First time here? Check out the FAQ!
THIS IS A TEST INSTANCE. Feel free to ask and answer questions, but take care to avoid triggering too many notifications.
Ask Your Question
0

dhcp.bootp == 1 don't capture packet after update wireshark

  • retag add tags

With previous version wireshark with filter "bootp.dhcp == 1", I can capture DHCP packet. It prompt new vesion is available, and I update to new version (3.4.2-0), the filter change to "dhcp.bootp == 1", nothing captured when I start my Ethernet device.

Any solution can I capture DHCP packet?

RabbitZ's avatar
1
RabbitZ
asked 2020-12-19 09:19:00 +0000
edit flag offensive 0 remove flag close merge delete

Comments

add a comment see more comments

1 Answer

0

The display filter bootp.dhcp == 1 asks Wireshark 2.6 to show DHCP packets, while dhcp.bootp == 1 asks Wireshark 3.4 to show BOOTP packets. Since you are looking for (only) DHCP packets that last filter is incorrect, it should be dhcp && !dhcp.bootp

Jaap's avatar
13.7k
Jaap
answered 2020-12-19 12:17:35 +0000
edit flag offensive 0 remove flag delete link
more

Comments

"dhcp && !dhcp.bootp" works, but I can't use "Display Filter Expression" to choose it, I manually type this expression.

Expression "dhcp.option.dhcp >= 1" can also works for capture DHCP packet.

RabbitZ's avatar RabbitZ (2020-12-20 10:43:24 +0000) edit
more
  • delete

The best way (according to the RFF 2131) to distinguish DHCP from BOOTP is to use the following dhcp.cookie == 99.130.83.99.

Jaap's avatar Jaap (2020-12-20 19:09:46 +0000) edit
more
  • delete
add a comment see more comments

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account. This space is reserved only for answers. If you would like to engage in a discussion, please instead post a comment under the question or an answer that you would like to discuss.

Add Answer