Bootstrap Protocol (BOOTP)
BOOTP is a client/server protocol used to dynamically assign various parameters from a BOOTP server at boot time.
See also DHCP which uses BOOTP.
BOOTP was devised in the 1980's as a more capable alternative than RARP, which was then used as address assignment protocol. Besides address assignment BOOTP provides bootstrap information to allow a client to contact a server for a download file. The constant addition of vendor options eventually resulted in a progression to DHCP.
XXX - Add example traffic here (as plain text or Wireshark screenshot).
The BOOTP dissector is fully functional.
(XXX add links to preference settings affecting how BOOTP is dissected).
Example capture file
XXX - Add a simple example capture file. Keep it short, it's also a good idea to gzip it to make it even smaller, as Wireshark can open gzipped files automatically.
A complete list of BOOTP display filter fields can be found in the display filter reference
Show only the BOOTP based traffic:
You cannot directly filter BOOTP protocols while capturing if they are going to or from arbitrary ports. However, BOOTP traffic normally goes to or from ports 67 and 68, and traffic to and from those ports is normally BOOTP traffic, so you can filter on those port numbers.
Capture only traffic to and from ports 67 and 68:
port 67 or port 68
On many systems, you can say "port bootps" rather than "port 67" and "port bootpc" rather than "port 68".
RFC951 Bootstrap Protocol
RFC1542 Clarifications and Extensions for the Bootstrap Protocol
RFC2132 DHCP Options and BOOTP Vendor Extensions