If you want to monitor DHCP communication between a DHCP server and a client, you can run a packet sniffing tool on the same local network, and capture DHCP traffic. There are a couple of sniffing tools you can use.
The first method to capture DHCP traffic is to use venerable tcpdump tool. In this case, you want to define a filter so that tcpdump dumps only DHCP related traffic. In DHCP, UDP port number 67 is used by a DHCP server, and UDP port number 68 is used by DHCP clients. Thus, you want to capture traffic with port number 67 or 68 as follows.
The above tcpdump output shows that IP address 172.16.253.131 is assigned to a client with hardware address 00:0c:29:24:de:ee.
The second method to monitor DHCP requests and responses is to use dhcpdump, which is a command-line DHCP packet dumper program.
To install dhcpdump on Debian or Ubuntu:
To install dhcpdump on CentOS, first enable Repoforge on your system, and then run:
To install dhcpdump on Fedora:
The following command will dump DHCP requests and responses in a human-readable format.
The output shown by dhcpdump is more detailed than that of tcpdump. “YIADDR” field is populated with the IP address offered by a DHCP server to a client, and “CHADDR” field is the hardware address of the requesting client. It also shows other information such as DHCP lease time, subnet mask, DNS server, etc.
dhcpdump can filter DHCP responses such that it captures only DHCP responses sent to a particular hardware address.
For example, the following command will capture DHCP response packets sent to client whose hardware address starts with “00:c1:b5”.