====== syn, syn-ack, ack ======

  * syn only

  tcpdump 'tcp[tcpflags] & (tcp-syn) != 0 and tcp[tcpflags] & (tcp-ack) == 0'

  tcpdump -i br-lan host 10.11.13.254 and tcp and 'tcp[13] & 2 != 0'

  * ack

   tcpdump -i br-lan host 10.11.13.254 and tcp and 'tcp[13] == 18'

  * syn or syn-ack

  tcpdump -i br-lan host 10.11.13.254 and tcp and 'tcp[13] & 2 != 0 or tcp[13] == 18'


  * syn, ack, syn-ack

  tcpdump -i br-lan host 10.11.13.254 and tcp and 'tcp[13] & 2 != 0 or tcp[13] & 16 != 0'



====== DHCP tcpdump ======

 tcpdump -i br-lan -pvn port 67 and port 68

  * Kali Linux DHCP request

  * DHCP tcpdump: listening on br-lan, link-type EN10MB (Ethernet), capture size 262144 bytes

  15:58:05.507575 IP (tos 0xc0, ttl 64, id 0, offset 0, flags [DF], proto UDP (17), length 316)
      0.0.0.0.68 > 255.255.255.255.67: BOOTP/DHCP, Request from 00:0c:29:8e:31:92, length 288, xid 0x5333e4b1, secs 1, Flags [none]
            Client-Ethernet-Address 00:0c:29:8e:31:92
            Vendor-rfc1048 Extensions
              Magic Cookie 0x63825363
              DHCP-Message Option 53, length 1: Request
              Client-ID Option 61, length 7: ether 00:0c:29:8e:31:92
              Parameter-Request Option 55, length 17:
                Subnet-Mask, Time-Zone, Domain-Name-Server, Hostname
                Domain-Name, MTU, BR, Classless-Static-Route
                Default-Gateway, Static-Route, YD, YS
                NTP, Option 119, Classless-Static-Route-Microsoft, Option 252
                RP
              MSZ Option 57, length 2: 576
              Requested-IP Option 50, length 4: 10.11.13.177
  
  
{{:burim:dhcp-tcpdump-kali-windows.png?700|}}


{{:burim:2020-11-18_17_38_47-dhcp.pcap.png|}}