我有一个路由器运行与tcpdump安装lede
tcpdump --version # tcpdump version 4.9.0 # libpcap version 1.8.1 当我像这样运行它时:
tcpdump -vnes0 -i eth0 port 67 or port 68
我可以看到
00:00:24.122791 00:00:00:00:69:6f > ff:ff:ff:ff:ff:ff, ethertype 802.1Q (0x8100), length 346: vlan 3, p 0, ethertype IPv4, (tos 0x10, ttl 128, id 0, offset 0, flags [none], proto UDP (17), length 328) 0.0.0.0.68 > 255.255.255.255.67: BOOTP/DHCP, Request from 00:00:00:00:69:6f, length 300, xid 0xc74a7577, Flags [none] Client-Ethernet-Address 00:00:00:00:69:6f Vendor-rfc1048 Extensions Magic Cookie 0x63825363 DHCP-Message Option 53, length 1: Request Requested-IP Option 50, length 4: 10.1.0.228 Hostname Option 12, length 3: "hostname" Parameter-Request Option 55, length 13: Subnet-Mask, BR, Time-Zone, Classless-Static-Route Domain-Name, Domain-Name-Server, Hostname, YD YS, NTP, MTU, Option 119 Default-Gateway
但是我看不到ACK包; 但是,ACK 是通过tcpdump -vnes0 -i eth0显示的:
00:00:25.760293 00:00:00:00:20:01 > 00:00:00:00:69:6f, ethertype 802.1Q (0x8100), length 348: vlan 3, p 0, ethertype IPv4, (tos 0xc0, ttl 64, id 18290, offset 0, flags [none], proto UDP (17), length 330) 10.1.0.1.67 > 10.1.0.228.68: BOOTP/DHCP, Reply, length 302, xid 0x95afbf42, Flags [none] Your-IP 10.1.0.228 Server-IP 10.1.0.1 Client-Ethernet-Address 00:00:00:00:69:6f Vendor-rfc1048 Extensions Magic Cookie 0x63825363 DHCP-Message Option 53, length 1: ACK Server-ID Option 54, length 4: 10.1.0.1 Lease-Time Option 51, length 4: 43200 RN Option 58, length 4: 21600 RB Option 59, length 4: 37800 Subnet-Mask Option 1, length 4: 255.255.255.0 BR Option 28, length 4: 10.1.0.255 Default-Gateway Option 3, length 4: 10.1.0.1 Domain-Name-Server Option 6, length 4: 10.1.0.1 Domain-Name Option 15, length 3: "XXX" Hostname Option 12, length 3: "hostname"
这是tcpdump的错误还是我的过滤错误?