Debugging DHCP with TCPdump

How DHCP Works?

DHCP operations fall into four phases: server discovery, IP lease offer, IP lease request, and IP lease acknowledgment. These stages are often abbreviated as DORA for discovery, offer, request, and acknowledgment.

DISCOVER: Client connects to the network and sends out a broadcast discovery looking for its DHCP information.

OFFER: The server offers the DHCP information to the client

REQUEST: The client requests verification of the DHCP information

ACK: The server acknowledges the DHCP request

How to use tcpdump to filter dhcp packets v4?

DHCP v4 traffic operates on port 67 (Server) and port 68 (Client). So we can capture the appropriate traffic with the following expression. (v4)

This command starts a packet capture using the tcpdump utility on interface eth0, filtering for UDP packets with a source or destination port of 67 (DHCP server) or 68 (DHCP client).

The -vvv option enables verbose output, providing additional information about the packets being captured.

tcpdump -i eth0 udp port 67 and port 68 -vvv

How to use tcpdump to filter dhcpv6 packets?

DHCPv6 uses UDP port number 546 for clients and port number 547 for servers.