$ sudo tshark -i eth0 -f "udp port 67" Running as user "root" and group "root". This could be dangerous. Capturing on eth0 0.000000 0.0.0.0 -> 255.255.255.255 DHCP 342 DHCP Discover - Transaction ID 0x2233523a 0.000186 10.10.10.1 -> 10.10.10.8 DHCP 342 DHCP Offer - Transaction ID 0x2233523a 0.000422 0.0.0.0 -> 255.255.255.255 DHCP 342 DHCP Request - Transaction ID 0x2233523a 0.000601 10.10.10.1 -> 10.10.10.8 DHCP 342 DHCP ACK - Transaction ID 0x2233523a ^C4 packets captured
Here's how to save the capture to a file for later inspection and/or documentation purposes:
$ sudo tshark -i eth0 -f "udp port 67" -w dhcp_capture.pcapng Running as user "root" and group "root". This could be dangerous. Capturing on eth0 4 ^C
Packets can now be easily viewed with the Wireshark GUI - you can use another (developer) machine for this task, and also don't need root privileges.
No comments:
Post a Comment