# Ral hostap and isc-dhcpd broadcasts



## Mel_Flynn (Feb 12, 2009)

I'm trying to debug what goes wrong on my router. I'm seeing a problem with isc-dhcpd similar to here:
https://lists.isc.org/pipermail/dhcp-users/2007-September/004678.html

All my (pf) block rules are logged and nothing shows up in the log. For the moment the clients are given static IPs, but I'd like to know where to start looking and maybe how to generate similar traffic on the card so I don't need to interrupt service for those clients.
I know how to view the respective wlan layers, but what should I be looking for in this forest of information?

Ral0 shows up like:

```
ral0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
        ether 00:1a:70:b1:66:b1
        inet 192.168.1.10 netmask 0xffffff00 broadcast 192.168.1.255
        inet 192.168.1.1 netmask 0xffffff00 broadcast 192.168.1.255
        inet 192.168.1.11 netmask 0xffffff00 broadcast 192.168.1.255
        inet 192.168.1.12 netmask 0xffffff00 broadcast 192.168.1.255
        inet 192.168.1.51 netmask 0xffffff00 broadcast 192.168.1.255
        media: IEEE 802.11 Wireless Ethernet autoselect mode 11g <hostap>
        status: associated
        ssid MYNET channel 11 (2462 Mhz 11g) bssid 00:1a:70:b1:66:b1
        authmode OPEN privacy ON deftxkey 1
        wepkey 1:104-bit powersavemode OFF powersavesleep 100 txpower 50
        txpowmax 50.0 rtsthreshold 2346 fragthreshold 2346 bmiss 7
        scanvalid 60 bgscan bgscanintvl 300 bgscanidle 250 roam:rssi11a 7
        roam:rate11a 12 roam:rssi11b 7 roam:rate11b 1 roam:rssi11g 7
        roam:rate11g 5 -pureg protmode CTS -ht -htcompat -ampdu ampdulimit 8k
        ampdudensity - -amsdu -shortgi htprotmode RTSCTS -puren -wme -burst
        -ff -dturbo -hidessid apbridge dtimperiod 1 doth inact bintval 100
```

Relevant dhcp log and tcpdump:

```
Feb 11 09:07:58 gate dhcpd: DHCPDISCOVER from 00:c0:a8:f1:e8:c3 (Tyler-PC) via ral0
Feb 11 09:07:58 gate dhcpd: DHCPOFFER on 192.168.1.253 to 00:c0:a8:f1:e8:c3 (Tyler-PC) via ral0

2009-02-11 09:07:58.719170 IP (tos 0x0, ttl 128, id 292, offset 0, flags [none], proto UDP (17), length 328) 0.0.0.0.bootpc > 255.255.255.255.bootps: BOOTP/DHCP, Request from 00:c0:a8:f1:e8:c3 (oui Unknown), length 300, xid 0x26b6a243, secs 6656, Flags [Broadcast] (0x8000)
          Client-Ethernet-Address 00:c0:a8:f1:e8:c3 (oui Unknown) [|bootp]
2009-02-11 09:07:58.719189 IP (tos 0x0, ttl 128, id 292, offset 0, flags [none], proto UDP (17), length 328) 0.0.0.0.bootpc > 255.255.255.255.bootps: BOOTP/DHCP, Request from 00:c0:a8:f1:e8:c3 (oui Unknown), length 300, xid 0x26b6a243, secs 6656, Flags [Broadcast] (0x8000)
          Client-Ethernet-Address 00:c0:a8:f1:e8:c3 (oui Unknown) [|bootp]
2009-02-11 09:07:58.719472 IP (tos 0x10, ttl 16, id 0, offset 0, flags [none], proto UDP (17), length 329) gate.rachie.is-a-geek.net.bootps > 255.255.255.255.bootpc: BOOTP/DHCP, Reply, length 301, xid 0x26b6a243, secs 6656, Flags [Broadcast] (0x8000)
          Your-IP 192.168.1.253
          Client-Ethernet-Address 00:c0:a8:f1:e8:c3 (oui Unknown) [|bootp]
2009-02-11 09:07:58.719669 IP (tos 0x10, ttl 16, id 0, offset 0, flags [none], proto UDP (17), length 329) gate.rachie.is-a-geek.net.bootps > 255.255.255.255.bootpc: BOOTP/DHCP, Reply, length 301, xid 0x26b6a243, secs 6656, Flags [Broadcast] (0x8000)
          Your-IP 192.168.1.253
          Client-Ethernet-Address 00:c0:a8:f1:e8:c3 (oui Unknown) [|bootp]
```


----------

