Debian - How to read DHCP packets

I am playing with DHCP option 82 so I need to read DHCP packets. The easiest way to do this is to use dhcpdump by Edwin Groothuis because of very simple usage and friendly output.

To install package use command:

$ sudo apt-get install dhcpdump

To read DHCP packets on eth0 interface execute command:

$ sudo dhcpdump -i eth0

To filter MAC address on eth0 interface use regexp filter:

$ sudo dhcpdump -i eth0 -h ^84:8f:69

Sample DHCPREQUEST packet sent from Android device:

  TIME: 2012-11-15 22:26:34.801
    IP: 0.0.0.0 (30:85:a9:dd:aa:ff) > 255.255.255.255 (ff:ff:ff:ff:ff:ff)
    OP: 1 (BOOTPREQUEST)
 HTYPE: 1 (Ethernet)
  HLEN: 6
  HOPS: 0
   XID: 3029134a
  SECS: 0
 FLAGS: 0
CIADDR: 0.0.0.0
YIADDR: 0.0.0.0
SIADDR: 0.0.0.0
GIADDR: 0.0.0.0
CHADDR: 30:85:a9:dd:aa:ff:00:00:00:00:00:00:00:00:00:00
 SNAME: .
 FNAME: .
OPTION:  53 (  1) DHCP message type         3 (DHCPREQUEST)
OPTION:  61 (  7) Client-identifier         01:30:85:a9:dd:aa:ff
OPTION:  50 (  4) Request IP address        192.168.1.100
OPTION:  57 (  2) Maximum DHCP message size 1500
OPTION:  60 ( 12) Vendor class identifier   dhcpcd-5.5.6
OPTION:  12 ( 23) Host name                 android-4391dc06e0714c8
OPTION:  55 (  9) Parameter Request List      1 (Subnet mask)
                                             33 (Static route)
                                              3 (Routers)
                                              6 (DNS server)
                                             15 (Domainname)
                                             28 (Broadcast address)
                                             51 (IP address leasetime)
                                             58 (T1)
                                             59 (T2)

Sample DHCPDISCOVER packet with option 82 set:

  TIME: 2012-11-15 13:52:14.050
    IP: 0.0.0.0 (0:b:82:22:77:55) > 255.255.255.255 (ff:ff:ff:ff:ff:ff)
    OP: 1 (BOOTPREQUEST)
 HTYPE: 1 (Ethernet)
  HLEN: 6
  HOPS: 0
   XID: 1cab0000
  SECS: 0
 FLAGS: 0
CIADDR: 0.0.0.0
YIADDR: 0.0.0.0
SIADDR: 0.0.0.0
GIADDR: 0.0.0.0
CHADDR: 00:0b:82:22:77:55:00:00:00:00:00:00:00:00:00:00
 SNAME: .
 FNAME: .
OPTION:  53 (  1) DHCP message type         1 (DHCPDISCOVER)
OPTION:  61 (  7) Client-identifier         01:00:0b:82:22:77:55
OPTION:  60 ( 18) Vendor class identifier   Grandstream GXP280
OPTION:  55 (  6) Parameter Request List      1 (Subnet mask)
                                              3 (Routers)
                                             28 (Broadcast address)
                                              6 (DNS server)
                                             43 (Vendor specific info)
                                             66 (TFTP server name)

OPTION:  82 ( 18) Relay Agent Information
                  Circuit-ID    00:04:00:78:01:02
                  Remote-ID     00:06:00:18:21:57:4c:31
Milosz Galazka's Picture

About Milosz Galazka

Milosz is a Linux Foundation Certified Engineer working for a successful Polish company as a system administrator and a long time supporter of Free Software Foundation and Debian operating system.

Gdansk, Poland https://sleeplessbeastie.eu