Using tcpdump

Tracing  PUBLIC RAC  device for DHCP requests –

  • our DHCP server is running on port 67
[root@gract1 cvutrace]# tcpdump -i eth1 -vvv -s 1500 port 67
..
    gract1.example.com.bootpc > 255.255.255.255.bootps: [bad udp cksum 473!] BOOTP/DHCP, Request from 00:00:00:00:00:00 (oui Ethernet), length 368, xid 0xab536e31, Flags [Broadcast] (0x8000)
      Client-Ethernet-Address 00:00:00:00:00:00 (oui Ethernet)
      sname "gract-scan1-vip"
      Vendor-rfc1048 Extensions
        Magic Cookie 0x63825363
        DHCP-Message Option 53, length 1: Discover
        MSZ Option 57, length 2: 8
        Client-ID Option 61, length 16: "gract-scan1-vip"
        END Option 255, length 0
        PAD Option 0, length 0, occurs 102

11:25:25.480234 IP (tos 0x10, ttl 128, id 0, offset 0, flags [none], proto UDP (17), length 335)
    ns1.example.com.bootps > 255.255.255.255.bootpc: [udp sum ok] BOOTP/DHCP, Reply, length 307, xid 0xab536e31, Flags [Broadcast] (0x8000)
      Your-IP 192.168.5.150
      Client-Ethernet-Address 00:00:00:00:00:00 (oui Ethernet)
      Vendor-rfc1048 Extensions
        Magic Cookie 0x63825363
        DHCP-Message Option 53, length 1: Offer
        Server-ID Option 54, length 4: ns1.example.com
        Lease-Time Option 51, length 4: 21600
        Subnet-Mask Option 1, length 4: 255.255.255.0
        Default-Gateway Option 3, length 4: 192.168.5.1
        Domain-Name-Server Option 6, length 4: ns1.example.com
        Time-Zone Option 2, length 4: -19000
        IPF Option 19, length 1: N
        RN Option 58, length 4: 10800
        RB Option 59, length 4: 18900
        NTP Option 42, length 4: ns1.example.com
        BR Option 28, length 4: 192.168.5.255
        END Option 255, length 0
11:25:25.481129 ARP, Ethernet (len 6), IPv4 (len 4), Request who-has 192.168.5.153 tell ns1.example.com, length 46
11:25:25.484070 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto UDP (17), length 396)
    gract1.example.com.bootpc > ns1.example.com.bootps: [bad udp cksum 8780!] BOOTP/DHCP, Request from 00:00:00:00:00:00 (oui Ethernet), length 368, xid 0x7f90997b, Flags [Broadcast] (0x8000)
      Client-IP 192.168.5.150
      Your-IP 192.168.5.150
      Client-Ethernet-Address 00:00:00:00:00:00 (oui Ethernet)
      sname "gract-scan1-vip"
      Vendor-rfc1048 Extensions
        Magic Cookie 0x63825363
        DHCP-Message Option 53, length 1: Release
        Server-ID Option 54, length 4: ns1.example.com
        Client-ID Option 61, length 16: "gract-scan1-vip"
        END Option 255, length 0
        PAD Option 0, length 0, occurs 100

Reference :

Leave a Reply

Your email address will not be published. Required fields are marked *