Use tcpdump to get dhcp packets

DHCP (Dynamic Host Configuration Protocol) is a network protocol of a local area network. It works with UDP protocol. It has two main purposes: to automatically assign IP addresses to internal networks or network service providers, and to users or internal network administrators. As a means of central management of all computers.

We can use tcpdump to capture dhcp packets on linux , and then use wireshark to analyze it.

As you can see, wireshark captured 4 DHCP packets, namely discover, offer, request, and ack.
This corresponds to the four processes of the host requesting the DHCP server to allocate an IP: DHCP server discovery, DHCP server provision, DHCP request, and DHCP ACK.
Next, look at the specific content of each message in detail:

1. Discover: DHCP server discovery

It can be seen from the packet information that the transport layer protocol of the DHCP packet is UDP, and the port number is 67. Because the host does not know its own IP address or the address of the DHCP server at this time, the source address and the broadcast destination address are used.

2. Offer: Provided by the DHCP server

After receiving a DHCP discovery message, the DHCP server responds with a DHCP offer message. It can be seen from the package that the server IP address is, and the IP address assigned to the host is The transaction ID of this message is 0x8100beb0, which is the same as the transaction ID of the last discovery message.
In addition, you can also obtain the IP address lease period, subnet mask, routing information, etc. from the Option field.

Three, Request: DHCP request

After receiving the Offer message, the host responds with a DHCP request message. At this time, just like the DHCP discovery message, the host uses the source address and the broadcast destination address And re-select a new transaction ID and echo configuration parameters. Such as the requested IP address, etc.

4. ACK: DHCP ACK response

Finally, the server responds to the DHCP request message with a DHCP ACK message to verify the required parameters.
At this point, the entire IP request allocation process is completed, and the client can use the IP address allocated by DHCP during the lease period.

Guess you like