tcpdump filter to match DHCP packets including a specific Client MAC Address:
tcpdump -i br0 -vvv -s 1500 '((port 67 or port 68) and (udp[38:4] = 0x3e0ccf08))'
tcpdump filter to capture packets sent by the client (DISCOVER, REQUEST, INFORM):
tcpdump -i br0 -vvv -s 1500 '((port 67 or port 68) and (udp[8:1] = 0x1))'
Sample output :
21:38:05.644153 IP (tos 0x0, ttl 64, id 32104, offset 0, flags [none], proto UDP (17), length 374) 0.0.0.0.bootpc > 255.255.255.255.bootps: [udp sum ok] BOOTP/DHCP, Request from 12:42:82:cb:7a:7e (oui Unknown), length 346, xid 0xd01f0ad4, secs 18694, Flags [none] (0x0000) Client-Ethernet-Address 12:42:82:cb:7a:7e (oui Unknown) Vendor-rfc1048 Extensions Magic Cookie 0x63825363 DHCP-Message Option 53, length 1: Discover Client-ID Option 61, length 7: ether 12:42:82:cb:7a:7e SLP-NA Option 80, length 0"" NOAUTO Option 116, length 1: Y MSZ Option 57, length 2: 1472 Vendor-Class Option 60, length 49: "dhcpcd-7.1.0:Linux-4.19.59-sunxi:armv7l:Allwinner" Hostname Option 12, length 11: "whiteorange" T145 Option 145, length 1: 1 Parameter-Request Option 55, length 15: Subnet-Mask, Classless-Static-Route, Static-Route, Default-Gateway Domain-Name-Server, Hostname, Domain-Name, MTU BR, NTP, Lease-Time, Server-ID RN, RB, Option 119 END Option 255, length 0
…And yes it is an orangepi zero for those playing at home..
nJoy 😉