IETF Logo Mail Archive

Re: Sniffing a DHCP Boot

Evan Wetstone <evanw@sabine.us.dell.com> Wed, 10 April 1996 14:12 UTC

Received: from ietf.cnri.reston.va.us by IETF.CNRI.Reston.VA.US id aa17895; 10 Apr 96 10:12 EDT
Received: from CNRI.Reston.VA.US by IETF.CNRI.Reston.VA.US id aa17891; 10 Apr 96 10:12 EDT
Received: from reef.bucknell.edu by CNRI.Reston.VA.US id aa08349; 10 Apr 96 10:12 EDT
Received: from localhost by reef.bucknell.edu with SMTP (5.65/IDA-1.2.8) id AA07690; Wed, 10 Apr 1996 10:07:52 -0400
Date: Wed, 10 Apr 1996 10:07:52 -0400
Message-Id: <199604101310.IAA09588@sabine.us.dell.com>
Errors-To: droms@bucknell.edu
Reply-To: dhcp-v4@bucknell.edu
Originator: dhcp-v4@bucknell.edu
X-Orig-Sender: dhcp-v4@bucknell.edu
Precedence: bulk
Sender: ietf-archive-request@IETF.CNRI.Reston.VA.US
From: Evan Wetstone <evanw@sabine.us.dell.com>
To: Multiple recipients of list <dhcp-v4@bucknell.edu>
Subject: Re: Sniffing a DHCP Boot
X-Listprocessor-Version: 6.0c -- ListProcessor by Anastasios Kotsikonas
X-Comment: Discussion of DHCP for IPv4
X-Mailer: ELM [version 2.4 PL23]

Bill Fox writes:
> 
> We are testing DHCP as served by Windows NT, and just to NT clients
> right now.  My Network General Sniffer did not see DHCP, so I asked 
> their support group if DHCP is decoded.  The answer was, "We don't
> think so."
> 
> In the trace file, which is taken from the client end, 
> I see BOOTP packets, then an ARP for the IP address of the client
> workstation, from the client workstation.
> 
> Do you folks have any experience with this?

DHCP is supported by the Sniffer, it just gets called BootP due to the 
same port numbers (67 and 68) being used.  If you look at the detail of
the captured packets, you'll see that while it calls it a BootP packet,
the decode also correctly identifes DHCPDiscover, DHCPOffer, etc.

-- 
Evan Wetstone                                                evanw@dell.com

	 	    The Network Works.  No Excuses.

v2.8.7 | Report a Bug | By Email