| Description | This article describes how to use the built-in Wireshark packet capture functionality to capture DHCP Traffic. |
| Scope | FortiGate. |
| Solution |
In certain scenarios, capturing DHCP traffic can be helpful for troubleshooting. Packet capture in Wireshark format allows for detailed analysis of DHCP UDP traffic, making it easier to diagnose issues such as DHCP scope problems, rogue servers, and more.
To set up the packet capture navigate to Network -> Diagnostics.
Select the interface where the traffic will be captured and filter with the UDP ports 67 and 68 (DHCP default ports).
Optional: Configure 'Maximum captured packets' to limit the amount of data in the packet capture file.
Select 'Start Capture'. A preview of the captured packets will be displayed:
The capture will finish until the 'Maximum Captured Packets' is reached or the 'Stop Capture' option is selected. Select 'Save as pcap' to download the Wireshark packet capture:
The capture can now be opened using Wireshark:
Related articles: Technical Tip: Diagnosing DHCP on a FortiGate Troubleshooting Tip: Check DHCP Messages with VLAN Tag using Wireshark Packet Capture |
