Can't sniff / initiate DHCP renew
Clash Royale CLAN TAG#URR8PPP
up vote
0
down vote
favorite
I am running
sudo tcpdump -i enp0s31f6 -n port 67 and port 68
on one terminal and running
sudo dhclient -r
on another.
During this, I see nothing on first terminal.
What I am doing wrong?
Both terminals are on the same machine. I wish to sniff DHCP communication on the same machine, which does it.
linux ubuntu dhcp tcpdump
add a comment |Â
up vote
0
down vote
favorite
I am running
sudo tcpdump -i enp0s31f6 -n port 67 and port 68
on one terminal and running
sudo dhclient -r
on another.
During this, I see nothing on first terminal.
What I am doing wrong?
Both terminals are on the same machine. I wish to sniff DHCP communication on the same machine, which does it.
linux ubuntu dhcp tcpdump
add a comment |Â
up vote
0
down vote
favorite
up vote
0
down vote
favorite
I am running
sudo tcpdump -i enp0s31f6 -n port 67 and port 68
on one terminal and running
sudo dhclient -r
on another.
During this, I see nothing on first terminal.
What I am doing wrong?
Both terminals are on the same machine. I wish to sniff DHCP communication on the same machine, which does it.
linux ubuntu dhcp tcpdump
I am running
sudo tcpdump -i enp0s31f6 -n port 67 and port 68
on one terminal and running
sudo dhclient -r
on another.
During this, I see nothing on first terminal.
What I am doing wrong?
Both terminals are on the same machine. I wish to sniff DHCP communication on the same machine, which does it.
linux ubuntu dhcp tcpdump
linux ubuntu dhcp tcpdump
edited Aug 7 at 16:35
asked Aug 7 at 15:16
Dims
315627
315627
add a comment |Â
add a comment |Â
2 Answers
2
active
oldest
votes
up vote
1
down vote
You are not seeing anything because there is a mistake on your tcpdump
boolean logic BPF rules.
It should be:
sudo tcpdump -i enp0s31f6 -n port 67 or port 68
and not as you are doing:
sudo tcpdump -i enp0s31f6 -n port 67 and port 68
In the first instruction, you are listening to either port 67 OR port 68 (one or the other).
In the second instruction, you are asking for a rule where ports are both 67 AND 68 at the same time, and thus seeing no packets.
add a comment |Â
up vote
1
down vote
You should use the port 68
on the client (lsof -i :68
), the command should be :
sudo tcpdump -i enp0s31f6 -n port 68
You can use dhcpdump
instead: dhcpdump -i enp0s31f6
.
man dhcpdump:
This command parses the output of tcpdump to display the dhcp-packets
for easier checking and debugging.
1
dhcpdump
is a good suggestion, however you have not explained why to use it.
â Rui F Ribeiro
Aug 7 at 18:02
add a comment |Â
2 Answers
2
active
oldest
votes
2 Answers
2
active
oldest
votes
active
oldest
votes
active
oldest
votes
up vote
1
down vote
You are not seeing anything because there is a mistake on your tcpdump
boolean logic BPF rules.
It should be:
sudo tcpdump -i enp0s31f6 -n port 67 or port 68
and not as you are doing:
sudo tcpdump -i enp0s31f6 -n port 67 and port 68
In the first instruction, you are listening to either port 67 OR port 68 (one or the other).
In the second instruction, you are asking for a rule where ports are both 67 AND 68 at the same time, and thus seeing no packets.
add a comment |Â
up vote
1
down vote
You are not seeing anything because there is a mistake on your tcpdump
boolean logic BPF rules.
It should be:
sudo tcpdump -i enp0s31f6 -n port 67 or port 68
and not as you are doing:
sudo tcpdump -i enp0s31f6 -n port 67 and port 68
In the first instruction, you are listening to either port 67 OR port 68 (one or the other).
In the second instruction, you are asking for a rule where ports are both 67 AND 68 at the same time, and thus seeing no packets.
add a comment |Â
up vote
1
down vote
up vote
1
down vote
You are not seeing anything because there is a mistake on your tcpdump
boolean logic BPF rules.
It should be:
sudo tcpdump -i enp0s31f6 -n port 67 or port 68
and not as you are doing:
sudo tcpdump -i enp0s31f6 -n port 67 and port 68
In the first instruction, you are listening to either port 67 OR port 68 (one or the other).
In the second instruction, you are asking for a rule where ports are both 67 AND 68 at the same time, and thus seeing no packets.
You are not seeing anything because there is a mistake on your tcpdump
boolean logic BPF rules.
It should be:
sudo tcpdump -i enp0s31f6 -n port 67 or port 68
and not as you are doing:
sudo tcpdump -i enp0s31f6 -n port 67 and port 68
In the first instruction, you are listening to either port 67 OR port 68 (one or the other).
In the second instruction, you are asking for a rule where ports are both 67 AND 68 at the same time, and thus seeing no packets.
answered Aug 7 at 18:00
Rui F Ribeiro
36.5k1271116
36.5k1271116
add a comment |Â
add a comment |Â
up vote
1
down vote
You should use the port 68
on the client (lsof -i :68
), the command should be :
sudo tcpdump -i enp0s31f6 -n port 68
You can use dhcpdump
instead: dhcpdump -i enp0s31f6
.
man dhcpdump:
This command parses the output of tcpdump to display the dhcp-packets
for easier checking and debugging.
1
dhcpdump
is a good suggestion, however you have not explained why to use it.
â Rui F Ribeiro
Aug 7 at 18:02
add a comment |Â
up vote
1
down vote
You should use the port 68
on the client (lsof -i :68
), the command should be :
sudo tcpdump -i enp0s31f6 -n port 68
You can use dhcpdump
instead: dhcpdump -i enp0s31f6
.
man dhcpdump:
This command parses the output of tcpdump to display the dhcp-packets
for easier checking and debugging.
1
dhcpdump
is a good suggestion, however you have not explained why to use it.
â Rui F Ribeiro
Aug 7 at 18:02
add a comment |Â
up vote
1
down vote
up vote
1
down vote
You should use the port 68
on the client (lsof -i :68
), the command should be :
sudo tcpdump -i enp0s31f6 -n port 68
You can use dhcpdump
instead: dhcpdump -i enp0s31f6
.
man dhcpdump:
This command parses the output of tcpdump to display the dhcp-packets
for easier checking and debugging.
You should use the port 68
on the client (lsof -i :68
), the command should be :
sudo tcpdump -i enp0s31f6 -n port 68
You can use dhcpdump
instead: dhcpdump -i enp0s31f6
.
man dhcpdump:
This command parses the output of tcpdump to display the dhcp-packets
for easier checking and debugging.
edited Aug 7 at 20:32
answered Aug 7 at 17:08
GAD3R
22.8k154895
22.8k154895
1
dhcpdump
is a good suggestion, however you have not explained why to use it.
â Rui F Ribeiro
Aug 7 at 18:02
add a comment |Â
1
dhcpdump
is a good suggestion, however you have not explained why to use it.
â Rui F Ribeiro
Aug 7 at 18:02
1
1
dhcpdump
is a good suggestion, however you have not explained why to use it.â Rui F Ribeiro
Aug 7 at 18:02
dhcpdump
is a good suggestion, however you have not explained why to use it.â Rui F Ribeiro
Aug 7 at 18:02
add a comment |Â
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f461095%2fcant-sniff-initiate-dhcp-renew%23new-answer', 'question_page');
);
Post as a guest
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password