Can't sniff / initiate DHCP renew

The name of the pictureThe name of the pictureThe name of the pictureClash Royale CLAN TAG#URR8PPP











up vote
0
down vote

favorite












I am running



 sudo tcpdump -i enp0s31f6 -n port 67 and port 68


on one terminal and running



 sudo dhclient -r


on another.



During this, I see nothing on first terminal.



What I am doing wrong?




Both terminals are on the same machine. I wish to sniff DHCP communication on the same machine, which does it.










share|improve this question



























    up vote
    0
    down vote

    favorite












    I am running



     sudo tcpdump -i enp0s31f6 -n port 67 and port 68


    on one terminal and running



     sudo dhclient -r


    on another.



    During this, I see nothing on first terminal.



    What I am doing wrong?




    Both terminals are on the same machine. I wish to sniff DHCP communication on the same machine, which does it.










    share|improve this question

























      up vote
      0
      down vote

      favorite









      up vote
      0
      down vote

      favorite











      I am running



       sudo tcpdump -i enp0s31f6 -n port 67 and port 68


      on one terminal and running



       sudo dhclient -r


      on another.



      During this, I see nothing on first terminal.



      What I am doing wrong?




      Both terminals are on the same machine. I wish to sniff DHCP communication on the same machine, which does it.










      share|improve this question















      I am running



       sudo tcpdump -i enp0s31f6 -n port 67 and port 68


      on one terminal and running



       sudo dhclient -r


      on another.



      During this, I see nothing on first terminal.



      What I am doing wrong?




      Both terminals are on the same machine. I wish to sniff DHCP communication on the same machine, which does it.







      linux ubuntu dhcp tcpdump






      share|improve this question















      share|improve this question













      share|improve this question




      share|improve this question








      edited Aug 7 at 16:35

























      asked Aug 7 at 15:16









      Dims

      315627




      315627




















          2 Answers
          2






          active

          oldest

          votes

















          up vote
          1
          down vote













          You are not seeing anything because there is a mistake on your tcpdump boolean logic BPF rules.



          It should be:



          sudo tcpdump -i enp0s31f6 -n port 67 or port 68


          and not as you are doing:



           sudo tcpdump -i enp0s31f6 -n port 67 and port 68


          In the first instruction, you are listening to either port 67 OR port 68 (one or the other).



          In the second instruction, you are asking for a rule where ports are both 67 AND 68 at the same time, and thus seeing no packets.






          share|improve this answer



























            up vote
            1
            down vote













            You should use the port 68 on the client (lsof -i :68), the command should be :



            sudo tcpdump -i enp0s31f6 -n port 68


            You can use dhcpdump instead: dhcpdump -i enp0s31f6.



            man dhcpdump:

            This command parses the output of tcpdump to display the dhcp-packets
            for easier checking and debugging.





            share|improve this answer


















            • 1




              dhcpdump is a good suggestion, however you have not explained why to use it.
              – Rui F Ribeiro
              Aug 7 at 18:02










            Your Answer







            StackExchange.ready(function()
            var channelOptions =
            tags: "".split(" "),
            id: "106"
            ;
            initTagRenderer("".split(" "), "".split(" "), channelOptions);

            StackExchange.using("externalEditor", function()
            // Have to fire editor after snippets, if snippets enabled
            if (StackExchange.settings.snippets.snippetsEnabled)
            StackExchange.using("snippets", function()
            createEditor();
            );

            else
            createEditor();

            );

            function createEditor()
            StackExchange.prepareEditor(
            heartbeatType: 'answer',
            convertImagesToLinks: false,
            noModals: false,
            showLowRepImageUploadWarning: true,
            reputationToPostImages: null,
            bindNavPrevention: true,
            postfix: "",
            onDemand: true,
            discardSelector: ".discard-answer"
            ,immediatelyShowMarkdownHelp:true
            );



            );













             

            draft saved


            draft discarded


















            StackExchange.ready(
            function ()
            StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f461095%2fcant-sniff-initiate-dhcp-renew%23new-answer', 'question_page');

            );

            Post as a guest






























            2 Answers
            2






            active

            oldest

            votes








            2 Answers
            2






            active

            oldest

            votes









            active

            oldest

            votes






            active

            oldest

            votes








            up vote
            1
            down vote













            You are not seeing anything because there is a mistake on your tcpdump boolean logic BPF rules.



            It should be:



            sudo tcpdump -i enp0s31f6 -n port 67 or port 68


            and not as you are doing:



             sudo tcpdump -i enp0s31f6 -n port 67 and port 68


            In the first instruction, you are listening to either port 67 OR port 68 (one or the other).



            In the second instruction, you are asking for a rule where ports are both 67 AND 68 at the same time, and thus seeing no packets.






            share|improve this answer
























              up vote
              1
              down vote













              You are not seeing anything because there is a mistake on your tcpdump boolean logic BPF rules.



              It should be:



              sudo tcpdump -i enp0s31f6 -n port 67 or port 68


              and not as you are doing:



               sudo tcpdump -i enp0s31f6 -n port 67 and port 68


              In the first instruction, you are listening to either port 67 OR port 68 (one or the other).



              In the second instruction, you are asking for a rule where ports are both 67 AND 68 at the same time, and thus seeing no packets.






              share|improve this answer






















                up vote
                1
                down vote










                up vote
                1
                down vote









                You are not seeing anything because there is a mistake on your tcpdump boolean logic BPF rules.



                It should be:



                sudo tcpdump -i enp0s31f6 -n port 67 or port 68


                and not as you are doing:



                 sudo tcpdump -i enp0s31f6 -n port 67 and port 68


                In the first instruction, you are listening to either port 67 OR port 68 (one or the other).



                In the second instruction, you are asking for a rule where ports are both 67 AND 68 at the same time, and thus seeing no packets.






                share|improve this answer












                You are not seeing anything because there is a mistake on your tcpdump boolean logic BPF rules.



                It should be:



                sudo tcpdump -i enp0s31f6 -n port 67 or port 68


                and not as you are doing:



                 sudo tcpdump -i enp0s31f6 -n port 67 and port 68


                In the first instruction, you are listening to either port 67 OR port 68 (one or the other).



                In the second instruction, you are asking for a rule where ports are both 67 AND 68 at the same time, and thus seeing no packets.







                share|improve this answer












                share|improve this answer



                share|improve this answer










                answered Aug 7 at 18:00









                Rui F Ribeiro

                36.5k1271116




                36.5k1271116






















                    up vote
                    1
                    down vote













                    You should use the port 68 on the client (lsof -i :68), the command should be :



                    sudo tcpdump -i enp0s31f6 -n port 68


                    You can use dhcpdump instead: dhcpdump -i enp0s31f6.



                    man dhcpdump:

                    This command parses the output of tcpdump to display the dhcp-packets
                    for easier checking and debugging.





                    share|improve this answer


















                    • 1




                      dhcpdump is a good suggestion, however you have not explained why to use it.
                      – Rui F Ribeiro
                      Aug 7 at 18:02














                    up vote
                    1
                    down vote













                    You should use the port 68 on the client (lsof -i :68), the command should be :



                    sudo tcpdump -i enp0s31f6 -n port 68


                    You can use dhcpdump instead: dhcpdump -i enp0s31f6.



                    man dhcpdump:

                    This command parses the output of tcpdump to display the dhcp-packets
                    for easier checking and debugging.





                    share|improve this answer


















                    • 1




                      dhcpdump is a good suggestion, however you have not explained why to use it.
                      – Rui F Ribeiro
                      Aug 7 at 18:02












                    up vote
                    1
                    down vote










                    up vote
                    1
                    down vote









                    You should use the port 68 on the client (lsof -i :68), the command should be :



                    sudo tcpdump -i enp0s31f6 -n port 68


                    You can use dhcpdump instead: dhcpdump -i enp0s31f6.



                    man dhcpdump:

                    This command parses the output of tcpdump to display the dhcp-packets
                    for easier checking and debugging.





                    share|improve this answer














                    You should use the port 68 on the client (lsof -i :68), the command should be :



                    sudo tcpdump -i enp0s31f6 -n port 68


                    You can use dhcpdump instead: dhcpdump -i enp0s31f6.



                    man dhcpdump:

                    This command parses the output of tcpdump to display the dhcp-packets
                    for easier checking and debugging.






                    share|improve this answer














                    share|improve this answer



                    share|improve this answer








                    edited Aug 7 at 20:32

























                    answered Aug 7 at 17:08









                    GAD3R

                    22.8k154895




                    22.8k154895







                    • 1




                      dhcpdump is a good suggestion, however you have not explained why to use it.
                      – Rui F Ribeiro
                      Aug 7 at 18:02












                    • 1




                      dhcpdump is a good suggestion, however you have not explained why to use it.
                      – Rui F Ribeiro
                      Aug 7 at 18:02







                    1




                    1




                    dhcpdump is a good suggestion, however you have not explained why to use it.
                    – Rui F Ribeiro
                    Aug 7 at 18:02




                    dhcpdump is a good suggestion, however you have not explained why to use it.
                    – Rui F Ribeiro
                    Aug 7 at 18:02

















                     

                    draft saved


                    draft discarded















































                     


                    draft saved


                    draft discarded














                    StackExchange.ready(
                    function ()
                    StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f461095%2fcant-sniff-initiate-dhcp-renew%23new-answer', 'question_page');

                    );

                    Post as a guest













































































                    Popular posts from this blog

                    How to check contact read email or not when send email to Individual?

                    Displaying single band from multi-band raster using QGIS

                    How many registers does an x86_64 CPU actually have?