Skip to content
View in the app

A better way to browse. Learn more.
Gear Crushers

A full-screen app on your home screen with push notifications, badges and more.

To install this app on iOS and iPadOS
  1. Tap the Share icon in Safari
  2. Scroll the menu and tap Add to Home Screen.
  3. Tap Add in the top-right corner.
To install this app on Android
  1. Tap the 3-dot menu (⋮) in the top-right corner of the browser.
  2. Tap Add to Home screen or Install app.
  3. Confirm by tapping Install.

Run tcpdump

dennis
in Apple Questions

Featured Replies

Some are having issues running tcpdump so here are some tips


 


tcpdump is not in your $PATH, only in root´s $PATH. So it is not enough to have root privileges (which you get via sudo).

 

You could become root:



$ sudo su -


 


Execute tcpdump



$ /usr/sbin/tcpdump -nn -i any not port 22

  • -nn (means do not try and resolve hostnames)
  •  -i any (means listen to any interface)
  • not port 22 (means all ports but 22)
 

identify active interfaces on box



$ /sbin/ifconfig -a | grep "Link encap" | awk '{ print $1 '}


and then execute on just a certain interface (for example below is watching interface bond0 for DHCP traffic)



$ /usr/sbin/tcpdump -vnes0 -i bond0 port 67 or port 68



  • -v (shows more information about the packet. You can use -vv or -vvv for even more.)
  • -n (disables name resolution so your not waiting on DNS responses to show the packet.)
  • -e (shows link layer information (MAC Address))
  • -s (sets how much of the packet to see. 0 shows full packet.)
  • -i (sets the interface to use)

You already know this but in this situation the 4 packets you are looking for with a successful DHCP are:


  • DISCOVER: Client connects to the network and sends out a broadcast discovery looking for its DHCP information.
  • OFFER: The server offers the DHCP information to the client
  • REQUEST: The client requests verification of the DHCP information
  • ACK: The server acknowledges the DHCP request


Sometimes you will not see the DISCOVER / OFFER and just see the REQUEST / ACK. This heppens when the client has already obtained a valid DHCP lease earlier and is just requesting to have it again before its lease time expires. Typically this is performed when half the lease has lapsed.




If the REQUEST is not valid anymore the server will send a NACK indicating to the client that it can no longer use this DHCP information. This should cause the client to start over with a DISCOVER.


Sometimes you will see repeated DISCOVER / OFFER but never a REQUEST from the client. This happens when the client either doesn't receive the OFFER or doesn't like it for some reason. Perhaps a firewall is blocking it, they have a poor connection, or simply they're using a Windows computer.


It's common for Windows Vista to never even start its DHCP process. It will just refuse to DISCOVER and complain that the connection is "limited or no connectivity".  You can try to diagnose the problem and tell it to reset the network card and/or get new IP information. If this fails to start it then I find adding a static IP and then setting it back to DHCP will get it going. You may even need to restart the DHCPC service. Its Vista.. where you expecting it to work as advertised?


 



Create an account or sign in to comment
Go to topic listing

Important Information

By using this site, you agree to our Terms of Use.

I accept

Account

Navigation

Search

Search

Configure browser push notifications
Chrome (Android)
  1. Tap the lock icon next to the address bar.
  2. Tap Permissions → Notifications.
  3. Adjust your preference.
Chrome (Desktop)
  1. Click the padlock icon in the address bar.
  2. Select Site settings.
  3. Find Notifications and adjust your preference.