Netgate SG-1000 microFirewall

Author Topic: Why am I seeing this in my Firewall Logs so Often  (Read 603 times)

0 Members and 1 Guest are viewing this topic.

Offline tagit446

  • Jr. Member
  • **
  • Posts: 41
  • Karma: +1/-0
    • View Profile
Why am I seeing this in my Firewall Logs so Often
« on: November 28, 2017, 10:55:58 pm »
See screenshot below.

I have the WAN on igb0. My firewall log is littered with many instances of what you are seeing in the pic.

Is it normal or does it indicate a problem or misconfiguration?

Anyway to stop seeing it in the log?
pfSense v2.4.2 - RELEASE (amd64) running on AMD Phenom(tm) II X4 965 Processor, Asus M4A89GTD PRO motherboard, Dell / Intel Pro/1000 VT Quad Port PCI-E Gigabit NIC Dell P/N 0H092p

Offline NogBadTheBad

  • Sr. Member
  • ****
  • Posts: 389
  • Karma: +32/-0
    • View Profile
Re: Why am I seeing this in my Firewall Logs so Often
« Reply #1 on: November 29, 2017, 02:41:48 am »
Looks like something on the WAN side is doing a DHCP request ( its a broadcast ), try doing a packet capture on the WAN interface for port 67.

Create a firewall rule on the WAN interface to block DHCP in and set it not to log or you can disable logging of the default block.
« Last Edit: November 29, 2017, 03:32:54 am by NogBadTheBad »

Offline tagit446

  • Jr. Member
  • **
  • Posts: 41
  • Karma: +1/-0
    • View Profile
Re: Why am I seeing this in my Firewall Logs so Often
« Reply #2 on: December 01, 2017, 01:30:02 pm »
I did a packet capture on the WAN port 67 for almost 4 hours. In the end the capture was completely empty.

I checked the firewall logs and it showed several instances occurring on igb0 during the capture however.

After thinking about this I realized even though I set the WAN up on igb0 it is a PPPoE connection which if I understand correctly is a virtual connection right?

Unfortunately it does not allow me to actually choose igb0 to do a packet capture on.

I know my modem is in bridge mode and it hands out a dynamic public ip but at the same time has DHCP still turned on. Could this be what is causing the issue?

Should DHCP on the modem be turned off?
pfSense v2.4.2 - RELEASE (amd64) running on AMD Phenom(tm) II X4 965 Processor, Asus M4A89GTD PRO motherboard, Dell / Intel Pro/1000 VT Quad Port PCI-E Gigabit NIC Dell P/N 0H092p

Offline johnpoz

  • Hero Member
  • *****
  • Posts: 14466
  • Karma: +1339/-200
  • Not a pfSense employee, they cannot fire me...
    • View Profile
Re: Why am I seeing this in my Firewall Logs so Often
« Reply #3 on: December 01, 2017, 01:34:42 pm »
You should be able to do a sniff from the cli via tcpdump.  You can then see from the sniff the mac of what is doing the dhcp discover.  So you have your modem, which is really a modem and not some gateway directly connected to igb0?

Its possible your seeing dhcp from your ISP other clients - but you shouldn't.  Your modem/isp device should not be asking for dhcp on its lan side interface.. So it is odd that you would be seeing that.  Is it possible you got something else connected on the same L2 between your isp device and pfsense wan interface (igb0)?
- An intelligent man is sometimes forced to be drunk to spend time with his fools.
- Please don't PM me for personal help
- if you want to say thanks applaud or https://www.freebsdfoundation.org/donate/
1x SG-2440 2.3.4_p1 (work)
1x SG-4860 2.4.2-RELEASE-p1 (home)

Offline tagit446

  • Jr. Member
  • **
  • Posts: 41
  • Karma: +1/-0
    • View Profile
Re: Why am I seeing this in my Firewall Logs so Often
« Reply #4 on: December 01, 2017, 05:35:46 pm »


You should be able to do a sniff from the cli via tcpdump.  You can then see from the sniff the mac of what is doing the dhcp discover.
Thank you for the suggestion and please excuse my ignorance but what is a cli and how do I use it?

So you have your modem, which is really a modem and not some gateway directly connected to igb0?
I'm not sure I'm following here but the modem is a Bonded Pair DSL Modem/Router. I have one of its LAN ports connected directly to the WAN port of the pfSense box.

Its possible your seeing dhcp from your ISP other clients - but you shouldn't.  Your modem/isp device should not be asking for dhcp on its lan side interface.. So it is odd that you would be seeing that.  Is it possible you got something else connected on the same L2 between your isp device and pfsense wan interface (igb0)?
Nope nothing else connected in between as described above.

I know this forum is just for pfSense but I'll dig out my laptop and plug that into the modem for access to it's webGUI. It came from the ISP with 3 WAN interfaces. They had me bridge just one of the interfaces to get internet and it worked however they were unsure of what to do with the other 2 interfaces. I wonder if those other 2 interfaces have something to do with this issue so I'll take a screenshot of them and post here. May or may not help, not sure.
pfSense v2.4.2 - RELEASE (amd64) running on AMD Phenom(tm) II X4 965 Processor, Asus M4A89GTD PRO motherboard, Dell / Intel Pro/1000 VT Quad Port PCI-E Gigabit NIC Dell P/N 0H092p

Offline tagit446

  • Jr. Member
  • **
  • Posts: 41
  • Karma: +1/-0
    • View Profile
Re: Why am I seeing this in my Firewall Logs so Often
« Reply #5 on: December 01, 2017, 06:37:17 pm »
As promised here some screenshots of the modem settings.

If you see something that should be changed please let me know.

The first pic is of the 3 interfaces. The ADSL is the one my ISP had me bridge.

Second pic is of the ADSL settings.

Third pic is of the  VDSL settings.

Fourth pic is of the ETHWAN settings.

Fifth pic is of the LAN settings.
« Last Edit: December 01, 2017, 07:21:32 pm by tagit446 »
pfSense v2.4.2 - RELEASE (amd64) running on AMD Phenom(tm) II X4 965 Processor, Asus M4A89GTD PRO motherboard, Dell / Intel Pro/1000 VT Quad Port PCI-E Gigabit NIC Dell P/N 0H092p

Offline johnpoz

  • Hero Member
  • *****
  • Posts: 14466
  • Karma: +1339/-200
  • Not a pfSense employee, they cannot fire me...
    • View Profile
Re: Why am I seeing this in my Firewall Logs so Often
« Reply #6 on: December 02, 2017, 03:17:16 am »
There is server reason for the dhcp server to be running on your "modem"
- An intelligent man is sometimes forced to be drunk to spend time with his fools.
- Please don't PM me for personal help
- if you want to say thanks applaud or https://www.freebsdfoundation.org/donate/
1x SG-2440 2.3.4_p1 (work)
1x SG-4860 2.4.2-RELEASE-p1 (home)

Offline tagit446

  • Jr. Member
  • **
  • Posts: 41
  • Karma: +1/-0
    • View Profile
Re: Why am I seeing this in my Firewall Logs so Often
« Reply #7 on: December 02, 2017, 02:04:34 pm »
I tried "tcpdump -i igb0" in the "Execute Shell Command" and it didn't seem to do anything.

Did I use the wrong command?
pfSense v2.4.2 - RELEASE (amd64) running on AMD Phenom(tm) II X4 965 Processor, Asus M4A89GTD PRO motherboard, Dell / Intel Pro/1000 VT Quad Port PCI-E Gigabit NIC Dell P/N 0H092p

Offline johnpoz

  • Hero Member
  • *****
  • Posts: 14466
  • Karma: +1339/-200
  • Not a pfSense employee, they cannot fire me...
    • View Profile
Re: Why am I seeing this in my Firewall Logs so Often
« Reply #8 on: December 03, 2017, 05:20:59 am »
your going to want to do that from actual cli or ssh.. not the gui interface..
- An intelligent man is sometimes forced to be drunk to spend time with his fools.
- Please don't PM me for personal help
- if you want to say thanks applaud or https://www.freebsdfoundation.org/donate/
1x SG-2440 2.3.4_p1 (work)
1x SG-4860 2.4.2-RELEASE-p1 (home)

Offline NogBadTheBad

  • Sr. Member
  • ****
  • Posts: 389
  • Karma: +32/-0
    • View Profile
Re: Why am I seeing this in my Firewall Logs so Often
« Reply #9 on: December 03, 2017, 05:21:12 am »
I tried "tcpdump -i igb0" in the "Execute Shell Command" and it didn't seem to do anything.

Did I use the wrong command?

Try tcpdump -i pppoe0 from the cli as john mentioned

Offline johnpoz

  • Hero Member
  • *****
  • Posts: 14466
  • Karma: +1339/-200
  • Not a pfSense employee, they cannot fire me...
    • View Profile
Re: Why am I seeing this in my Firewall Logs so Often
« Reply #10 on: December 03, 2017, 05:23:02 am »
he can sniff on his pppoe interface from the gui packet capture..  His point was he could not pick the naked interface..

- An intelligent man is sometimes forced to be drunk to spend time with his fools.
- Please don't PM me for personal help
- if you want to say thanks applaud or https://www.freebsdfoundation.org/donate/
1x SG-2440 2.3.4_p1 (work)
1x SG-4860 2.4.2-RELEASE-p1 (home)

Offline tagit446

  • Jr. Member
  • **
  • Posts: 41
  • Karma: +1/-0
    • View Profile
Re: Why am I seeing this in my Firewall Logs so Often
« Reply #11 on: December 03, 2017, 02:17:56 pm »
your going to want to do that from actual cli or ssh.. not the gui interface..

Sorry for sounding ignorant again but I have no idea what the actual cli or ssh is or how to access it if it is not the one in the pfsense webGUI.

Is the actual cli in windows or the pfsense box its self.

My profession is in automotive. I'm a certified advanced level master auto technician. I can fix just about any auto issue and fabricate just about anything but when it comes to pfsense and networking in general I still have a lot to learn, hense the ignorant questions. I have the aptitude to learn this, I just need the proper guidance.

Please be patient with me as I'll need a picture painted for me on this one i'm afraid.

I really need to know where this cli is and what command to execute and any other information that may be relevant.

Thanks
pfSense v2.4.2 - RELEASE (amd64) running on AMD Phenom(tm) II X4 965 Processor, Asus M4A89GTD PRO motherboard, Dell / Intel Pro/1000 VT Quad Port PCI-E Gigabit NIC Dell P/N 0H092p

Offline NogBadTheBad

  • Sr. Member
  • ****
  • Posts: 389
  • Karma: +32/-0
    • View Profile
Re: Why am I seeing this in my Firewall Logs so Often
« Reply #12 on: December 04, 2017, 02:49:35 am »
System -> Advanced -> Admin Access

Goto the Secure Shell section and tick Enable Secure Shell

If your running windows on the device your trying to connect from download putty.

https://www.chiark.greenend.org.uk/~sgtatham/putty/latest.html

Run putty, click on ssh if its not the default, pop in the ip address and click on open.

If your running OS X there is an inbuild ssh client ssh userid@ip-address or hostname

Once you've connected to pfSense hit 8 ) Shell.
« Last Edit: December 04, 2017, 01:42:47 pm by NogBadTheBad »

Offline johnpoz

  • Hero Member
  • *****
  • Posts: 14466
  • Karma: +1339/-200
  • Not a pfSense employee, they cannot fire me...
    • View Profile
Re: Why am I seeing this in my Firewall Logs so Often
« Reply #13 on: December 04, 2017, 03:15:26 am »
Not a bad question.. cli would be console.. Do you not have access to the console of pfsense?  If its completely headless than yes ssh in per nogbadthebad instructions.

You will then press 8 at the menu to get to the command line and then run your tcpdump command on the interface, etc.
- An intelligent man is sometimes forced to be drunk to spend time with his fools.
- Please don't PM me for personal help
- if you want to say thanks applaud or https://www.freebsdfoundation.org/donate/
1x SG-2440 2.3.4_p1 (work)
1x SG-4860 2.4.2-RELEASE-p1 (home)

Offline tagit446

  • Jr. Member
  • **
  • Posts: 41
  • Karma: +1/-0
    • View Profile
Re: Why am I seeing this in my Firewall Logs so Often
« Reply #14 on: December 04, 2017, 01:53:04 pm »
Thank you both :)

I have it running in shell.. Lots of information pouring in.

How do I stop it and is it possible to save it?
pfSense v2.4.2 - RELEASE (amd64) running on AMD Phenom(tm) II X4 965 Processor, Asus M4A89GTD PRO motherboard, Dell / Intel Pro/1000 VT Quad Port PCI-E Gigabit NIC Dell P/N 0H092p

Offline johnpoz

  • Hero Member
  • *****
  • Posts: 14466
  • Karma: +1339/-200
  • Not a pfSense employee, they cannot fire me...
    • View Profile
Re: Why am I seeing this in my Firewall Logs so Often
« Reply #15 on: December 04, 2017, 02:27:09 pm »
you would want to limit it to just the info your interested in.. so just the dhcp stuff, and then you can write it to a file and open that file in say wireshark.

https://www.freebsd.org/cgi/man.cgi?tcpdump(1)
- An intelligent man is sometimes forced to be drunk to spend time with his fools.
- Please don't PM me for personal help
- if you want to say thanks applaud or https://www.freebsdfoundation.org/donate/
1x SG-2440 2.3.4_p1 (work)
1x SG-4860 2.4.2-RELEASE-p1 (home)

Offline tagit446

  • Jr. Member
  • **
  • Posts: 41
  • Karma: +1/-0
    • View Profile
Re: Why am I seeing this in my Firewall Logs so Often
« Reply #16 on: December 04, 2017, 05:19:23 pm »
So I think I got this but need help understanding the results and I also need to know if I used the right tcpdump statement.

I used putty to log into the console. (I do have a monitor on the pfSense PC so I probably could have done this from there but at the same time I am glad to now know how to login from a remote PC on the network).

Once logged into the console I entered and ran "tcpdump -vvv -i igb0 port 67 or 68" (Please let me know if this is correct or if it should be different)

It returned the following:
Code: [Select]
tcpdump: listening on igb0, link-type EN10MB (Ethernet), capture size 262144 bytes
17:33:45.934850 IP (tos 0x10, ttl 128, id 0, offset 0, flags [none], proto UDP (17), length 328)
    0.0.0.0.bootpc > 255.255.255.255.bootps: [udp sum ok] BOOTP/DHCP, Request from 00:26:86:00:00:00 (oui Unknown), length 300, xid 0xfc44bd52, Flags [none] (0x0000)
          Client-Ethernet-Address 00:26:86:00:00:00 (oui Unknown)
          Vendor-rfc1048 Extensions
            Magic Cookie 0x63825363
            DHCP-Message Option 53, length 1: Discover
            Parameter-Request Option 55, length 7:
              Subnet-Mask, BR, Time-Zone, Default-Gateway
              Domain-Name, Domain-Name-Server, Hostname
            END Option 255, length 0
            PAD Option 0, length 0, occurs 47
17:33:49.809518 IP (tos 0x10, ttl 128, id 0, offset 0, flags [none], proto UDP (17), length 328)
    0.0.0.0.bootpc > 255.255.255.255.bootps: [udp sum ok] BOOTP/DHCP, Request from 00:26:86:00:00:00 (oui Unknown), length 300, xid 0xfc44bd52, secs 4, Flags [none] (0x0000)
          Client-Ethernet-Address 00:26:86:00:00:00 (oui Unknown)
          Vendor-rfc1048 Extensions
            Magic Cookie 0x63825363
            DHCP-Message Option 53, length 1: Discover
            Parameter-Request Option 55, length 7:
              Subnet-Mask, BR, Time-Zone, Default-Gateway
              Domain-Name, Domain-Name-Server, Hostname
            END Option 255, length 0
            PAD Option 0, length 0, occurs 47
17:33:59.549725 IP (tos 0x10, ttl 128, id 0, offset 0, flags [none], proto UDP (17), length 328)
    0.0.0.0.bootpc > 255.255.255.255.bootps: [udp sum ok] BOOTP/DHCP, Request from 00:26:86:00:00:00 (oui Unknown), length 300, xid 0xfc44bd52, secs 14, Flags [none] (0x0000)
          Client-Ethernet-Address 00:26:86:00:00:00 (oui Unknown)
          Vendor-rfc1048 Extensions
            Magic Cookie 0x63825363
            DHCP-Message Option 53, length 1: Discover
            Parameter-Request Option 55, length 7:
              Subnet-Mask, BR, Time-Zone, Default-Gateway
              Domain-Name, Domain-Name-Server, Hostname
            END Option 255, length 0
            PAD Option 0, length 0, occurs 47
17:34:19.474906 IP (tos 0x10, ttl 128, id 0, offset 0, flags [none], proto UDP (17), length 328)
    0.0.0.0.bootpc > 255.255.255.255.bootps: [udp sum ok] BOOTP/DHCP, Request from 00:26:86:00:00:00 (oui Unknown), length 300, xid 0xfc44bd52, secs 34, Flags [none] (0x0000)
          Client-Ethernet-Address 00:26:86:00:00:00 (oui Unknown)
          Vendor-rfc1048 Extensions
            Magic Cookie 0x63825363
            DHCP-Message Option 53, length 1: Discover
            Parameter-Request Option 55, length 7:
              Subnet-Mask, BR, Time-Zone, Default-Gateway
              Domain-Name, Domain-Name-Server, Hostname
            END Option 255, length 0
            PAD Option 0, length 0, occurs 47
17:34:38.050119 IP (tos 0x10, ttl 128, id 0, offset 0, flags [none], proto UDP (17), length 328)
    0.0.0.0.bootpc > 255.255.255.255.bootps: [udp sum ok] BOOTP/DHCP, Request from 00:26:86:00:00:00 (oui Unknown), length 300, xid 0xfc44bd52, secs 52, Flags [none] (0x0000)
          Client-Ethernet-Address 00:26:86:00:00:00 (oui Unknown)
          Vendor-rfc1048 Extensions
            Magic Cookie 0x63825363
            DHCP-Message Option 53, length 1: Discover
            Parameter-Request Option 55, length 7:
              Subnet-Mask, BR, Time-Zone, Default-Gateway
              Domain-Name, Domain-Name-Server, Hostname
            END Option 255, length 0
            PAD Option 0, length 0, occurs 47
17:34:44.920169 IP (tos 0x10, ttl 128, id 0, offset 0, flags [none], proto UDP (17), length 328)
    0.0.0.0.bootpc > 255.255.255.255.bootps: [udp sum ok] BOOTP/DHCP, Request from 00:26:86:00:00:00 (oui Unknown), length 300, xid 0xfc44bd52, secs 59, Flags [none] (0x0000)
          Client-Ethernet-Address 00:26:86:00:00:00 (oui Unknown)
          Vendor-rfc1048 Extensions
            Magic Cookie 0x63825363
            DHCP-Message Option 53, length 1: Discover
            Parameter-Request Option 55, length 7:
              Subnet-Mask, BR, Time-Zone, Default-Gateway
              Domain-Name, Domain-Name-Server, Hostname
            END Option 255, length 0
            PAD Option 0, length 0, occurs 47
17:39:42.363708 IP (tos 0x10, ttl 128, id 0, offset 0, flags [none], proto UDP (17), length 328)
    0.0.0.0.bootpc > 255.255.255.255.bootps: [udp sum ok] BOOTP/DHCP, Request from 00:26:86:00:00:00 (oui Unknown), length 300, xid 0xf869e760, Flags [none] (0x0000)
          Client-Ethernet-Address 00:26:86:00:00:00 (oui Unknown)
          Vendor-rfc1048 Extensions
            Magic Cookie 0x63825363
            DHCP-Message Option 53, length 1: Discover
            Parameter-Request Option 55, length 7:
              Subnet-Mask, BR, Time-Zone, Default-Gateway
              Domain-Name, Domain-Name-Server, Hostname
            END Option 255, length 0
            PAD Option 0, length 0, occurs 47
17:39:50.048478 IP (tos 0x10, ttl 128, id 0, offset 0, flags [none], proto UDP (17), length 328)
    0.0.0.0.bootpc > 255.255.255.255.bootps: [udp sum ok] BOOTP/DHCP, Request from 00:26:86:00:00:00 (oui Unknown), length 300, xid 0xf869e760, secs 7, Flags [none] (0x0000)
          Client-Ethernet-Address 00:26:86:00:00:00 (oui Unknown)
          Vendor-rfc1048 Extensions
            Magic Cookie 0x63825363
            DHCP-Message Option 53, length 1: Discover
            Parameter-Request Option 55, length 7:
              Subnet-Mask, BR, Time-Zone, Default-Gateway
              Domain-Name, Domain-Name-Server, Hostname
            END Option 255, length 0
            PAD Option 0, length 0, occurs 47
17:40:05.253686 IP (tos 0x10, ttl 128, id 0, offset 0, flags [none], proto UDP (17), length 328)
    0.0.0.0.bootpc > 255.255.255.255.bootps: [udp sum ok] BOOTP/DHCP, Request from 00:26:86:00:00:00 (oui Unknown), length 300, xid 0xf869e760, secs 23, Flags [none] (0x0000)
          Client-Ethernet-Address 00:26:86:00:00:00 (oui Unknown)
          Vendor-rfc1048 Extensions
            Magic Cookie 0x63825363
            DHCP-Message Option 53, length 1: Discover
            Parameter-Request Option 55, length 7:
              Subnet-Mask, BR, Time-Zone, Default-Gateway
              Domain-Name, Domain-Name-Server, Hostname
            END Option 255, length 0
            PAD Option 0, length 0, occurs 47
17:40:20.923872 IP (tos 0x10, ttl 128, id 0, offset 0, flags [none], proto UDP (17), length 328)
    0.0.0.0.bootpc > 255.255.255.255.bootps: [udp sum ok] BOOTP/DHCP, Request from 00:26:86:00:00:00 (oui Unknown), length 300, xid 0xf869e760, secs 38, Flags [none] (0x0000)
          Client-Ethernet-Address 00:26:86:00:00:00 (oui Unknown)
          Vendor-rfc1048 Extensions
            Magic Cookie 0x63825363
            DHCP-Message Option 53, length 1: Discover
            Parameter-Request Option 55, length 7:
              Subnet-Mask, BR, Time-Zone, Default-Gateway
              Domain-Name, Domain-Name-Server, Hostname
            END Option 255, length 0
            PAD Option 0, length 0, occurs 47
17:40:34.579002 IP (tos 0x10, ttl 128, id 0, offset 0, flags [none], proto UDP (17), length 328)
    0.0.0.0.bootpc > 255.255.255.255.bootps: [udp sum ok] BOOTP/DHCP, Request from 00:26:86:00:00:00 (oui Unknown), length 300, xid 0xf869e760, secs 52, Flags [none] (0x0000)
          Client-Ethernet-Address 00:26:86:00:00:00 (oui Unknown)
          Vendor-rfc1048 Extensions
            Magic Cookie 0x63825363
            DHCP-Message Option 53, length 1: Discover
            Parameter-Request Option 55, length 7:
              Subnet-Mask, BR, Time-Zone, Default-Gateway
              Domain-Name, Domain-Name-Server, Hostname
            END Option 255, length 0
            PAD Option 0, length 0, occurs 47
17:45:38.757551 IP (tos 0x10, ttl 128, id 0, offset 0, flags [none], proto UDP (17), length 328)
    0.0.0.0.bootpc > 255.255.255.255.bootps: [udp sum ok] BOOTP/DHCP, Request from 00:26:86:00:00:00 (oui Unknown), length 300, xid 0xeb3aab66, Flags [none] (0x0000)
          Client-Ethernet-Address 00:26:86:00:00:00 (oui Unknown)
          Vendor-rfc1048 Extensions
            Magic Cookie 0x63825363
            DHCP-Message Option 53, length 1: Discover
            Parameter-Request Option 55, length 7:
              Subnet-Mask, BR, Time-Zone, Default-Gateway
              Domain-Name, Domain-Name-Server, Hostname
            END Option 255, length 0
            PAD Option 0, length 0, occurs 47
17:45:41.452332 IP (tos 0x10, ttl 128, id 0, offset 0, flags [none], proto UDP (17), length 328)
    0.0.0.0.bootpc > 255.255.255.255.bootps: [udp sum ok] BOOTP/DHCP, Request from 00:26:86:00:00:00 (oui Unknown), length 300, xid 0xeb3aab66, secs 3, Flags [none] (0x0000)
          Client-Ethernet-Address 00:26:86:00:00:00 (oui Unknown)
          Vendor-rfc1048 Extensions
            Magic Cookie 0x63825363
            DHCP-Message Option 53, length 1: Discover
            Parameter-Request Option 55, length 7:
              Subnet-Mask, BR, Time-Zone, Default-Gateway
              Domain-Name, Domain-Name-Server, Hostname
            END Option 255, length 0
            PAD Option 0, length 0, occurs 47
17:45:44.827356 IP (tos 0x10, ttl 128, id 0, offset 0, flags [none], proto UDP (17), length 328)
    0.0.0.0.bootpc > 255.255.255.255.bootps: [udp sum ok] BOOTP/DHCP, Request from 00:26:86:00:00:00 (oui Unknown), length 300, xid 0xeb3aab66, secs 6, Flags [none] (0x0000)
          Client-Ethernet-Address 00:26:86:00:00:00 (oui Unknown)
          Vendor-rfc1048 Extensions
            Magic Cookie 0x63825363
            DHCP-Message Option 53, length 1: Discover
            Parameter-Request Option 55, length 7:
              Subnet-Mask, BR, Time-Zone, Default-Gateway
              Domain-Name, Domain-Name-Server, Hostname
            END Option 255, length 0
            PAD Option 0, length 0, occurs 47
17:45:48.442431 IP (tos 0x10, ttl 128, id 0, offset 0, flags [none], proto UDP (17), length 328)
    0.0.0.0.bootpc > 255.255.255.255.bootps: [udp sum ok] BOOTP/DHCP, Request from 00:26:86:00:00:00 (oui Unknown), length 300, xid 0xeb3aab66, secs 10, Flags [none] (0x0000)
          Client-Ethernet-Address 00:26:86:00:00:00 (oui Unknown)
          Vendor-rfc1048 Extensions
            Magic Cookie 0x63825363
            DHCP-Message Option 53, length 1: Discover
            Parameter-Request Option 55, length 7:
              Subnet-Mask, BR, Time-Zone, Default-Gateway
              Domain-Name, Domain-Name-Server, Hostname
            END Option 255, length 0
            PAD Option 0, length 0, occurs 47
17:45:54.557452 IP (tos 0x10, ttl 128, id 0, offset 0, flags [none], proto UDP (17), length 328)
    0.0.0.0.bootpc > 255.255.255.255.bootps: [udp sum ok] BOOTP/DHCP, Request from 00:26:86:00:00:00 (oui Unknown), length 300, xid 0xeb3aab66, secs 16, Flags [none] (0x0000)
          Client-Ethernet-Address 00:26:86:00:00:00 (oui Unknown)
          Vendor-rfc1048 Extensions
            Magic Cookie 0x63825363
            DHCP-Message Option 53, length 1: Discover
            Parameter-Request Option 55, length 7:
              Subnet-Mask, BR, Time-Zone, Default-Gateway
              Domain-Name, Domain-Name-Server, Hostname
            END Option 255, length 0
            PAD Option 0, length 0, occurs 47
17:46:05.157574 IP (tos 0x10, ttl 128, id 0, offset 0, flags [none], proto UDP (17), length 328)
    0.0.0.0.bootpc > 255.255.255.255.bootps: [udp sum ok] BOOTP/DHCP, Request from 00:26:86:00:00:00 (oui Unknown), length 300, xid 0xeb3aab66, secs 26, Flags [none] (0x0000)
          Client-Ethernet-Address 00:26:86:00:00:00 (oui Unknown)
          Vendor-rfc1048 Extensions
            Magic Cookie 0x63825363
            DHCP-Message Option 53, length 1: Discover
            Parameter-Request Option 55, length 7:
              Subnet-Mask, BR, Time-Zone, Default-Gateway
              Domain-Name, Domain-Name-Server, Hostname
            END Option 255, length 0
            PAD Option 0, length 0, occurs 47
17:46:18.452765 IP (tos 0x10, ttl 128, id 0, offset 0, flags [none], proto UDP (17), length 328)
    0.0.0.0.bootpc > 255.255.255.255.bootps: [udp sum ok] BOOTP/DHCP, Request from 00:26:86:00:00:00 (oui Unknown), length 300, xid 0xeb3aab66, secs 40, Flags [none] (0x0000)
          Client-Ethernet-Address 00:26:86:00:00:00 (oui Unknown)
          Vendor-rfc1048 Extensions
            Magic Cookie 0x63825363
            DHCP-Message Option 53, length 1: Discover
            Parameter-Request Option 55, length 7:
              Subnet-Mask, BR, Time-Zone, Default-Gateway
              Domain-Name, Domain-Name-Server, Hostname
            END Option 255, length 0
            PAD Option 0, length 0, occurs 47
17:46:35.377913 IP (tos 0x10, ttl 128, id 0, offset 0, flags [none], proto UDP (17), length 328)
    0.0.0.0.bootpc > 255.255.255.255.bootps: [udp sum ok] BOOTP/DHCP, Request from 00:26:86:00:00:00 (oui Unknown), length 300, xid 0xeb3aab66, secs 57, Flags [none] (0x0000)
          Client-Ethernet-Address 00:26:86:00:00:00 (oui Unknown)
          Vendor-rfc1048 Extensions
            Magic Cookie 0x63825363
            DHCP-Message Option 53, length 1: Discover
            Parameter-Request Option 55, length 7:
              Subnet-Mask, BR, Time-Zone, Default-Gateway
              Domain-Name, Domain-Name-Server, Hostname
            END Option 255, length 0
            PAD Option 0, length 0, occurs 47
tcpdump -vvv -i igb0 port 67 or 68
17:51:06.061167 IP (tos 0x10, ttl 128, id 0, offset 0, flags [none], proto UDP (17), length 328)
    0.0.0.0.bootpc > 255.255.255.255.bootps: [udp sum ok] BOOTP/DHCP, Request from 00:26:86:00:00:00 (oui Unknown), length 300, xid 0x89091d15, Flags [none] (0x0000)
          Client-Ethernet-Address 00:26:86:00:00:00 (oui Unknown)
          Vendor-rfc1048 Extensions
            Magic Cookie 0x63825363
            DHCP-Message Option 53, length 1: Discover
            Parameter-Request Option 55, length 7:
              Subnet-Mask, BR, Time-Zone, Default-Gateway
              Domain-Name, Domain-Name-Server, Hostname
            END Option 255, length 0
            PAD Option 0, length 0, occurs 47
17:51:12.865953 IP (tos 0x10, ttl 128, id 0, offset 0, flags [none], proto UDP (17), length 328)
    0.0.0.0.bootpc > 255.255.255.255.bootps: [udp sum ok] BOOTP/DHCP, Request from 00:26:86:00:00:00 (oui Unknown), length 300, xid 0x89091d15, secs 7, Flags [none] (0x0000)
          Client-Ethernet-Address 00:26:86:00:00:00 (oui Unknown)
          Vendor-rfc1048 Extensions
            Magic Cookie 0x63825363
            DHCP-Message Option 53, length 1: Discover
            Parameter-Request Option 55, length 7:
              Subnet-Mask, BR, Time-Zone, Default-Gateway
              Domain-Name, Domain-Name-Server, Hostname
            END Option 255, length 0
            PAD Option 0, length 0, occurs 47
17:51:21.401082 IP (tos 0x10, ttl 128, id 0, offset 0, flags [none], proto UDP (17), length 328)
    0.0.0.0.bootpc > 255.255.255.255.bootps: [udp sum ok] BOOTP/DHCP, Request from 00:26:86:00:00:00 (oui Unknown), length 300, xid 0x89091d15, secs 16, Flags [none] (0x0000)
          Client-Ethernet-Address 00:26:86:00:00:00 (oui Unknown)
          Vendor-rfc1048 Extensions
            Magic Cookie 0x63825363
            DHCP-Message Option 53, length 1: Discover
            Parameter-Request Option 55, length 7:
              Subnet-Mask, BR, Time-Zone, Default-Gateway
              Domain-Name, Domain-Name-Server, Hostname
            END Option 255, length 0
            PAD Option 0, length 0, occurs 47

In the process of trying to copy the above it then spit out the following:

[code]
Suspended
[2.4.2-RELEASE][admin@Goodrich.localdomain]/root: tcpdump: listening on igb0, link-type EN10MB (Ethernet), capture size 262144 bytes
Badly placed ()'s.
            END Option 255, length 0
            PAD Option 0, length 0, occurs 47
17:34:38.050119 IP (tos 0x10, ttl 128, id 0, offset 0, flags [none], proto UDP (17), length 328)
    0.0.0.0.bootpc > 255.255.255.255.bootps: [udp sum ok] BOOTP/DHCP, Request from 00:26:86:00:00:00 (oui Unknown), length 300, xid 0xfc44bd52, secs 52, Flags [none] (0x0000)
          Client-Ethernet-Address 00:26:86:00:00:00 (oui Unknown)
          Vendor-rfc1048 Extensions
            Magic Cookie 0x63825363
            DHCP-Message Option 53, length 1: Discover
            Parameter-Request Option 55, length 7:
              Subnet-Mask, BR, Time-Zone, Default-Gateway
              Domain-Name, Domain-Name-Server, Hostname
            END Option 255, length 0
            PAD Option 0, length 0, occurs 47
17:34:44.920169 IP (tos 0x10, ttl 128, id 0, offset 0, flags [none], proto UDP (17), length 328)
    0.0.0.0.bootpc > 255.255.255.255.bootps: [udp sum ok] BOOTP/DHCP, Request from 00:26:86:00:00:00 (oui Unknown), length 300, xid 0xfc44bd52, secs 59, Flags [none] (0x0000)
          Client-Ethernet-Address 00:26:86:00:00:00 (oui Unknown)
          Vendor-rfc1048 Extensions
            Magic Cookie 0x63825363
            DHCP-Message Option 53, length 1: Discover
            Parameter-Request Option 55, length 7:
[2.4.2-RELEASE][admin@Goodrich.localdomain]/root: 17:33:45.934850 IP (tos 0x10, ttl 128, id 0, offset 0, flags [none], proto UDP (17), length 328)
Badly placed ()'s.
              Subnet-Mask, BR, Time-Zone, Default-Gateway
              Domain-Name, Domain-Name-Server, Hostname
            END Option 255, length 0
            PAD Option 0, length 0, occurs 47
17:39:42.363708 IP (tos 0x10, ttl 128, id 0, offset 0, flags [none], proto UDP (17), length 328)
    0.0.0.0.bootpc > 255.255.255.255.bootps: [udp sum ok] BOOTP/DHCP, Request from 00:26:86:00:00:00 (oui Unknown), length 300, xid 0xf869e760, Flags [none] (0x0000)
          Client-Ethernet-Address 00:26:86:00:00:00 (oui Unknown)
          Vendor-rfc1048 Extensions
            Magic Cookie 0x63825363
            DHCP-Message Option 53, length 1: Discover
            Parameter-Request Option 55, length 7:
              Subnet-Mask, BR, Time-Zone, Default-Gateway
              Domain-Name, Domain-Name-Server, Hostname
            END Option 255, length 0
            PAD Option 0, length 0, occurs 47
17:39:50.048478 IP (tos 0x10, ttl 128, id 0, offset 0, flags [none], proto UDP (17), length 328)
    0.0.0.0.bootpc > 255.255.255.255.bootps: [udp sum ok] BOOTP/DHCP, Request from 00:26:86:00:00:00 (oui Unknown), length 300, xid 0xf869e760, secs 7, Flags [none] (0x0000)
          Client-Ethernet-Address 00:26:86:00:00:00 (oui Unknown)
          Vendor-rfc1048 Extensions
            Magic Cookie 0x63825363
            DHCP-Message Option 53, length 1: Discover
            Parameter-Request Option 55, length 7:
              Subnet-Mask, BR, Time-Zone, Default-Gateway
              Domain-Name, Domain-Name-Server, Hostname
            END Option 255, length 0
            PAD Option 0, length 0, occurs 47
17:40:05.253686 IP (tos 0x10, ttl 128, id 0, offset 0, flags [none], proto UDP (17), length 328)
    0.0.0.0.bootpc > 255.255.255.255.bootps: [udp sum ok] BOOTP/DHCP, Request from 00:26:86:00:00:00 (oui Unknown), length 300, xid 0xf869e760, secs 23, Flags [none] (0x0000)
          Client-Ethernet-Address 00:26:86:00:00:00 (oui Unknown)
          Vendor-rfc1048 Extensions
            Magic Cookie 0x63825363
[2.4.2-RELEASE][admin@Goodrich.localdomain]/root:     0.0.0.0.bootpc > 255.255.255.255.bootps: [udp sum ok] BOOTP/DHCP, Request from 00:26:86:00:00:00 (oui Unknown), length 300, xid 0xfc44bd52, Flags [none] (0x0000)
Badly placed (.
[2.4.2-RELEASE][admin@Goodrich.localdomain]/root:           Client-Ethernet-Address 00:26:86:00:00:00 (oui Unknown)
Badly placed ()'s.
            DHCP-Message Option 53, length 1: Discover
            Parameter-Request Option 55, length 7:
              Subnet-Mask, BR, Time-Zone, Default-Gateway
              Domain-Name, Domain-Name-Server, Hostname
            END Option 255, length 0
            PAD Option 0, length 0, occurs 47
17:40:20.923872 IP (tos 0x10, ttl 128, id 0, offset 0, flags [none], proto UDP (17), length 328)
    0.0.0.0.bootpc > 255.255.255.255.bootps: [udp sum ok] BOOTP/DHCP, Request from 00:26:86:00:00:00 (oui Unknown), length 300, xid 0xf869e760, secs 38, Flags [none] (0x0000)
          Client-Ethernet-Address 00:26:86:00:00:00 (oui Unknown)
          Vendor-rfc1048 Extensions
            Magic Cookie 0x63825363
            DHCP-Message Option 53, length 1: Discover
            Parameter-Request Option 55, length 7:
              Subnet-Mask, BR, Time-Zone, Default-Gateway
              Domain-Name, Domain-Name-Server, Hostname
            END Option 255, length 0
            PAD Option 0, length 0, occurs 47
17:40:34.579002 IP (tos 0x10, ttl 128, id 0, offset 0, flags [none], proto UDP (17), length 328)
    0.0.0.0.bootpc > 255.255.255.255.bootps: [udp sum ok] BOOTP/DHCP, Request from 00:26:86:00:00:00 (oui Unknown), length 300, xid 0xf869e760, secs 52, Flags [none] (0x0000)
          Client-Ethernet-Address 00:26:86:00:00:00 (oui Unknown)
          Vendor-rfc1048 Extensions
            Magic Cookie 0x63825363
            DHCP-Message Option 53, length 1: Discover
            Parameter-Request Option 55, length 7:
              Subnet-Mask, BR, Time-Zone, Default-Gateway
              Domain-Name, Domain-Name-Server, Hostname
            END Option 255, length 0
            PAD Option 0, length 0, occurs 47
17:45:38.757551 IP (tos 0x10, ttl 128, id 0, offset 0, flags [none], proto UDP (17), length 328)
    0.0.0.0.bootpc > 255.255.255.255.bootps: [udp sum ok] BOO[2.4.2-RELEASE][admin@Goodrich.localdomain]/root:           Vendor-rfc1048 Extensions
Vendor-rfc1048: Command not found.
[2.4.2-RELEASE][admin@Goodrich.localdomain]/root:             Magic Cookie 0x63825363
Magic: Command not found.
[2.4.2-RELEASE][admin@Goodrich.localdomain]/root: TP/DHCP, Request from 00:26:86:00:00:00 (oui Unknown), length 300, xid 0xeb3aab66, Flags [none] (0x0000)
          Client-Ethern            DHCP-Message Option 53, length 1: Discover
DHCP-Message: Command not found.
[2.4.2-RELEASE][admin@Goodrich.localdomain]/root:             Parameter-Request Option 55, length 7:
Parameter-Request: Command not found.
[2.4.2-RELEASE][admin@Goodrich.localdomain]/root: et-Address 00:26:86:00:00:00 (oui Unknown)
          Vendor-rfc1048 Extensions
            Magic Cookie 0x63825363
            D              Subnet-Mask, BR, Time-Zone, Default-Gateway
Subnet-Mask,: Command not found.
[2.4.2-RELEASE][admin@Goodrich.localdomain]/root:               Domain-Name, Domain-Name-Server, Hostname
Domain-Name,: Command not found.
[2.4.2-RELEASE][admin@Goodrich.localdomain]/root:             END Option 255, length 0
END: Command not found.
[2.4.2-RELEASE][admin@Goodrich.localdomain]/root: HCP-Message Option 53, length 1: Discover
            Parameter-Request Option 55, length 7:
              Subnet-Mask, BR, Time            PAD Option 0, length 0, occurs 47
PAD: Command not found.
[2.4.2-RELEASE][admin@Goodrich.localdomain]/root: 17:33:49.809518 IP (tos 0x10, ttl 128, id 0, offset 0, flags [none], proto UDP (17), length 328)
Badly placed ()'s.
[2.4.2-RELEASE][admin@Goodrich.localdomain]/root: -Zone, Default-Gateway
              Domain-Name, Domain-Name-Server, Hostname
            END Option 255, length 0
            PAD Option 0, length 0, occurs 47
17:45:41.452332 IP (tos 0x10, ttl 128, id 0, offset 0, flags [none], proto UDP (17), length 32    0.0.0.0.bootpc > 255.255.255.255.bootps: [udp sum ok] BOOTP/DHCP, Request from 00:26:86:00:00:00 (oui Unknown), length 300, xid 0xfc44bd52, secs 4, Flags [none] (0x0000)
Badly placed (.
[2.4.2-RELEASE][admin@Goodrich.localdomain]/root:           Client-Ethernet-Address 00:26:86:00:00:00 (oui Unknown)
Badly placed ()'s.
[2.4.2-RELEASE][admin@Goodrich.localdomain]/root: 8)
    0.0.0.0.bootpc > 255.255.255.255.bootps: [udp sum ok] BOOTP/DHCP, Request from 00:26:86:00:00:00 (oui Unknown), length 30          Vendor-rfc1048 Extensions
Vendor-rfc1048: Command not found.
[2.4.2-RELEASE][admin@Goodrich.localdomain]/root:             Magic Cookie 0x63825363
Magic: Command not found.
[2.4.2-RELEASE][admin@Goodrich.localdomain]/root:             DHCP-Message Option 53, length 1: Discover
DHCP-Message: Command not found.
[2.4.2-RELEASE][admin@Goodrich.localdomain]/root: 0, xid 0xeb3aab66, secs 3, Flags [none] (0x0000)
          Client-Ethernet-Address 00:26:86:00:00:00 (oui Unknown)
          Ven            Parameter-Request Option 55, length 7:
Parameter-Request: Command not found.
[2.4.2-RELEASE][admin@Goodrich.localdomain]/root:               Subnet-Mask, BR, Time-Zone, Default-Gateway
Subnet-Mask,: Command not found.
[2.4.2-RELEASE][admin@Goodrich.localdomain]/root: dor-rfc1048 Extensions
            Magic Cookie 0x63825363
            DHCP-Message Option 53, length 1: Discover
            Pa              Domain-Name, Domain-Name-Server, Hostname
Domain-Name,: Command not found.
[2.4.2-RELEASE][admin@Goodrich.localdomain]/root:             END Option 255, length 0
END: Command not found.
[2.4.2-RELEASE][admin@Goodrich.localdomain]/root:             PAD Option 0, length 0, occurs 47
PAD: Command not found.
[2.4.2-RELEASE][admin@Goodrich.localdomain]/root: rameter-Request Option 55, length 7:
              Subnet-Mask, BR, Time-Zone, Default-Gateway
              Domain-Name, Domain17:33:59.549725 IP (tos 0x10, ttl 128, id 0, offset 0, flags [none], proto UDP (17), length 328)
Badly placed ()'s.
[2.4.2-RELEASE][admin@Goodrich.localdomain]/root: -Name-Server, Hostname
            END Option 255, length 0
            PAD Option 0, length 0, occurs 47
17:45:44.827356 IP (to    0.0.0.0.bootpc > 255.255.255.255.bootps: [udp sum ok] BOOTP/DHCP, Request from 00:26:86:00:00:00 (oui Unknown), length 300, xid 0xfc44bd52, secs 14, Flags [none] (0x0000)
Badly placed (.
[2.4.2-RELEASE][admin@Goodrich.localdomain]/root: s 0x10, ttl 128, id 0, offset 0, flags [none], proto UDP (17), length 328)
    0.0.0.0.bootpc > 255.255.255.255.bootps: [udp sum          Client-Ethernet-Address 00:26:86:00:00:00 (oui Unknown)
Badly placed ()'s.
[2.4.2-RELEASE][admin@Goodrich.localdomain]/root:           Vendor-rfc1048 Extensions
Vendor-rfc1048: Command not found.
[2.4.2-RELEASE][admin@Goodrich.localdomain]/root:             Magic Cookie 0x63825363
Magic: Command not found.
[2.4.2-RELEASE][admin@Goodrich.localdomain]/root:  ok] BOOTP/DHCP, Request from 00:26:86:00:00:00 (oui Unknown), length 300, xid 0xeb3aab66, secs 6, Flags [none] (0x0000)
                   DHCP-Message Option 53, length 1: Discover
DHCP-Message: Command not found.
[2.4.2-RELEASE][admin@Goodrich.localdomain]/root:             Parameter-Request Option 55, length 7:
Parameter-Request: Command not found.
[2.4.2-RELEASE][admin@Goodrich.localdomain]/root:    Client-Ethernet-Address 00:26:86:00:00:00 (oui Unknown)
          Vendor-rfc1048 Extensions
            Magic Cookie 0x638253              Subnet-Mask, BR, Time-Zone, Default-Gateway
Subnet-Mask,: Command not found.
[2.4.2-RELEASE][admin@Goodrich.localdomain]/root:               Domain-Name, Domain-Name-Server, Hostname
Domain-Name,: Command not found.
[2.4.2-RELEASE][admin@Goodrich.localdomain]/root:             END Option 255, length 0
END: Command not found.
[2.4.2-RELEASE][admin@Goodrich.localdomain]/root: 63
            DHCP-Message Option 53, length 1: Discover
            Parameter-Request Option 55, length 7:
              Subne            PAD Option 0, length 0, occurs 47
PAD: Command not found.
[2.4.2-RELEASE][admin@Goodrich.localdomain]/root: t-Mask, BR, Time-Zone, Default-Gateway
              Domain-Name, Domain-Name-Server, Hostname
            END Option 255, lengt17:34:19.474906 IP (tos 0x10, ttl 128, id 0, offset 0, flags [none], proto UDP (17), length 328)
Badly placed ()'s.
[2.4.2-RELEASE][admin@Goodrich.localdomain]/root: h 0
            PAD Option 0, length 0, occurs 47
17:45:48.442431 IP (tos 0x10, ttl 128, id 0, offset 0, flags [none], proto UDP    0.0.0.0.bootpc > 255.255.255.255.bootps: [udp sum ok] BOOTP/DHCP, Request from 00:26:86:00:00:00 (oui Unknown), length 300, xid 0xfc44bd52, secs 34, Flags [none] (0x0000)
Badly placed (.
[2.4.2-RELEASE][admin@Goodrich.localdomain]/root:           Client-Ethernet-Address 00:26:86:00:00:00 (oui Unknown)
Badly placed ()'s.
[2.4.2-RELEASE][admin@Goodrich.localdomain]/root:  (17), length 328)
    0.0.0.0.bootpc > 255.255.255.255.bootps: [udp sum ok] BOOTP/DHCP, Request from 00:26:86:00:00:00 (oui Unk          Vendor-rfc1048 Extensions
Vendor-rfc1048: Command not found.
[2.4.2-RELEASE][admin@Goodrich.localdomain]/root:             Magic Cookie 0x63825363
Magic: Command not found.
[2.4.2-RELEASE][admin@Goodrich.localdomain]/root:             DHCP-Message Option 53, length 1: Discover
DHCP-Message: Command not found.
[2.4.2-RELEASE][admin@Goodrich.localdomain]/root: nown), length 300, xid 0xeb3aab66, secs 10, Flags [none] (0x0000)
          Client-Ethernet-Address 00:26:86:00:00:00 (oui Unkno            Parameter-Request Option 55, length 7:
Parameter-Request: Command not found.
[2.4.2-RELEASE][admin@Goodrich.localdomain]/root:               Subnet-Mask, BR, Time-Zone, Default-Gateway
Subnet-Mask,: Command not found.
[2.4.2-RELEASE][admin@Goodrich.localdomain]/root: wn)
          Vendor-rfc1048 Extensions
            Magic Cookie 0x63825363
            DHCP-Message Option 53, length 1: Discov              Domain-Name, Domain-Name-Server, Hostname
Domain-Name,: Command not found.
[2.4.2-RELEASE][admin@Goodrich.localdomain]/root:             END Option 255, length 0
END: Command not found.
[2.4.2-RELEASE][admin@Goodrich.localdomain]/root:             PAD Option 0, length 0, occurs 47
PAD: Command not found.
[2.4.2-RELEASE][admin@Goodrich.localdomain]/root: er
            Parameter-Request Option 55, length 7:
              Subnet-Mask, BR, Time-Zone, Default-Gateway
              Do17:34:38.050119 IP (tos 0x10, ttl 128, id 0, offset 0, flags [none], proto UDP (17), length 328)
Badly placed ()'s.
[2.4.2-RELEASE][admin@Goodrich.localdomain]/root: main-Name, Domain-Name-Server, Hostname
            END Option 255, length 0
            PAD Option 0, length 0, occurs 47
17:45    0.0.0.0.bootpc > 255.255.255.255.bootps: [udp sum ok] BOOTP/DHCP, Request from 00:26:86:00:00:00 (oui Unknown), length 300, xid 0xfc44bd52, secs 52, Flags [none] (0x0000)
Badly placed (.
[2.4.2-RELEASE][admin@Goodrich.localdomain]/root: :54.557452 IP (tos 0x10, ttl 128, id 0, offset 0, flags [none], proto UDP (17), length 328)
    0.0.0.0.bootpc > 255.255.255.255          Client-Ethernet-Address 00:26:86:00:00:00 (oui Unknown)
Badly placed ()'s.
[2.4.2-RELEASE][admin@Goodrich.localdomain]/root:           Vendor-rfc1048 Extensions
Vendor-rfc1048: Command not found.
[2.4.2-RELEASE][admin@Goodrich.localdomain]/root: .bootps: [udp sum ok] BOOTP/DHCP, Request from 00:26:86:00:00:00 (oui Unknown), length 300, xid 0xeb3aab66, secs 16, Flags [none            Magic Cookie 0x63825363
Magic: Command not found.
[2.4.2-RELEASE][admin@Goodrich.localdomain]/root:             DHCP-Message Option 53, length 1: Discover
DHCP-Message: Command not found.
[2.4.2-RELEASE][admin@Goodrich.localdomain]/root:             Parameter-Request Option 55, length 7:
Parameter-Request: Command not found.
[2.4.2-RELEASE][admin@Goodrich.localdomain]/root: ] (0x0000)
          Client-Ethernet-Address 00:26:86:00:00:00 (oui Unknown)
          Vendor-rfc1048 Extensions
            Mag              Subnet-Mask, BR, Time-Zone, Default-Gateway
Subnet-Mask,: Command not found.
[2.4.2-RELEASE][admin@Goodrich.localdomain]/root:               Domain-Name, Domain-Name-Server, Hostname
Domain-Name,: Command not found.
[2.4.2-RELEASE][admin@Goodrich.localdomain]/root: ic Cookie 0x63825363
            DHCP-Message Option 53, length 1: Discover
            Parameter-Request Option 55, length 7:
             END Option 255, length 0
END: Command not found.
[2.4.2-RELEASE][admin@Goodrich.localdomain]/root:             PAD Option 0, length 0, occurs 47
PAD: Command not found.
[2.4.2-RELEASE][admin@Goodrich.localdomain]/root:              Subnet-Mask, BR, Time-Zone, Default-Gateway
              Domain-Name, Domain-Name-Server, Hostname
            END17:34:44.920169 IP (tos 0x10, ttl 128, id 0, offset 0, flags [none], proto UDP (17), length 328)
Badly placed ()'s.
[2.4.2-RELEASE][admin@Goodrich.localdomain]/root:  Option 255, length 0
            PAD Option 0, length 0, occurs 47
17:46:05.157574 IP (tos 0x10, ttl 128, id 0, offset 0, flags    0.0.0.0.bootpc > 255.255.255.255.bootps: [udp sum ok] BOOTP/DHCP, Request from 00:26:86:00:00:00 (oui Unknown), length 300, xid 0xfc44bd52, secs 59, Flags [none] (0x0000)
Badly placed (.
[2.4.2-RELEASE][admin@Goodrich.localdomain]/root:  [none], proto UDP (17), length 328)
    0.0.0.0.bootpc > 255.255.255.255.bootps: [udp sum ok] BOOTP/DHCP, Request from 00:26:86          Client-Ethernet-Address 00:26:86:00:00:00 (oui Unknown)
Badly placed ()'s.
[2.4.2-RELEASE][admin@Goodrich.localdomain]/root:           Vendor-rfc1048 Extensions
Vendor-rfc1048: Command not found.
[2.4.2-RELEASE][admin@Goodrich.localdomain]/root:             Magic Cookie 0x63825363
Magic: Command not found.
[2.4.2-RELEASE][admin@Goodrich.localdomain]/root: :00:00:00 (oui Unknown), length 300, xid 0xeb3aab66, secs 26, Flags [none] (0x0000)
          Client-Ethernet-Address 00:26:86:0            DHCP-Message Option 53, length 1: Discover
DHCP-Message: Command not found.
[2.4.2-RELEASE][admin@Goodrich.localdomain]/root:             Parameter-Request Option 55, length 7:
Parameter-Request: Command not found.
[2.4.2-RELEASE][admin@Goodrich.localdomain]/root:               Subnet-Mask, BR, Time-Zone, Default-Gateway
Subnet-Mask,: Command not found.
[2.4.2-RELEASE][admin@Goodrich.localdomain]/root: 0:00:00 (oui Unknown)
          Vendor-rfc1048 Extensions
            Magic Cookie 0x63825363
            DHCP-Message Option 53              Domain-Name, Domain-Name-Server, Hostname
Domain-Name,: Command not found.
[2.4.2-RELEASE][admin@Goodrich.localdomain]/root:             END Option 255, length 0
END: Command not found.
[2.4.2-RELEASE][admin@Goodrich.localdomain]/root:             PAD Option 0, length 0, occurs 47
PAD: Command not found.
[2.4.2-RELEASE][admin@Goodrich.localdomain]/root: , length 1: Discover
            Parameter-Request Option 55, length 7:
              Subnet-Mask, BR, Time-Zone, Default-Gatewa17:39:42.363708 IP (tos 0x10, ttl 128, id 0, offset 0, flags [none], proto UDP (17), length 328)
Badly placed ()'s.
[2.4.2-RELEASE][admin@Goodrich.localdomain]/root: y
              Domain-Name, Domain-Name-Server, Hostname
            END Option 255, length 0
            PAD Option 0, length 0, occurs 47
17:46:18.452765 IP (tos 0x10, ttl 128, id 0, offset 0, flags [none], proto UDP (17), length 328)
    0.0.0.0.bootpc    0.0.0.0.bootpc > 255.255.255.255.bootps: [udp sum ok] BOOTP/DHCP, Request from 00:26:86:00:00:00 (oui Unknown), length 300, xid 0xf869e760, Flags [none] (0x0000)
Badly placed (.
[2.4.2-RELEASE][admin@Goodrich.localdomain]/root:           Client-Ethernet-Address 00:26:86:00:00:00 (oui Unknown)
Badly placed ()'s.
[2.4.2-RELEASE][admin@Goodrich.localdomain]/root:           Vendor-rfc1048 Extensions
Vendor-rfc1048: Command not found.
[2.4.2-RELEASE][admin@Goodrich.localdomain]/root:  > 255.255.255.255.bootps: [udp sum ok] BOOTP/DHCP, Request from 00:26:86:00:00:00 (oui Unknown), length 300, xid 0xeb3aab66, se            Magic Cookie 0x63825363
Magic: Command not found.
[2.4.2-RELEASE][admin@Goodrich.localdomain]/root:             DHCP-Message Option 53, length 1: Discover
DHCP-Message: Command not found.
[2.4.2-RELEASE][admin@Goodrich.localdomain]/root:             Parameter-Request Option 55, length 7:
Parameter-Request: Command not found.
[2.4.2-RELEASE][admin@Goodrich.localdomain]/root: cs 40, Flags [none] (0x0000)
          Client-Ethernet-Address 00:26:86:00:00:00 (oui Unknown)
          Vendor-rfc1048 Extensio              Subnet-Mask, BR, Time-Zone, Default-Gateway
Subnet-Mask,: Command not found.
[2.4.2-RELEASE][admin@Goodrich.localdomain]/root:               Domain-Name, Domain-Name-Server, Hostname
Domain-Name,: Command not found.
[2.4.2-RELEASE][admin@Goodrich.localdomain]/root: ns
            Magic Cookie 0x63825363
            DHCP-Message Option 53, length 1: Discover
            Parameter-Request Opti            END Option 255, length 0
END: Command not found.
[2.4.2-RELEASE][admin@Goodrich.localdomain]/root:             PAD Option 0, length 0, occurs 47
PAD: Command not found.
[2.4.2-RELEASE][admin@Goodrich.localdomain]/root: on 55, length 7:
              Subnet-Mask, BR, Time-Zone, Default-Gateway
              Domain-Name, Domain-Name-Server, Hostna17:39:50.048478 IP (tos 0x10, ttl 128, id 0, offset 0, flags [none], proto UDP (17), length 328)
Badly placed ()'s.
[2.4.2-RELEASE][admin@Goodrich.localdomain]/root: me
            END Option 255, length 0
            PAD Option 0, length 0, occurs 47
17:46:35.377913 IP (tos 0x10, ttl 128, id     0.0.0.0.bootpc > 255.255.255.255.bootps: [udp sum ok] BOOTP/DHCP, Request from 00:26:86:00:00:00 (oui Unknown), length 300, xid 0xf869e760, secs 7, Flags [none] (0x0000)
Badly placed (.
[2.4.2-RELEASE][admin@Goodrich.localdomain]/root: 0, offset 0, flags [none], proto UDP (17), length 328)
    0.0.0.0.bootpc > 255.255.255.255.bootps: [udp sum ok] BOOTP/DHCP, Req          Client-Ethernet-Address 00:26:86:00:00:00 (oui Unknown)
Badly placed ()'s.
[2.4.2-RELEASE][admin@Goodrich.localdomain]/root:           Vendor-rfc1048 Extensions
Vendor-rfc1048: Command not found.
[2.4.2-RELEASE][admin@Goodrich.localdomain]/root:             Magic Cookie 0x63825363
Magic: Command not found.
[2.4.2-RELEASE][admin@Goodrich.localdomain]/root: uest from 00:26:86:00:00:00 (oui Unknown), length 300, xid 0xeb3aab66, secs 57, Flags [none] (0x0000)
          Client-Ethernet-            DHCP-Message Option 53, length 1: Discover
DHCP-Message: Command not found.
[2.4.2-RELEASE][admin@Goodrich.localdomain]/root:             Parameter-Request Option 55, length 7:
Parameter-Request: Command not found.
[2.4.2-RELEASE][admin@Goodrich.localdomain]/root:               Subnet-Mask, BR, Time-Zone, Default-Gateway
Subnet-Mask,: Command not found.
[2.4.2-RELEASE][admin@Goodrich.localdomain]/root: Address 00:26:86:00:00:00 (oui Unknown)
          Vendor-rfc1048 Extensions
            Magic Cookie 0x63825363
            DHCP              Domain-Name, Domain-Name-Server, Hostname
Domain-Name,: Command not found.
[2.4.2-RELEASE][admin@Goodrich.localdomain]/root:             END Option 255, length 0
END: Command not found.
[2.4.2-RELEASE][admin@Goodrich.localdomain]/root: -Message Option 53, length 1: Discover
            Parameter-Request Option 55, length 7:
              Subnet-Mask, BR, Time-Zo            PAD Option 0, length 0, occurs 47
PAD: Command not found.
[2.4.2-RELEASE][admin@Goodrich.localdomain]/root: 17:40:05.253686 IP (tos 0x10, ttl 128, id 0, offset 0, flags [none], proto UDP (17), length 328)
Badly placed ()'s.
[2.4.2-RELEASE][admin@Goodrich.localdomain]/root: ne, Default-Gateway
              Domain-Name, Domain-Name-Server, Hostname
            END Option 255, length 0
            PAD Option 0, length 0, occurs 47
tcpdump -vvv -i igb0 port 67 or 68
17:51:06.061167 IP (tos 0x10, ttl 128, id 0, offset 0, flags [    0.0.0.0.bootpc > 255.255.255.255.bootps: [udp sum ok] BOOTP/DHCP, Request from 00:26:86:00:00:00 (oui Unknown), length 300, xid 0xf869e760, secs 23, Flags [none] (0x0000)
Badly placed (.
[2.4.2-RELEASE][admin@Goodrich.localdomain]/root:           Client-Ethernet-Address 00:26:86:00:00:00 (oui Unknown)
Badly placed ()'s.
[2.4.2-RELEASE][admin@Goodrich.localdomain]/root:           Vendor-rfc1048 Extensions
Vendor-rfc1048: Command not found.
[2.4.2-RELEASE][admin@Goodrich.localdomain]/root: none], proto UDP (17), length 328)
    0.0.0.0.bootpc > 255.255.255.255.bootps: [udp sum ok] BOOTP/DHCP, Request from 00:26:86:0            Magic Cookie 0x63825363
Magic: Command not found.
[2.4.2-RELEASE][admin@Goodrich.localdomain]/root:             DHCP-Message Option 53, length 1: Discover
DHCP-Message: Command not found.
[2.4.2-RELEASE][admin@Goodrich.localdomain]/root: 0:00:00 (oui Unknown), length 300, xid 0x89091d15, Flags [none] (0x0000)
          Client-Ethernet-Address 00:26:86:00:00:00 (ou            Parameter-Request Option 55, length 7:
Parameter-Request: Command not found.
[2.4.2-RELEASE][admin@Goodrich.localdomain]/root:               Subnet-Mask, BR, Time-Zone, Default-Gateway
Subnet-Mask,: Command not found.
[2.4.2-RELEASE][admin@Goodrich.localdomain]/root:               Domain-Name, Domain-Name-Server, Hostname
Domain-Name,: Command not found.
[2.4.2-RELEASE][admin@Goodrich.localdomain]/root: i Unknown)
          Vendor-rfc1048 Extensions
            Magic Cookie 0x63825363
            DHCP-Message Option 53, length 1:            END Option 255, length 0
END: Command not found.
[2.4.2-RELEASE][admin@Goodrich.localdomain]/root:             PAD Option 0, length 0, occurs 47
PAD: Command not found.
[2.4.2-RELEASE][admin@Goodrich.localdomain]/root:  Discover
            Parameter-Request Option 55, length 7:
              Subnet-Mask, BR, Time-Zone, Default-Gateway
         17:40:20.923872 IP (tos 0x10, ttl 128, id 0, offset 0, flags [none], proto UDP (17), length 328)
Badly placed ()'s.
[2.4.2-RELEASE][admin@Goodrich.localdomain]/root:      Domain-Name, Domain-Name-Server, Hostname
            END Option 255, length 0
            PAD Option 0, length 0, occurs 4    0.0.0.0.bootpc > 255.255.255.255.bootps: [udp sum ok] BOOTP/DHCP, Request from 00:26:86:00:00:00 (oui Unknown), length 300, xid 0xf869e760, secs 38, Flags [none] (0x0000)
Badly placed (.
[2.4.2-RELEASE][admin@Goodrich.localdomain]/root: 7
17:51:12.865953 IP (tos 0x10, ttl 128, id 0, offset 0, flags [none], proto UDP (17), length 328)
    0.0.0.0.bootpc > 255.255.          Client-Ethernet-Address 00:26:86:00:00:00 (oui Unknown)
Badly placed ()'s.
[2.4.2-RELEASE][admin@Goodrich.localdomain]/root:           Vendor-rfc1048 Extensions
Vendor-rfc1048: Command not found.
[2.4.2-RELEASE][admin@Goodrich.localdomain]/root:             Magic Cookie 0x63825363
Magic: Command not found.
[2.4.2-RELEASE][admin@Goodrich.localdomain]/root: 255.255.bootps: [udp sum ok] BOOTP/DHCP, Request from 00:26:86:00:00:00 (oui Unknown), length 300, xid 0x89091d15, secs 7, Flags            DHCP-Message Option 53, length 1: Discover
DHCP-Message: Command not found.
[2.4.2-RELEASE][admin@Goodrich.localdomain]/root:             Parameter-Request Option 55, length 7:
Parameter-Request: Command not found.
[2.4.2-RELEASE][admin@Goodrich.localdomain]/root:  [none] (0x0000)
          Client-Ethernet-Address 00:26:86:00:00:00 (oui Unknown)
          Vendor-rfc1048 Extensions
                       Subnet-Mask, BR, Time-Zone, Default-Gateway
Subnet-Mask,: Command not found.
[2.4.2-RELEASE][admin@Goodrich.localdomain]/root:               Domain-Name, Domain-Name-Server, Hostname
Domain-Name,: Command not found.
[2.4.2-RELEASE][admin@Goodrich.localdomain]/root:             END Option 255, length 0
END: Command not found.
[2.4.2-RELEASE][admin@Goodrich.localdomain]/root:    Magic Cookie 0x63825363
            DHCP-Message Option 53, length 1: Discover
            Parameter-Request Option 55, lengt            PAD Option 0, length 0, occurs 47
PAD: Command not found.
[2.4.2-RELEASE][admin@Goodrich.localdomain]/root: 17:40:34.579002 IP (tos 0x10, ttl 128, id 0, offset 0, flags [none], proto UDP (17), length 328)
Badly placed ()'s.
[2.4.2-RELEASE][admin@Goodrich.localdomain]/root: h 7:
              Subnet-Mask, BR, Time-Zone, Default-Gateway
              Domain-Name, Domain-Name-Server, Hostname
            END Option 255, length 0
            PAD Option 0, length 0, occurs 47
17:51:21.401082 IP (tos 0x10, ttl 128, id 0, offset 0,    0.0.0.0.bootpc > 255.255.255.255.bootps: [udp sum ok] BOOTP/DHCP, Request from 00:26:86:00:00:00 (oui Unknown), length 300, xid 0xf869e760, secs 52, Flags [none] (0x0000)
Badly placed (.
[2.4.2-RELEASE][admin@Goodrich.localdomain]/root:           Client-Ethernet-Address 00:26:86:00:00:00 (oui Unknown)
Badly placed ()'s.
[2.4.2-RELEASE][admin@Goodrich.localdomain]/root:  flags [none], proto UDP (17), length 328)
    0.0.0.0.bootpc > 255.255.255.255.bootps: [udp sum ok] BOOTP/DHCP, Request from 00          Vendor-rfc1048 Extensions
Vendor-rfc1048: Command not found.
[2.4.2-RELEASE][admin@Goodrich.localdomain]/root:             Magic Cookie 0x63825363
Magic: Command not found.
[2.4.2-RELEASE][admin@Goodrich.localdomain]/root:             DHCP-Message Option 53, length 1: Discover
DHCP-Message: Command not found.
[2.4.2-RELEASE][admin@Goodrich.localdomain]/root: :26:86:00:00:00 (oui Unknown), length 300, xid 0x89091d15, secs 16, Flags [none] (0x0000)
          Client-Ethernet-Address 00:2            Parameter-Request Option 55, length 7:
Parameter-Request: Command not found.
[2.4.2-RELEASE][admin@Goodrich.localdomain]/root:               Subnet-Mask, BR, Time-Zone, Default-Gateway
Subnet-Mask,: Command not found.
[2.4.2-RELEASE][admin@Goodrich.localdomain]/root: 6:86:00:00:00 (oui Unknown)
          Vendor-rfc1048 Extensions
            Magic Cookie 0x63825363
            DHCP-Message Opt              Domain-Name, Domain-Name-Server, Hostname
Domain-Name,: Command not found.
[2.4.2-RELEASE][admin@Goodrich.localdomain]/root:             END Option 255, length 0
END: Command not found.
[2.4.2-RELEASE][admin@Goodrich.localdomain]/root:             PAD Option 0, length 0, occurs 47
PAD: Command not found.
[2.4.2-RELEASE][admin@Goodrich.localdomain]/root: ion 53, length 1: Discover
            Parameter-Request Option 55, length 7:
              Subnet-Mask, BR, Time-Zone, Default-17:45:38.757551 IP (tos 0x10, ttl 128, id 0, offset 0, flags [none], proto UDP (17), length 328)
Badly placed ()'s.
[2.4.2-RELEASE][admin@Goodrich.localdomain]/root: Gateway
              Domain-Name, Domain-Name-Server, Hostname
            END Option 255, length 0
            PAD Option 0, l    0.0.0.0.bootpc > 255.255.255.255.bootps: [udp sum ok] BOOTP/DHCP, Request from 00:26:86:00:00:00 (oui Unknown), length 300, xid 0xeb3aab66, Flags [none] (0x0000)
Badly placed (.
[2.4.2-RELEASE][admin@Goodrich.localdomain]/root: ength 0, occurs 47
          Client-Ethernet-Address 00:26:86:00:00:00 (oui Unknown)
Badly placed ()'s.
[2.4.2-RELEASE][admin@Goodrich.localdomain]/root:           Vendor-rfc1048 Extensions
Ve
« Last Edit: December 04, 2017, 08:48:54 pm by tagit446 »
pfSense v2.4.2 - RELEASE (amd64) running on AMD Phenom(tm) II X4 965 Processor, Asus M4A89GTD PRO motherboard, Dell / Intel Pro/1000 VT Quad Port PCI-E Gigabit NIC Dell P/N 0H092p

Offline NogBadTheBad

  • Sr. Member
  • ****
  • Posts: 389
  • Karma: +32/-0
    • View Profile
Re: Why am I seeing this in my Firewall Logs so Often
« Reply #17 on: December 05, 2017, 03:07:35 am »
The first 3 octets of the mac address are owned by Quantenna Communcations, Inc.

https://www.wireshark.org/tools/oui-lookup.html

You can also send the output from tcpdump to a file using -w output.pcap you can remove the -vvv if you write to a file, you'd need some sort of sftp client to copy the file from your pfSense box to a PC running wireshark.

Is your Internet provided via some sort of wireless link ?

It might just be easier if the entries in the log are buggiing you to put a block rule on the WAN interface and tell it not to log, as its hitting the defauly block and logging.
« Last Edit: December 05, 2017, 06:46:05 am by NogBadTheBad »

Offline tagit446

  • Jr. Member
  • **
  • Posts: 41
  • Karma: +1/-0
    • View Profile
Re: Why am I seeing this in my Firewall Logs so Often
« Reply #18 on: December 05, 2017, 05:19:40 pm »
The first 3 octets of the mac address are owned by Quantenna Communcations, Inc.

https://www.wireshark.org/tools/oui-lookup.html
Well that is interesting. I use Fairpoint (only game in town unfortunately) bonded pair DSL which is now owned by Consolidated. A quick google search and I see No relation between Fairpoint, Consolidated  and Quantenna so why would I be seeing them in my logs trying to get DHCP? Does it appear that something fishy is going on here?

You can also send the output from tcpdump to a file using -w output.pcap you can remove the -vvv if you write to a file, you'd need some sort of sftp client to copy the file from your pfSense box to a PC running wireshark.
Thank you for this info. I will have to give this a try.

Is your Internet provided via some sort of wireless link ?
No not at all. My internet is bonded pair DSL over copper phone line. I did not do a lot of reading up on Quantenna yet but it looks like they specialize in wireless technologies which makes this all that more confusing.

It might just be easier if the entries in the log are buggiing you to put a block rule on the WAN interface and tell it not to log, as its hitting the defauly block and logging.
I will most likely do this but would first like to understand why this issue is even occurring.
pfSense v2.4.2 - RELEASE (amd64) running on AMD Phenom(tm) II X4 965 Processor, Asus M4A89GTD PRO motherboard, Dell / Intel Pro/1000 VT Quad Port PCI-E Gigabit NIC Dell P/N 0H092p