11-05-2015 12:11 AM
how can we view DHCP discover , offer , request and ACK packet
Thanks in advance,
11-05-2015 02:42 AM
You can see all if dhcp server and client are in diferent subnets so those packets pass Palo or if Palo itself is dhcp server.
If server and client are in same subnet then discover is broadcast but from then on server sends response directly to client and devices standing by don't see this (unless you use mirror port is switch).
11-05-2015 05:17 AM
thanks but I am looking for specific command we can run on palo alto to view DORA exchange.
for example using tcpdump -i <interface> port 67 we get that information.
11-05-2015 07:50 AM
You can setup a specific security rule to just look for the DHCP application. This way the traffic will display in the Traffic logs. Also if I remember my DHCP correctly, the client send the request to the DHCP server over port 67 but then the server replies over port 68.
Regards,
11-06-2015 08:37 PM
Hi,
You won't see the specific packets in the traffic logs, but if it's for diagnostic purpose, you can start a capture from the GUI and specify the DHCP ports as the filter. You will be able to download the resulting capture and analyze it in Wireshark.
Benjamin
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
