dhcp.bootp == 1 don't capture packet after update wireshark

RabbitZ
1 ●2 ●1

With previous version wireshark with filter "bootp.dhcp == 1", I can capture DHCP packet. It prompt new vesion is available, and I update to new version (3.4.2-0), the filter change to "dhcp.bootp == 1", nothing captured when I start my Ethernet device.

Any solution can I capture DHCP packet?

answered Dec 19 '0

Jaap

13782 ●716 ●115

The display filter bootp.dhcp == 1 asks Wireshark 2.6 to show DHCP packets, while dhcp.bootp == 1 asks Wireshark 3.4 to show BOOTP packets. Since you are looking for (only) DHCP packets that last filter is incorrect, it should be dhcp && !dhcp.bootp

link

Comments

"dhcp && !dhcp.bootp" works, but I can't use "Display Filter Expression" to choose it, I manually type this expression.

Expression "dhcp.option.dhcp >= 1" can also works for capture DHCP packet.

RabbitZ ( Dec 20 '0 )

The best way (according to the RFF 2131) to distinguish DHCP from BOOTP is to use the following dhcp.cookie == 99.130.83.99.

Jaap ( Dec 20 '0 )

add a comment

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

dhcp.bootp == 1 don't capture packet after update wireshark

1 Answer

Comments

Your Answer

Question Tools

Stats

Related questions

dhcp.bootp == 1 don't capture packet after update wireshark savecancel

1 Answer

Comments

Your Answer

Question Tools

Stats

Related questions

dhcp.bootp == 1 don't capture packet after update wireshark