Tcpdump find dhcp leased: Difference between revisions
Jump to navigation
Jump to search
(Created page with "Different examples of useful tcpdump commands. [https://unixhealthcheck.com/blog?id=433 | origional source ] <nowiki> tcpdump -i eth0 port 67 or port 68 -e -n -vv Client-ID...") |
mNo edit summary |
||
| (6 intermediate revisions by the same user not shown) | |||
| Line 1: | Line 1: | ||
Different examples of useful tcpdump commands. | Different examples of useful tcpdump commands. [https://unixhealthcheck.com/blog?id=433 | original source dhcp dump ] | ||
<pre> | |||
< | |||
tcpdump -i eth0 port 67 or port 68 -e -n -vv | tcpdump -i eth0 port 67 or port 68 -e -n -vv | ||
| Line 11: | Line 10: | ||
Vendor-Class Option 60, length 16: "android-dhcp-7.0" | Vendor-Class Option 60, length 16: "android-dhcp-7.0" | ||
Hostname Option 12, length 16: "SAMSUNG-SM-G890A" | Hostname Option 12, length 16: "SAMSUNG-SM-G890A" | ||
</ | </pre> | ||
[[:Category: | <pre> | ||
[root@gateway01 ~]# tcpdump -i enp3s0 port 67 or port 68 -e -n -vv | |||
15:06:34.111043 ea:d3:1b:51:95:18 > Broadcast, ethertype IPv4 (0x0800), length 356: (tos 0x10, ttl 64, id 0, offset 0, flags [DF], proto UDP (17), length 342) | |||
0.0.0.0.bootpc > 255.255.255.255.bootps: [udp sum ok] BOOTP/DHCP, Request from ea:d3:1b:51:95:18, length 314, xid 0x6c5efb8c, Flags [none] (0x0000) | |||
Client-Ethernet-Address ea:d3:1b:51:95:18 | |||
Vendor-rfc1048 Extensions | |||
Magic Cookie 0x63825363 | |||
DHCP-Message Option 53, length 1: Request | |||
Client-ID Option 61, length 7: ether ea:d3:1b:51:95:18 | |||
Requested-IP Option 50, length 4: 192.168.15.207 | |||
Server-ID Option 54, length 4: 192.168.0.1 | |||
MSZ Option 57, length 2: 1500 | |||
Vendor-Class Option 60, length 15: "android-dhcp-13" | |||
Hostname Option 12, length 11: "Chris-s-A32" | |||
Parameter-Request Option 55, length 12: | |||
Subnet-Mask, Default-Gateway, Domain-Name-Server, Domain-Name | |||
MTU, BR, Lease-Time, RN | |||
RB, Vendor-Option, URL, Option 108 | |||
15:06:34.111594 00:e0:4c:10:0a:d3 > Broadcast, ethertype IPv4 (0x0800), length 342: (tos 0xc0, ttl 64, id 26216, offset 0, flags [none], proto UDP (17), length 328) | |||
192.168.15.1.bootps > 255.255.255.255.bootpc: [udp sum ok] BOOTP/DHCP, Reply, length 300, xid 0x6c5efb8c, Flags [Broadcast] (0x8000) | |||
Client-Ethernet-Address ea:d3:1b:51:95:18 | |||
Vendor-rfc1048 Extensions | |||
Magic Cookie 0x63825363 | |||
DHCP-Message Option 53, length 1: NACK | |||
Server-ID Option 54, length 4: 192.168.15.1 | |||
MSG Option 56, length 15: "wrong server-ID" | |||
15:06:34.193893 1c:1b:0d:0b:14:1f > ea:d3:1b:51:95:18, ethertype IPv4 (0x0800), length 363: (tos 0xc0, ttl 64, id 62733, offset 0, flags [none], proto UDP (17), length 349) | |||
192.168.0.1.bootps > 192.168.15.207.bootpc: [udp sum ok] BOOTP/DHCP, Reply, length 321, xid 0x6c5efb8c, Flags [none] (0x0000) | |||
Your-IP 192.168.15.207 | |||
Server-IP 192.168.0.1 | |||
Client-Ethernet-Address ea:d3:1b:51:95:18 | |||
Vendor-rfc1048 Extensions | |||
Magic Cookie 0x63825363 | |||
DHCP-Message Option 53, length 1: ACK | |||
Server-ID Option 54, length 4: 192.168.0.1 | |||
Lease-Time Option 51, length 4: 43200 | |||
RN Option 58, length 4: 21600 | |||
RB Option 59, length 4: 37800 | |||
Domain-Name Option 15, length 19: "iwillfearnoevil.com" | |||
Domain-Name-Server Option 6, length 12: 192.168.0.1,192.168.15.176,8.8.8.8 | |||
Default-Gateway Option 3, length 4: 192.168.0.1 | |||
BR Option 28, length 4: 192.168.15.255 | |||
Subnet-Mask Option 1, length 4: 255.255.240.0 | |||
</pre> | |||
[[Category:Tcpdump]] | |||
Latest revision as of 15:09, 8 January 2024
Different examples of useful tcpdump commands. | original source dhcp dump
tcpdump -i eth0 port 67 or port 68 -e -n -vv Client-ID Option 61, length 7: ether ec:9b:f3:6b:97:4b Requested-IP Option 50, length 4: 192.168.0.3 Server-ID Option 54, length 4: 192.168.0.1 MSZ Option 57, length 2: 1500 Vendor-Class Option 60, length 16: "android-dhcp-7.0" Hostname Option 12, length 16: "SAMSUNG-SM-G890A"
[root@gateway01 ~]# tcpdump -i enp3s0 port 67 or port 68 -e -n -vv
15:06:34.111043 ea:d3:1b:51:95:18 > Broadcast, ethertype IPv4 (0x0800), length 356: (tos 0x10, ttl 64, id 0, offset 0, flags [DF], proto UDP (17), length 342)
0.0.0.0.bootpc > 255.255.255.255.bootps: [udp sum ok] BOOTP/DHCP, Request from ea:d3:1b:51:95:18, length 314, xid 0x6c5efb8c, Flags [none] (0x0000)
Client-Ethernet-Address ea:d3:1b:51:95:18
Vendor-rfc1048 Extensions
Magic Cookie 0x63825363
DHCP-Message Option 53, length 1: Request
Client-ID Option 61, length 7: ether ea:d3:1b:51:95:18
Requested-IP Option 50, length 4: 192.168.15.207
Server-ID Option 54, length 4: 192.168.0.1
MSZ Option 57, length 2: 1500
Vendor-Class Option 60, length 15: "android-dhcp-13"
Hostname Option 12, length 11: "Chris-s-A32"
Parameter-Request Option 55, length 12:
Subnet-Mask, Default-Gateway, Domain-Name-Server, Domain-Name
MTU, BR, Lease-Time, RN
RB, Vendor-Option, URL, Option 108
15:06:34.111594 00:e0:4c:10:0a:d3 > Broadcast, ethertype IPv4 (0x0800), length 342: (tos 0xc0, ttl 64, id 26216, offset 0, flags [none], proto UDP (17), length 328)
192.168.15.1.bootps > 255.255.255.255.bootpc: [udp sum ok] BOOTP/DHCP, Reply, length 300, xid 0x6c5efb8c, Flags [Broadcast] (0x8000)
Client-Ethernet-Address ea:d3:1b:51:95:18
Vendor-rfc1048 Extensions
Magic Cookie 0x63825363
DHCP-Message Option 53, length 1: NACK
Server-ID Option 54, length 4: 192.168.15.1
MSG Option 56, length 15: "wrong server-ID"
15:06:34.193893 1c:1b:0d:0b:14:1f > ea:d3:1b:51:95:18, ethertype IPv4 (0x0800), length 363: (tos 0xc0, ttl 64, id 62733, offset 0, flags [none], proto UDP (17), length 349)
192.168.0.1.bootps > 192.168.15.207.bootpc: [udp sum ok] BOOTP/DHCP, Reply, length 321, xid 0x6c5efb8c, Flags [none] (0x0000)
Your-IP 192.168.15.207
Server-IP 192.168.0.1
Client-Ethernet-Address ea:d3:1b:51:95:18
Vendor-rfc1048 Extensions
Magic Cookie 0x63825363
DHCP-Message Option 53, length 1: ACK
Server-ID Option 54, length 4: 192.168.0.1
Lease-Time Option 51, length 4: 43200
RN Option 58, length 4: 21600
RB Option 59, length 4: 37800
Domain-Name Option 15, length 19: "iwillfearnoevil.com"
Domain-Name-Server Option 6, length 12: 192.168.0.1,192.168.15.176,8.8.8.8
Default-Gateway Option 3, length 4: 192.168.0.1
BR Option 28, length 4: 192.168.15.255
Subnet-Mask Option 1, length 4: 255.255.240.0