First time here? Check out the FAQ!
THIS IS A TEST INSTANCE. Feel free to ask and answer questions, but take care to avoid triggering too many notifications.
Ask Your Question
0

Trying to capture DHCP packets (discover, offer, request, ack)

  • retag add tags

I'm having issues with IoT devices, specifically Lifx bubs.

when I first turn on the bulbs, they connect well...

then after a period of time the device are not connected to the network.

I do see in the system log file, the device is discovered, offer, and then nothing else, but the discover and offer are repeated again and again. SO the device never get connected.

So I'm trying to capture the packets with Wireshark now.

I set the screen display filter to DHCP.

I only get the Discover, and Offer request, but no ACK.

Any suggestions? I know they are there... when you first turn on the bulb.

dcalcutt's avatar
1
dcalcutt
asked 2020-02-18 19:56:20 +0000
grahamb's avatar
23.8k
grahamb
updated 2020-02-19 11:21:35 +0000
edit flag offensive 0 remove flag close merge delete

Comments

Where is the capture being done (on the DHCP server?) and what type of network is it (WiFi, switched, ?)?

Chuckc's avatar Chuckc (2020-02-18 20:07:07 +0000) edit
more
  • delete

All my bulbs are on 2.4 connected to one of four access points. Each access point is teathered to the main router. The desktop I’m using Wireshark on is on a switch connected to the main router.

Should I move the desktop connection to the main router?

dcalcutt's avatar dcalcutt (2020-02-18 23:50:48 +0000) edit
more
  • delete
add a comment see more comments

1 Answer

0

The destination ethernet address for DHCP can be the broadcast address (ff:ff:ff:ff:ff:ff)or a specific device MAC address. See the DHCP RFC (https://www.ietf.org/rfc/rfc2131.txt) for info about when unicast and broadcast addresses are valid.

A switch only sends packets out a port that are either addressed to the attached device or to the broadcast address. Any DHCP packets being sent to the bulb MAC addresses won't be sent to the desktop switch port.

Moving the desktop to the router will help but you will also need to configure that port to be a Monitor port to see all traffic. Capture configuration and when to use a Monitor port are covered here: https://wiki.wireshark.org/CaptureSet...

Chuckc's avatar
3k
Chuckc
answered 2020-02-19 04:47:36 +0000
edit flag offensive 0 remove flag delete link
more

Comments

add a comment see more comments

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account. This space is reserved only for answers. If you would like to engage in a discussion, please instead post a comment under the question or an answer that you would like to discuss.

Add Answer