dhcpnetwork-discoverywireshark
I'd like to capture DHCP packets with wireshark. When I use the filter: "udp.port == 67 or udp.port == 68" I only see the Discover and Request broadcasts.
While I thought the DHCP offer also gets broadcasted. I'm running wireshark on another machine then the machine which requests the ip but am connected to the same network.
DHCP requests are sent from the hosts to the DHCP server via broadcast, and broadcasts don't normally cross a layer-3 boundary (router). You can either directly connect the DHCP server to each layer-2 domain, or you can use helper addresses. One way to achieve this is to use a trunk link from the switch to the DHCP router (replace interfaces as needed for the link):
Switch:
interface GigabitEthernet0/1
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 30 - 50
switchport mode trunk
switchport mode nonegotiate
no shutdown
!
DHCP Router:
interface GigabitEthernet0/1.30
encapsulation dot1Q 30
ip address 172.16.30.2 255.255.255.224
no shutdown
!
interface GigabitEthernet0/1.40
encapsulation dot1Q 40
ip address 172.16.40.2 255.255.255.224
no shutdown
!
interface GigabitEthernet0/1.50
encapsulation dot1Q 50
ip address 172.16.50.2 255.255.255.224
no shutdown
!
Another way is to put helper addresses on the R1 interfaces:
R1:
interface GigabitEthernet0/1.30
encapsulation dot1Q 30
ip address 172.16.30.1 255.255.255.224
ip helper-address 172.16.50.2
!
interface GigabitEthernet0/1.40
encapsulation dot1Q 40
ip address 172.16.40.1 255.255.255.224
ip helper-address 172.16.50.2
!
interface GigabitEthernet0/1.50
encapsulation dot1Q 50
ip addres 172.16.50.1 255.255.255.224
! Helper is not needed since the broadcast need not be routed
I managed to show them (as UPD protocol packets) by disabling the Vimba GigE Vision Filter Driver, thanks to the answers in the rest of this post.
Best Answer
If you refer the DHCP RFC 3456,You can see that the DHCP offer message is actually unicast and not multicast.I would suggest you to monitor the ethernet interface of the client using wireshark itself or tcpdump in this case.
Otherwise a better approach would be to enable port mirroring on the interface which is connected to your client or simply connect it to hub(Old school,But it works!).
Always refer the RFC.That is pretty much your bible!
I have also just did a trace on my laptop for your understanding as well.