Sysadmin > UtilitIes > TcpDump

tcpdump

tcpdump filter to match DHCP packets including a specific Client MAC Address:
tcpdump -i eth3 -vvv -s 1500 '((port 67 or port 68) and (udp[38:4] = 0x00cacf12))'
tcpdump filter to capture packets sent by the client (DISCOVER, REQUEST, INFORM):
tcpdump -i eth3 -vvv -s 1500 '((port 67 or port 68) and (udp[8:1] = 0x1))'
tcpdump filter DISCOVER with ASCII-Output
tcpdump -i eth3 -vXX -s 1500 '((port 67 or port 68) and (udp[247:4] = 0x63350101))'
pipe dhcp to dhcpdump (does this work????)
tcpdump -lenx -s 1500 port bootps or port bootpc | dhcpdump
tcpdump -i eth0 -nn -s0 -v -w test.pcap port 80