Wireshark-users: [Wireshark-users] Need to get a more verbose packet detail when filtering DHCP p
From: "Moe Garcia" <mgarcia01752@xxxxxxxxx>
Date: Sat, 19 Apr 2008 11:08:23 -0400
Hope this is an easy answer:

Command:
tshark -i eth1 -f "port 67 or 68" -V


In the below code snippet, I am trying to determine the option 43, but tshark is only givng me a partial value for option 43

    Option: (t=43,l=128) Vendor-Specific Information
        Option: (43) Vendor-Specific Information
        Length: 128
        Value: 01063C6E756C6C3E020445535442030845434D3A45535442...

It there a switch that will allow me a more verbose to complete value return?

I know about the -x option, but that gives me the whole packet, I only need the parsed option 43?


Thanks,

Moe

--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------


Bootstrap Protocol
    Message type: Boot Request (1)
    Hardware type: Ethernet
    Hardware address length: 6
    Hops: 1
    Transaction ID: 0x261b884f
    Seconds elapsed: 0
    Bootp flags: 0x0000 (Unicast)
        0... .... .... .... = Broadcast flag: Unicast
        .000 0000 0000 0000 = Reserved flags: 0x0000
    Client IP address: 0.0.0.0 (0.0.0.0)
    Your (client) IP address: 0.0.0.0 (0.0.0.0)
    Next server IP address: 0.0.0.0 (0.0.0.0)
    Relay agent IP address: 10.0.104.1 (10.0.104.1)
    Client MAC address: Motorola_5f:28:23 (00:1c:11:5f:28:23)
    Server host name not given
    Boot file name not given
    Option: (t=53,l=1) DHCP Message Type = DHCP Discover
        Option: (53) DHCP Message Type
        Length: 1
        Value: 01
    Option: (t=55,l=8) Parameter Request List
        Option: (55) Parameter Request List
        Length: 8
        Value: 010306070F173336
        1 = Subnet Mask
        3 = Router
        6 = Domain Name Server
        7 = Log Server
        15 = Domain Name
        23 = Default IP Time-to-Live
        51 = IP Address Lease Time
        54 = Server Identifier
    Option: (t=60,l=6) Vendor class identifier = "DSG1.0"
        Option: (60) Vendor class identifier
        Length: 6
        Value: 445347312E30
    Option: (t=43,l=128) Vendor-Specific Information
        Option: (43) Vendor-Specific Information
        Length: 128
        Value: 01063C6E756C6C3E020445535442030845434D3A45535442...
    Option: (t=61,l=7) Client identifier
        Option: (61) Client identifier
        Length: 7
        Value: 01001C115F2823
        Hardware type: Ethernet
        Client MAC address: Motorola_5f:28:23 (00:1c:11:5f:28:23)
    Option: (t=82,l=14) Agent Information Option
        Option: (82) Agent Information Option
        Length: 14
        Value: 0104000100040206001C115F2822
        Agent Circuit ID: 00010004
        Agent Remote ID: 001C115F2822
    End Option