I can't capture anything with the filter (udp port 67) or (udp port 68)

asked 2018-09-23 16:45:14 +0000

SakyStudent gravatar image

updated 2018-09-27 10:52:49 +0000

grahamb gravatar image

I am monitoring my Ethernet with this filer but none of the packets i capture are with this port, what am I doing wrong?

answered 2018-09-23 17:34:03 +0000

What are you trying to achieve using this filter? These ports are used by DHCP service. So if you see no such packets in a trace it means:

or they were not present in the network (DHCP is not in use) ; or your capture setup is not correct.

For how long did you run the capture? DHCP can be silent for some time period even when it's in use, it depends on DHCP server settings.

Thank you!! I left it working and captured one message from to Do you have any recommendations what should I do to capture more messages, what actions use these ports? Well honestly I do not really know what I am trying to achieve, I am just following the instructions in the book Computer networks. It is an exercise on DHCP and I am trying to understand it.

SakyStudent gravatar imageSakyStudent ( 2018-09-23 17:54:23 +0000 )edit

Depending on the OS you usually have some option to force a renew of the DHCP lease. This allows you to capture them 'on demand'.

Jaap gravatar imageJaap ( 2018-09-23 19:55:13 +0000 )edit

So the task assumed capturing and studying DHCP DORA sequence as I understand it.

But to capture all 4 packets you need some prerequisites:

  • The PC you're capturing on has to be configured with automatic IP (not manually set).
  • You need working DHCP server in the network (this could be your home router as well).

Then you can start capture and do what @Jaap recommends - manual IP address renew. To capture someone else's DORA sequence you have to arrange more complex setup with port mirroring because not all of these packets are broadcast.

Packet_vlad gravatar imagePacket_vlad ( 2018-09-24 07:32:07 +0000 )edit

