how can we view DHCP discover , offer , request and ACK packet
Thanks in advance,
You can see all if dhcp server and client are in diferent subnets so those packets pass Palo or if Palo itself is dhcp server.
If server and client are in same subnet then discover is broadcast but from then on server sends response directly to client and devices standing by don't see this (unless you use mirror port is switch).
thanks but I am looking for specific command we can run on palo alto to view DORA exchange.
for example using tcpdump -i <interface> port 67 we get that information.
You can setup a specific security rule to just look for the DHCP application. This way the traffic will display in the Traffic logs. Also if I remember my DHCP correctly, the client send the request to the DHCP server over port 67 but then the server replies over port 68.
You won't see the specific packets in the traffic logs, but if it's for diagnostic purpose, you can start a capture from the GUI and specify the DHCP ports as the filter. You will be able to download the resulting capture and analyze it in Wireshark.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!
The Live Community thanks you for your participation!