Michael Woods Blog

November 17, 2011

How to filter DHCP Traffic with Wireshark

Filed under: DHCP, Network, Wireshark — Tags: , , , — Michael Woods @ 4:14 PM

Open Wireshark and go to (Capture -> Interfaces)


Determine which Ethernet device you are using to connect to the internet. You

can determine which one is being used by the number of packets sent/received.

I’m using the one called Microsoft, which is a wireless network card.


Click the options button on the device being used to bring up the capture options

menu. Uncheck the capture packets in promiscuous mode option to only see

traffic that is sent and received to this network card. Click the start button to

begin capturing network traffic.

Now Wireshark is capturing all of the traffic that is sent and received by the

network card.


We are only interested with the DHCP traffic, so on the display filter type

(bootp.option.type == 53) and click apply.


The DHCP Release resulted from me typing (ipconfig /release) at a command

prompt. The DHCP Discover, Offer, Request, and ACK resulted from me typing

(ipconfig /renew) at a command prompt.

Advertisements

Leave a Comment »

No comments yet.

RSS feed for comments on this post. TrackBack URI

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

w

Connecting to %s

Blog at WordPress.com.

%d bloggers like this: