debugging on the DHCP server
Peter Rathlev
peter at rathlev.dk
Tue Jul 15 06:48:03 UTC 2014
On Mon, 2014-07-14 at 12:09 +0200, Meike Stone wrote:
> is it possible, to log each DHCP transaction for debugging with
> options (of my choice) in athe logfile?
Probably. The log statement, just like in the example you yourself gave,
is a good guess.
> All possible Clientsmessages
> - DHCPDISCOVER
> - DHCPREQUEST
> - DHCPDECLINE
> - DHCPRELEASE
> - DHCPINFORM
>
> and the Serveranswers
> - DHCPOFFER
> - DHCPACK
> - DHCPNAK
If you need to analyze each of these packets by themselves then tcpdump
or similar is your best bet.
What stops you from using tcpdump? You mention 3000 clients. Even with a
lease-time of just an hour your shouldn't see more than 1500
transactions per hour, which should be much less than 10000 packets per
hour. That should translate to probably less than 5 MB per hour, a
trivial amount of storage in these days.
Run tcpdump in a `screen` session with a rotating buffer that gets
overwritten:
screen -S dhcp-sniff
and inside the screen session, if you have 2G to spare:
tcpdump -w rotating-sniff.pcap. -C 100 -W 20 -Z root \
\( port 67 or port 68 \)
> Additional (as cherry on the cake), I would be pleased, If I could do
> a Filter to a dedicated Client MAC address.
>
> I tried something like this (but it is not really satisfying ...):
<snip>
But why is it not satisfying? Are you missing information? Does it not
work at all? Something third?
--
Peter
More information about the dhcp-users
mailing list