n3s0 || journal

    Troubleshooting DHCP Server On Linux With Tcpdump

    Posted on 2 mins

    Netadmin

    The following command will filter ports 67 and 68 on the specified interface. Providing a brief summary of what’s going on with BOOTP or DHCP traffic.

    While I generally run this on the server coupled by renewing the DHCP lease on the client side. This command can also be executed on the client side to make sure everything is running the way it’s supposed to. It’s useful if you’re certain DHCP is running. But, you’re unsure if it’s handing out IP addresses.

    tcpdump -i <interface> port 67 or port 68

    The output doesn’t do much other then indicate clients are requesting IP addresses and the DHCP server is issuing them out. In this case the command is capturing traffic on the eth0 interface of the server. This was plucked while troubleshooting a very annoying DHCP issue that turned out to be the ip relay on the switch was broke. All is well now though. Considering the ISC DHCP Server doesn’t have the greatest logging out of the box. The tcpdump(1) command is a really good way verify that traffic is coming in.

    listening on eth0, link-type EN10MB (Ethernet), snapshot length 262144 bytes
13:50:41.905942 IP 172.16.30.254.bootps > til-inf-03.bootps: BOOTP/DHCP, Request from 5b:d7:1c:3d:56:40 (oui Unknown), length 300
13:50:42.908259 IP til-inf-03.bootps > 172.16.30.254.bootps: BOOTP/DHCP, Reply, length 300
13:50:42.918159 IP 172.16.30.254.bootps > til-inf-03.bootps: BOOTP/DHCP, Request from 5b:d7:1c:3d:56:40 (oui Unknown), length 300
13:50:42.919622 IP til-inf-03.bootps > 172.16.30.254.bootps: BOOTP/DHCP, Reply, length 300
13:50:45.222814 IP 172.16.30.254.bootps > til-inf-03.bootps: BOOTP/DHCP, Request from 5b:d7:1c:3d:56:40 (oui Unknown), length 300
13:50:45.223309 IP til-inf-03.bootps > 172.16.30.254.bootps: BOOTP/DHCP, Reply, length 300
13:50:45.232177 IP 172.16.30.254.bootps > til-inf-03.bootps: BOOTP/DHCP, Request from 5b:d7:1c:3d:56:40 (oui Unknown), length 300
13:50:45.232473 IP til-inf-03.bootps > 172.16.30.254.bootps: BOOTP/DHCP, Reply, length 300
14:02:28.445824 IP til-adm-01.1rti.com.bootpc > til-inf-03.bootps: BOOTP/DHCP, Request from 5b:d7:1c:3d:56:40 (oui Unknown), length 300
14:02:35.879440 IP 172.16.30.254.bootps > til-inf-03.bootps: BOOTP/DHCP, Request from 5b:d7:1c:3d:56:40 (oui Unknown), length 300
14:02:36.880550 IP til-inf-03.bootps > 172.16.30.254.bootps: BOOTP/DHCP, Reply, length 300
14:02:36.899829 IP 172.15.30.254.bootps > til-inf-03.bootps: BOOTP/DHCP, Request from 5b:d7:1c:3d:56:40 (oui Unknown), length 300
14:02:36.900899 IP til-inf-03.bootps > 172.16.30.254.bootps: BOOTP/DHCP, Reply, length 300
14:02:52.465805 IP til-adm-01.bootpc > til-inf-03.bootps: BOOTP/DHCP, Request from 5b:d7:1c:3d:56:40 (oui Unknown), length 300
14:05:18.110124 IP 172.16.30.254.bootps > til-inf-03.bootps: BOOTP/DHCP, Request from 1d:4e:bb:57:0e:be (oui Unknown), length 300
14:05:19.111404 IP til-inf-03.bootps > 172.16.30.254.bootps: BOOTP/DHCP, Reply, length 300
14:05:19.142840 IP 172.16.30.254.bootps > til-inf-03.bootps: BOOTP/DHCP, Request from 1d:4e:bb:57:0e:be (oui Unknown), length 327
14:05:19.144987 IP til-inf-03.bootps > 172.16.30.254.bootps: BOOTP/DHCP, Reply, length 300
14:05:51.014590 IP 172.16.30.254.bootps > til-inf-03.bootps: BOOTP/DHCP, Request from 1d:4e:bb:57:0e:be (oui Unknown), length 300
14:05:51.015139 IP til-inf-03.bootps > 172.16.16.33.bootpc: BOOTP/DHCP, Reply, length 300