DHCP协议抓包分析
DHCP协议操作
Wireshark抓包
Windows系统,输入命令来断开连接:
ipconfig /release
再输入命令恢复连接:
ipconfig /renew
期间可用wireshark捕获到DHCP数据包。
1.DISCOVER
Bootstrap Protocol (Discover)
Message type: Boot Request (1)
Hardware type: Ethernet (0x01)
Hardware address length: 6
Hops: 0
Transaction ID: 0xfe422745
Seconds elapsed: 0
Bootp flags: 0x0000 (Unicast)
Client IP address: 0.0.0.0
Your (client) IP address: 0.0.0.0
Next server IP address: 0.0.0.0
Relay agent IP address: 0.0.0.0
Client MAC address: LiteonTe_67:a8:58 (a4:db:30:67:a8:58)
Client hardware address padding: 00000000000000000000
Server host name not given
Boot file name not given
Magic cookie: DHCP
Option: (53) DHCP Message Type (Discover)
Option: (61) Client identifier
Option: (50) Requested IP Address
Option: (12) Host Name
Option: (60) Vendor class identifier
Option: (55) Parameter Request List
Option: (255) End
客户端不知道DHCP服务器的地址,所以进行广播。客户端IP地址为0.0.0.0,目的地址为255.255.255.255广播地址。DHCP选项内也附带了许多内容。
2.OFFER
Bootstrap Protocol (Offer)
Message type: Boot Reply (2)
Hardware type: Ethernet (0x01)
Hardware address length: 6
Hops: 0
Transaction ID: 0xfe422745
Seconds elapsed: 0
Bootp flags: 0x0000 (Unicast)
Client IP address: 0.0.0.0
Your (client) IP address: 172.30.244.115
Next server IP address: 0.0.0.0
Relay agent IP address: 0.0.0.0
Client MAC address: LiteonTe_67:a8:58 (a4:db:30:67:a8:58)
Client hardware address padding: 00000000000000000000
Server host name not given
Boot file name not given
Magic cookie: DHCP
Option: (53) DHCP Message Type (Offer)
Option: (54) DHCP Server Identifier
Option: (51) IP Address Lease Time
Option: (1) Subnet Mask
Option: (3) Router
Option: (6) Domain Name Server
Option: (0) Padding
Option: (255) End
Padding: 00000000
3.REQUEST
Bootstrap Protocol (Request)
Message type: Boot Request (1)
Hardware type: Ethernet (0x01)
Hardware address length: 6
Hops: 0
Transaction ID: 0xfe422745
Seconds elapsed: 0
Bootp flags: 0x0000 (Unicast)
Client IP address: 0.0.0.0
Your (client) IP address: 0.0.0.0
Next server IP address: 0.0.0.0
Relay agent IP address: 0.0.0.0
Client MAC address: LiteonTe_67:a8:58 (a4:db:30:67:a8:58)
Client hardware address padding: 00000000000000000000
Server host name not given
Boot file name not given
Magic cookie: DHCP
Option: (53) DHCP Message Type (Request)
Option: (61) Client identifier
Option: (50) Requested IP Address
Option: (54) DHCP Server Identifier
Option: (12) Host Name
Option: (81) Client Fully Qualified Domain Name
Option: (60) Vendor class identifier
Option: (55) Parameter Request List
Option: (255) End
当接受到来自一台或多台服务器的OFFER消息后,客户端确认自己想要哪个OFFER,并广播一个包括服务器标识符选项的REQUEST消息。
4.ACK
Bootstrap Protocol (ACK)
Message type: Boot Reply (2)
Hardware type: Ethernet (0x01)
Hardware address length: 6
Hops: 0
Transaction ID: 0xfe422745
Seconds elapsed: 0
Bootp flags: 0x0000 (Unicast)
Client IP address: 0.0.0.0
Your (client) IP address: 172.30.244.115
Next server IP address: 0.0.0.0
Relay agent IP address: 0.0.0.0
Client MAC address: LiteonTe_67:a8:58 (a4:db:30:67:a8:58)
Client hardware address padding: 00000000000000000000
Server host name not given
Boot file name not given
Magic cookie: DHCP
Option: (53) DHCP Message Type (ACK)
Option: (54) DHCP Server Identifier
Option: (51) IP Address Lease Time
Option: (1) Subnet Mask
Option: (3) Router
Option: (6) Domain Name Server
Option: (0) Padding
Option: (255) End
Padding: 00000000
通知客户端可以使用该地址。