Cannot see the 'Offer' and 'Ack' packet with ethereal.

Randy Grimshaw rgrimsha at syr.edu
Thu Nov 16 14:59:58 UTC 2006 



<><Randall Grimshaw
Room 203 Machinery Hall
Syracuse University
Syracuse, NY   13244
315-443-5779
rgrimsha at syr.edu

>>> Glenn.Satchell at uniq.com.au 11/16/2006 9:42:29 AM >>>

>Date: Thu, 16 Nov 2006 13:48:04 +0100 (CET)
>Subject: Re: Cannot see the 'Offer' and 'Ack' packet with ethereal.
>From: twanny at line.sytes.net 
>To: dhcp-users at isc.org 
>
>> But be aware that this isn't a fix for your problem, and it may cause
>> other problems.
>>
>> What you SHOULD be doing is one of the following :
>>
>> 1) Sniff packets on either the client or server
>>
>> 2) Use a managed switch that can mirror traffic on a port
>>
>> 3) Use a non-switched network segment (ie a hub, not a switch) that
>> the traffic has to go through.
>
>Simon,
>
>My prime objective is to flash a phone adapter. I am, first, trying to
>boot a pxeclient with grub, another machine not in the drawing. Then,
>hopefully, use what I'll learn on the phone adaptor.
>
>Do you know what's the equivalent of bootp's gerneric tags in dhcpd, I
>need this for grub?

They're called dhcp options, so man dhcp-options

Also search the dhcp archives for PXECLIENT, this has been mentioned a
few times and you should be able to find an example config.

>For you information, my setup is like this:
>
>-+------------------+------------------+----------------+-----
> |                  |                  |                |
> dns                |                  |                |
> tftp               |                  |                |
> dhcp               phone adapter      monitoring       gateway
> 192.168.123.107    192.168.123.100    192.168.123.102  192.168.123.254
> 10.0.0.7                                               10.0.0.1

If you're using a switch then you'll never see the unicast packets,
only broadcast. You need to do the packet sniffing on the dhcp server.

regards,
-glenn

*------------------------------------- sorry for my bogus mail client that favors top posting ----------------------------------------------------
If you add this to your dhcpd.conf and enable local3.info in syslog etc. you will be able to read the dhcp options being requested as well as the vendor identifier - which are useful in providing certain class of systems with specific information. I have found this more useful than sniffing.

on commit {
  log(info,
    concat("Fingerprint:\t",
      binary-to-ascii(16, 8, ":", substring(hardware, 1, 6)),
      "\t",
      binary-to-ascii(10, 8, "-", option dhcp-parameter-request-list),
      "\t",
      pick-first-value(option vendor-class-identifier,"no-identifier")
    )
  );
}
log-facility local3;

<><Randy

More information about the dhcp-users mailing list