admin 发表于 2017-9-19 19:09:20

dhcp抓包分析

在axm上dump包,然后重启k2a(192.168.253.12),可以dump到dhcp(bootp)的包

toor@server:~# tcpdump -i k2a -ne   ##k2a是server端上连接client的接口
tcpdump: WARNING: k2a: no IPv4 address assigned
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on k2a, link-type EN10MB (Ethernet), capture size 65535 bytes
04:25:16.517103 b4:99:4c:b8:6f:69(clinet MAC) > ff:ff:ff:ff:ff:ff, ethertype IPv4 (0x0800), length 342:0.0.0.0.68 >255.255.255.255.67: BOOTP/DHCP, Request from b4:99:4c:b8:6f:69, length300 ##(见tcp/ip详解卷1,第16章). 68是client用端口,67是server用端口. client事先没有IP,所以client的bootp包中设置源ip是0.0.0.0
04:25:16.517349 02:40:43:77:07:01(server MAC) > b4:99:4c:b8:6f:69, ethertype IPv4 (0x0800), length 342: 192.168.253.9.67 >192.168.253.12.68: BOOTP/DHCP, Reply, length 300 ## server端给client分配了IP为192.168.253.12,并reply给client端
04:25:16.517613 b4:99:4c:b8:6f:69(client MAC) > ff:ff:ff:ff:ff:ff, ethertype ARP (0x0806), length 64: Request who-has 192.168.253.9 tell 192.168.253.12, length 50##client要发送arp包得到server端MAC地址
04:25:16.517641 02:40:43:77:07:01 > b4:99:4c:b8:6f:69, ethertype ARP (0x0806), length 42: Reply 192.168.253.9 is-at 02:40:43:77:07:01, length 28
04:25:16.517751 b4:99:4c:b8:6f:69(client MAC) > 02:40:43:77:07:01(server MAC), ethertype IPv4 (0x0800), length 65: 192.168.253.12.1234 > 192.168.253.9.69:23 RRQ "u-boot-eth.bin" octet ##client端发送TFTP请求从server段读取client所需的引导文件(下面block 1~355)
04:25:16.645200 02:40:43:77:07:01 > b4:99:4c:b8:6f:69, ethertype IPv4 (0x0800), length 558: 192.168.253.9.69 > 192.168.253.12.1234:516 DATA block 1
04:25:16.645429 b4:99:4c:b8:6f:69 > 02:40:43:77:07:01, ethertype IPv4 (0x0800), length 64: 192.168.253.12.1234 > 192.168.253.9.69:4 ACK block 1
04:25:16.650059 02:40:43:77:07:01 > b4:99:4c:b8:6f:69, ethertype IPv4 (0x0800), length 558: 192.168.253.9.69 > 192.168.253.12.1234:516 DATA block 2
04:25:16.650281 b4:99:4c:b8:6f:69 > 02:40:43:77:07:01, ethertype IPv4 (0x0800), length 64: 192.168.253.12.1234 > 192.168.253.9.69:4 ACK block 2
04:25:16.653322 02:40:43:77:07:01 > b4:99:4c:b8:6f:69, ethertype IPv4 (0x0800), length 558: 192.168.253.9.69 > 192.168.253.12.1234:516 DATA block 3
04:25:16.653543 b4:99:4c:b8:6f:69 > 02:40:43:77:07:01, ethertype IPv4 (0x0800), length 64: 192.168.253.12.1234 > 192.168.253.9.69:4 ACK block 3
... ...
09:46:29.947034 02:40:43:77:07:01 > b4:99:4c:b8:6f:69, ethertype IPv4 (0x0800), length 558: 192.168.253.9.69 > 192.168.253.12.1234:516 DATA block 352
09:46:29.947241 b4:99:4c:b8:6f:69 > 02:40:43:77:07:01, ethertype IPv4 (0x0800), length 64: 192.168.253.12.1234 > 192.168.253.9.69:4 ACK block 352
09:46:29.947297 02:40:43:77:07:01 > b4:99:4c:b8:6f:69, ethertype IPv4 (0x0800), length 558: 192.168.253.9.69 > 192.168.253.12.1234:516 DATA block 353
09:46:29.947504 b4:99:4c:b8:6f:69 > 02:40:43:77:07:01, ethertype IPv4 (0x0800), length 64: 192.168.253.12.1234 > 192.168.253.9.69:4 ACK block 353
09:46:29.947552 02:40:43:77:07:01 > b4:99:4c:b8:6f:69, ethertype IPv4 (0x0800), length 558: 192.168.253.9.69 > 192.168.253.12.1234:516 DATA block 354
09:46:29.947759 b4:99:4c:b8:6f:69 > 02:40:43:77:07:01, ethertype IPv4 (0x0800), length 64: 192.168.253.12.1234 > 192.168.253.9.69:4 ACK block 354
09:46:29.947825 02:40:43:77:07:01 > b4:99:4c:b8:6f:69, ethertype IPv4 (0x0800), length 277: 192.168.253.9.69 > 192.168.253.12.1234:235 DATA block 355
09:46:29.947997 b4:99:4c:b8:6f:69 > 02:40:43:77:07:01, ethertype IPv4 (0x0800), length 64: 192.168.253.12.1234 > 192.168.253.9.69:4 ACK block 355
09:46:34.647872 b4:99:4c:b8:6f:69 > ff:ff:ff:ff:ff:ff, ethertype IPv4 (0x0800), length 303: 0.0.0.0.68 > 255.255.255.255.67: BOOTP/DHCP, Request from b4:99:4c:b8:6f:69, length 261
09:46:34.648098 02:40:43:77:07:01 > b4:99:4c:b8:6f:69, ethertype IPv4 (0x0800), length 342: 192.168.253.9.67 > 192.168.253.12.68: BOOTP/DHCP, Reply, length 300
09:46:34.648213 b4:99:4c:b8:6f:69 > ff:ff:ff:ff:ff:ff, ethertype IPv4 (0x0800), length 315: 0.0.0.0.68 > 255.255.255.255.67: BOOTP/DHCP, Request from b4:99:4c:b8:6f:69, length 273
09:46:34.649072 02:40:43:77:07:01 > b4:99:4c:b8:6f:69, ethertype IPv4 (0x0800), length 342: 192.168.253.9.67 > 192.168.253.12.68: BOOTP/DHCP, Reply, length 300
09:46:34.947189 b4:99:4c:b8:6f:69 > ff:ff:ff:ff:ff:ff, ethertype ARP (0x0806), length 60: Request who-has 192.168.253.9 tell 192.168.253.12, length 46
09:46:34.947215 02:40:43:77:07:01 > b4:99:4c:b8:6f:69, ethertype ARP (0x0806), length 42: Reply 192.168.253.9 is-at 02:40:43:77:07:01, length 28
09:46:34.947360 b4:99:4c:b8:6f:69 > 02:40:43:77:07:01, ethertype IPv4 (0x0800), length 98: 192.168.253.12.1000 > 192.168.253.9.111: UDP, length 56
09:46:34.947512 02:40:43:77:07:01 > b4:99:4c:b8:6f:69, ethertype IPv4 (0x0800), length 70: 192.168.253.9.111 > 192.168.253.12.1000: UDP, length 28
09:46:34.947616 b4:99:4c:b8:6f:69 > 02:40:43:77:07:01, ethertype IPv4 (0x0800), length 98: 192.168.253.12.1000 > 192.168.253.9.111: UDP, length 56
09:46:34.947710 02:40:43:77:07:01 > b4:99:4c:b8:6f:69, ethertype IPv4 (0x0800), length 70: 192.168.253.9.111 > 192.168.253.12.1000: UDP, length 28
09:46:34.947829 b4:99:4c:b8:6f:69 > 02:40:43:77:07:01, ethertype IPv4 (0x0800), length 122: 192.168.253.12.1000 > 192.168.253.9.48232: UDP, length 80
09:46:34.949267 02:40:43:77:07:01 > b4:99:4c:b8:6f:69, ethertype IPv4 (0x0800), length 102: 192.168.253.9.48232 > 192.168.253.12.1000: UDP, length 60
09:46:34.949408 b4:99:4c:b8:6f:69 > 02:40:43:77:07:01, ethertype IPv4 (0x0800), length 150: 192.168.253.12.4 > 192.168.253.9.2049: 108 lookup fh Unknown/0100010101000000C30000000000000000000000000000000000000000000000 "skern.bin"
09:46:34.949711 02:40:43:77:07:01 > b4:99:4c:b8:6f:69, ethertype IPv4 (0x0800), length 170: 192.168.253.9.2049 > 192.168.253.12.4: reply ok 128 lookup fh Unknown/0100010101000000B20800000000000000000000000000000000000000000000
09:46:34.949835 b4:99:4c:b8:6f:69 > 02:40:43:77:07:01, ethertype IPv4 (0x0800), length 146: 192.168.253.12.5 > 192.168.253.9.2049: 104 read fh Unknown/0100010101000000B20800000000000000000000000000000000000000000000 1024 bytes @ 0

server端dhcp配置文件:
/etc/dhcp/dhcpd.conf:
one-lease-per-client on;          # 每一个客户机对应一个租约信息
subnet 192.168.253.8 netmask 255.255.255.248 {
    range dynamic-bootp 192.168.253.10 192.168.253.14;
   next-server 192.168.253.9;#设定存放初始启动文档的主机地址,The next-server statement is used to specify the host address of the server from which the initial boot file (specified in the filename statement) is to be loaded. Server-name should be a numeric IP address or a domain name. If no next-server statement applies to a given client, the address 0.0.0.0 is used.
    option subnet-mask 255.255.255.248;
    filename "u-boot-eth.bin";   ##下载启动文档的文件名,这个filename语句可以用来指定客户端启动要载入的初始启动文件,这个文件名应该是客户端能够识别的任何文件传送协议,可以用来传送那个文件。
    option root-path "/squash/ks";
    default-lease-time -1;         #无限租约时间
    max-lease-time -1;             #无限租约时间
}

The next-server directive is used to specify the IP address of the TFTP server.
The filename directive defines the path to /boot/pxeboot. A relative filename is used, meaning that /b/tftpboot is not included in the path.
The root-path option defines the path to the NFS root file system.

页: [1]
查看完整版本: dhcp抓包分析