ex_dhcp v0.1.5 mix snoop View Source
A tool for snooping on DHCP transactions that are passing by this particular connected device.
Usage
Run this mix task on a device on the same layer-2 network as the network where you'd like to watch DHCP packets go by. It's probably a good idea to not have this be the same machine that you're using to serve DHCP.
mix snoop
Defaults to listening to UDP ports 67 and 68. In order to use this feature on most Linux machines, you'll need give your erlang virtual machine permission to listen on (< 1024) port numbers. You can do this with the following command as superuser:
setcap 'cap_net_bind_service,cap_net_raw=+ep' /usr/lib/erlang/erts-10.6.1/bin/beam.smp
Note that the path to your beam.smp
might be different.
Ctrl-c
will exit out of this mix task
Using without setcap
You can use this program without changing the permissions on beam.smp
.
Instead, supply the --port
or -p
parameter to the mix task, like so:
mix snoop -p 6767
And you'll want to forward UDP port activity from 67 and 68 to
the snoop port 6767, you may use iptables
as superuser to achieve this.
Note that these changes may not persist on certain network activity
(such as (libvirt)[https://libvirt.org/] creating or destroying a network),
and certainly not on reboot. Instrumenting these settings as permanent is
beyond the scope of this guide.
iptables -t nat -I PREROUTING -p udp --dport 67 -j DNAT --to :6767
iptables -t nat -I PREROUTING -p udp --dport 68 -j DNAT --to :6767
This will cause DHCP packets streaming to be logged to the console.
Options
--bind <device>
or-b <device>
binds this mix task to a specific network device.--save <prefix>
or-s <prefix>
saves packets (as erlang term binaries) to files with the given prefix