As an administrator of a linux dhcp server I have to support it of course. Last day, someone come to my desk and ask me if there is a trouble on the dhcp because he can’t get an ip address from the dhcp server. For your information, I have to add manually the host in the dhcp server and the dns server (security policy). Anyway, with tcpdump, you can troubleshoot the ip frame going to and from the dhcp server. Here are some tcpdump syntax that can be usefull:

  • tcpdump -n ether host xx:xx:xx:xx:xx:xx
    To catch a mac address
  • tcpdump -e -i eth0 | grep ‘xx:xx:xx:xx:xx:xx’
    Same thing
  • tcpdump -n port 67
    Catch dhcp transactions

Note that I have not tested the mac filters yet but I want to post them here so I cna test them later.


