dhcp.bootp == 1 don't capture packet after update wireshark

dhcp

asked 2020-12-19 09:19:00 +0000

RabbitZ
1 ●2 ●1

With previous version wireshark with filter "bootp.dhcp == 1", I can capture DHCP packet. It prompt new vesion is available, and I update to new version (3.4.2-0), the filter change to "dhcp.bootp == 1", nothing captured when I start my Ethernet device.

Any solution can I capture DHCP packet?

edit retag flag offensive close merge delete

add a comment

1 Answer

Sort by » oldest newest most voted

answered 2020-12-19 12:17:35 +0000

Jaap

13730 ●684 ●115

The display filter bootp.dhcp == 1 asks Wireshark 2.6 to show DHCP packets, while dhcp.bootp == 1 asks Wireshark 3.4 to show BOOTP packets. Since you are looking for (only) DHCP packets that last filter is incorrect, it should be dhcp && !dhcp.bootp

edit flag offensive delete link

Comments

"dhcp && !dhcp.bootp" works, but I can't use "Display Filter Expression" to choose it, I manually type this expression.

Expression "dhcp.option.dhcp >= 1" can also works for capture DHCP packet.

RabbitZ ( 2020-12-20 10:43:24 +0000 )edit

The best way (according to the RFF 2131) to distinguish DHCP from BOOTP is to use the following dhcp.cookie == 99.130.83.99.

Jaap ( 2020-12-20 19:09:46 +0000 )edit

add a comment

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Question Tools

1 follower

Stats

Asked: 2020-12-19 09:19:00 +0000

Seen: 899 times

Last updated: Dec 20 '20

dhcp.bootp == 1 don't capture packet after update wireshark edit