0

I'm trying to capture all DHCP Discover packets that don't end with ff that should be the last byte of a correct BOOTP request.

I can filter all DHCP Discover by using the correct offset ether[284:1] because it is at the beginning of the packet but what changes is obviously the length of the entire request.

Is there a way to dynamically calculate the length of the packet and use it as a proper offset?

Thanks

Ross Jacobs
  • 2,962
  • 1
  • 17
  • 27
Skylo02
  • 1
  • Welcome to Stack Overflow! Please read the [help pages](https://stackoverflow.com/help), take the [SO tour](https://stackoverflow.com/tour), read about [how to ask good questions](https://stackoverflow.com/help/how-to-ask), as well as this [question checklist](https://codeblog.jonskeet.uk/2012/11/24/stack-overflow-question-checklist/). – Ross Jacobs Sep 27 '19 at 17:51
  • It would help if you can tell us *why* you care about packets that don't end with `ff`. It is possible to construct [complex capture filters](https://wiki.wireshark.org/CaptureFilters) given enough information. – Ross Jacobs Sep 27 '19 at 17:55

0 Answers0