Missing traffic in NetMon
I'm trying to troubleshoot possible DHCP problems and have set up NetMon with a filter of "DHCP" to log traffic. It seems to "kind of" work, but there seems to be some traffic missing. For instance, I don't always see any entry for the DHCP OFFER. I see it once in a while, but often I see traffic like this: Client: DISCOVER Client: REQUEST Server: ACK The client does get an IP from the server. There had to be an offer between the discover and request, but NetMon seems to only log the offers sporadically. Sometimes I think ACKs are also missing from what's viewable from NetMon. For some reason Netmon only shows part of the traffic originating from the DHCP server. Is this normal to not see all the traffic or is there a fix?
May 17th, 2011 12:06am

You should see all the 4 packets DISCOVER OFFER REQUEST ACK What is the version of Netmon you are using? It should look like this 1 11:16:57.1915680 12.2175680 0.0.0.0 255.255.255.255 DHCP DHCP:Request, MsgType = DISCOVER, TransactionID = 0xBCBCFAE3 {DHCP:3, UDP:5, IPv4:4} 2 11:16:57.1915680 12.2175680 10.0.10.1 255.255.255.255 DHCP DHCP:Reply, MsgType = OFFER, TransactionID = 0xBCBCFAE3 {DHCP:3, UDP:5, IPv4:4} 3 11:16:57.1915680 12.2175680 0.0.0.0 255.255.255.255 DHCP DHCP:Request, MsgType = REQUEST, TransactionID = 0xBCBCFAE3 {DHCP:3, UDP:5, IPv4:4} 4 110:16:57.2015830 12.2275830 10.0.10.1 255.255.255.255 DHCP DHCP:Reply, MsgType = ACK, TransactionID = 0xBCBCFAE3 {DHCP:3, UDP:5, IPv4:4}
Free Windows Admin Tool Kit Click here and download it now
May 17th, 2011 8:38pm

Hi Customer, Thank you for your post. > but often I see traffic like this: >Client: DISCOVER >Client: REQUEST >Server: ACK >The client does get an IP from the server. When your DHCP client obtaining a new lease, there should have DHCPDISCOVER > DHCPOFFER > DHCPREQUEST >DHCPACK traffic on your network. When your DHCP client just renewing a lease, there should only have DHCPREQUEST >DHCPACK traffic . How DHCP works: http://technet.microsoft.com/en-us/library/cc780760(WS.10).aspx Please do the following steps to capture your DHCP traffic: 1.Use ipconfig /release with command line on your DHCP client 2.On your Network Monitor, type “protocol.DHCP” in your Network Monitor filter and click start 3.Use ipconfg /renew with command line on your DHCP client 4.Click stop on your Network Monitor You can also find some videos and articles that talk about filtering on the blog: http://blogs.technet.com/netmon. If you have more questions, please let us know. Best Regards, James Zou
May 18th, 2011 9:16am

This topic is archived. No further replies will be accepted.

Other recent topics Other recent topics