTES

       Requires libpcap version 0.3 or greater to be installed.

AUTHOR

       Michael S. Borella
       http://www.borella.net/mike/
       mike@borella.net

								   07 March 2007							 IPGRAB(8)
Man Page