Wireshark-bugs: [Wireshark-bugs] [Bug 12516] New: BOOTP filter should not include DHCP results
Date: Mon, 13 Jun 2016 16:04:01 +0000
Bug ID 12516
Summary BOOTP filter should not include DHCP results
Product Wireshark
Version unspecified
Hardware x86
OS All
Status UNCONFIRMED
Severity Normal
Priority Low
Component Dissection engine (libwireshark)
Assignee bugzilla-admin@wireshark.org
Reporter mromans@gmail.com

Build Information:
Wireshark 2.0.4 (v2.0.4-0-gdd7746e from master-2.0)

Compiled (64-bit) with Qt 5.3.2, with WinPcap (4_1_3), with libz 1.2.8, with
GLib 2.42.0, with SMI 0.4.8, with c-ares 1.11.0, with Lua 5.2, with GnuTLS
3.2.15, with Gcrypt 1.6.2, with MIT Kerberos, with GeoIP, with QtMultimedia,
with AirPcap.

Running on 64-bit Windows 10, build 10586, with locale C, with WinPcap version
4.1.3 (packet.dll version 4.1.0.2980), based on libpcap version 1.0 branch
1_0_rel0b (20091008), with GnuTLS 3.2.15, with Gcrypt 1.6.2, without AirPcap.
Intel(R) Core(TM) i5-4300U CPU @ 1.90GHz (with SSE4.2), with 8089MB of physical
memory.
--
I have many devices in my environment that run on DHCP and many that simply use
BOOTP. Because of this, I need to separate the traffic in order to narrow down
packets coming from particular kinds of clients. This is not easily done
because DHCP is only processed as part of the BOOTP dissector and there are no
filtering options for DHCP (for IPv4). While DHCP was built on BOOTP it is not
BOOTP, and including DHCP in BOOTP is a critical flaw for those of us that
manage DDI.

In order to properly handle BOOTP and DHCP, Wireshark needs a DHCP filter that
includes both DHCP and BOOTP, while the BOOTP filter should ONLY INCLUDE BOOTP
PACKETS. This also allows users to separate DHCP-only traffic by filtering on
"dhcp && !bootp".


You are receiving this mail because:
  • You are watching all bug changes.