When a DHCP issue strikes, it tends to do so with the subtlety of a brick through a window. Devices suddenly stop obtaining addresses, clients complain that “the network is broken,” and the logs seem to be playing hide-and-seek. This situation was a bit different; one client could not get an ip address from wifi, but worked fine on the wired side. same vlan, same dhcp server. and yes his wifi works fine everywhere else. Since the router was the dhcp server, I turned to one of the most under-appreciated diagnostic tools hiding inside a Ubiquiti EdgeRouter: tcpdump. While the GUI has plenty of useful stats, nothing beats raw packet visibility when you need to know exactly what’s happening on the wire.
Capturing packets directly on the EdgeRouter has a huge advantage—you’re collecting data at the precise point where traffic passes. No guessing. No relying on secondhand logs. With tcpdump, I could instantly see whether DHCP DISCOVER, OFFER, REQUEST, and ACK packets were actually being exchanged. In my case, that clarity helped me spot that the DISCOVERs were arriving, but the OFFERS weren’t making it back out. Without that level of detail, I would’ve been stuck blaming ghosts or rebooting things out of desperation.
It was a simple process; i simply ssh'd into the router and typed the following command to capture 5MB of dhcp packets and write them to capture_dhcp.cap.
sudo tcpdump -i switch0 -n -vvv port 67 or 68 -C 5 -W 1 -w capture_dhcp_2.pcap
Another perk is how easy it is to filter traffic with tcpdump. Instead of drowning in a sea of packets, I could lock in on port 67/68 traffic or even narrow the view to a single MAC or interface. It’s like having an X-ray machine for your network, where you can zoom right into the failing process without being distracted by everything else. And since captures can be saved and opened in Wireshark later, you get the best of both worlds: lightweight on-device capture with full-blown desktop analysis afterward.
Finally, running tcpdump on an EdgeRouter is fast, simple, and—most importantly—accurate. When troubleshooting something finicky like DHCP, assumptions are the enemy. tcpdump removes the guesswork and replaces it with hard evidence you can act on. In my case, it cut hours of trial-and-error down to minutes and pointed directly at the misconfigured relay causing all the chaos. If you’re working with Ubiquiti gear and not using tcpdump yet, trust me—your future self will thank you.
No comments:
Post a Comment
thanks for the message