Wireshark · Wireshark-users: Re: [Wireshark-users] Need to get a more verbose packet detail when filtering DHCP packets

Wireshark-users: Re: [Wireshark-users] Need to get a more verbose packet detail when filtering DH

From: Sake Blok <sake@xxxxxxxxxx>

Date: Sun, 20 Apr 2008 22:16:23 +0200

On Sat, Apr 19, 2008 at 11:08:23AM -0400, Moe Garcia wrote:
> Hope this is an easy answer:
> 
> Command:
> tshark -i eth1 -f "port 67 or 68" -V
> 
> 
> In the below code snippet, I am trying to determine the option 43, but
> tshark is only givng me a partial value for option 43
> 
>     Option: (t=43,l=128) Vendor-Specific Information
>         Option: (43) Vendor-Specific Information
>         Length: 128
>         Value: 01063C6E756C6C3E020445535442030845434D3A45535442...
> 
> It there a switch that will allow me a more verbose to complete value
> return?

You could use the "tshark -T fields" option:

tshark -i eth1 -f "port 67 or 68" -R "bootp.option.type == 43" -T fields -e ip.src -e ip.dst -e bootp.option.value

That would give you a list of all packets containing DHCP option 43 and
will print out the src-ip, dst-ip and the (whole) option value in a format
like this:

212.204.210.225 192.168.1.5     c5:44:2b:e2:bd:69:6c:2f:10:9c:a2:a8:fe:fa:51:c3:99:77:2d:dd:52:e6:59:e9:7b:17:a3:cb:f8:15:ee:49

Would that be helpful?

Cheers,
    Sake

References:
- [Wireshark-users] Need to get a more verbose packet detail when filtering DHCP packets
  - From: Moe Garcia

Prev by Date: Re: [Wireshark-users] Need to get a more verbose packet detail when filtering DHCP packets
Next by Date: Re: [Wireshark-users] Firewall ACL rules
Previous by thread: Re: [Wireshark-users] Need to get a more verbose packet detail when filtering DHCP packets
Next by thread: [Wireshark-users] RTT&#ofHops
Index(es):
- Date
- Thread