Debugging DHCP
Geschrieben von Jens Brey am Mittwoch, 9. April 2008 in Computer
Some days ago, i had a fight with the DHCP server in or company. I had the problem, that the Cisco IP Phones needs the option 150 set. So i look around in the internet and found some tips, how i can add this option to the ISC DHCP server. But then i was looking for a tool to check the generated DHCP requests and i found DHCPDUMP.
DHCPDUMP is a parser, which parses and show the output from tcpdump. After you have installed dhcpdump, you can use it with the following command:
tcpdump -lenx -s 1500 port bootps or port bootpc | dhcpdump
I wrote also a short patch, to add the capability to parse option 150. You can also find a complete patched version.
DHCPDUMP is a parser, which parses and show the output from tcpdump. After you have installed dhcpdump, you can use it with the following command:
tcpdump -lenx -s 1500 port bootps or port bootpc | dhcpdump
I wrote also a short patch, to add the capability to parse option 150. You can also find a complete patched version.
Example output from DHCPDUMP:
argos:~# tcpdump -lenx -s 1500 port bootps or port bootpc | dhcpdump
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth0, link-type EN10MB (Ethernet), capture size 1500 bytes
TCPdump 3.8.x output
TIME: 23:13:52.883499
IP: 10.0.0.0.68 (00:02:b3:af:ef:21) > (00:10:5a:3d:90:ca)
OP: 1 (BOOTPREQUEST)
HTYPE: 1 (Ethernet)
HLEN: 6
HOPS: 0
XID: 30eede71
SECS: 0
FLAGS: 0
CIADDR: 10.0.0.205
YIADDR: 0.0.0.0
SIADDR: 0.0.0.0
GIADDR: 0.0.0.0
CHADDR: 00:02:b3:af:ef:21:00:00:00:00:00:00:00:00:00:00
SNAME: .
FNAME: .
OPTION: 53 ( 1) DHCP message type 3 (DHCPREQUEST)
OPTION: 55 ( 10) Parameter Request List 1 (Subnet mask)
28 (Broadcast address)
2 (Time offset)
3 (Routers)
15 (Domainname)
6 (DNS server)
12 (Host name)
40 (NIS domain)
41 (NIS servers)
42 (NTP servers)
---------------------------------------------------------------------------
TIME: 23:13:52.884581
IP: 10.0.0.0.67 (00:10:5a:3d:90:ca) > (00:02:b3:af:ef:21)
OP: 2 (BOOTPREPLY)
HTYPE: 1 (Ethernet)
HLEN: 6
HOPS: 0
XID: 30eede71
SECS: 0
FLAGS: 0
CIADDR: 10.0.0.205
YIADDR: 10.0.0.205
SIADDR: 10.0.0.196
GIADDR: 0.0.0.0
CHADDR: 00:02:b3:af:ef:21:00:00:00:00:00:00:00:00:00:00
SNAME: argos.
FNAME: .
OPTION: 53 ( 1) DHCP message type 5 (DHCPACK)
OPTION: 54 ( 4) Server identifier 10.0.0.196
OPTION: 51 ( 4) IP address leasetime 3600 (60m)
OPTION: 1 ( 4) Subnet mask 255.255.255.0
OPTION: 3 ( 4) Routers 10.0.0.254
OPTION: 15 ( 41) Domainname acme.local
OPTION: 6 (
DNS server 10.0.0.196,10.0.0.197
---------------------------------------------------------------------------
2 packets captured
2 packets received by filter
0 packets dropped by kernel
(IP addresses and domain names are obfuscated).
Now, have fun, playing with DHCP
Jens
argos:~# tcpdump -lenx -s 1500 port bootps or port bootpc | dhcpdump
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth0, link-type EN10MB (Ethernet), capture size 1500 bytes
TCPdump 3.8.x output
TIME: 23:13:52.883499
IP: 10.0.0.0.68 (00:02:b3:af:ef:21) > (00:10:5a:3d:90:ca)
OP: 1 (BOOTPREQUEST)
HTYPE: 1 (Ethernet)
HLEN: 6
HOPS: 0
XID: 30eede71
SECS: 0
FLAGS: 0
CIADDR: 10.0.0.205
YIADDR: 0.0.0.0
SIADDR: 0.0.0.0
GIADDR: 0.0.0.0
CHADDR: 00:02:b3:af:ef:21:00:00:00:00:00:00:00:00:00:00
SNAME: .
FNAME: .
OPTION: 53 ( 1) DHCP message type 3 (DHCPREQUEST)
OPTION: 55 ( 10) Parameter Request List 1 (Subnet mask)
28 (Broadcast address)
2 (Time offset)
3 (Routers)
15 (Domainname)
6 (DNS server)
12 (Host name)
40 (NIS domain)
41 (NIS servers)
42 (NTP servers)
---------------------------------------------------------------------------
TIME: 23:13:52.884581
IP: 10.0.0.0.67 (00:10:5a:3d:90:ca) > (00:02:b3:af:ef:21)
OP: 2 (BOOTPREPLY)
HTYPE: 1 (Ethernet)
HLEN: 6
HOPS: 0
XID: 30eede71
SECS: 0
FLAGS: 0
CIADDR: 10.0.0.205
YIADDR: 10.0.0.205
SIADDR: 10.0.0.196
GIADDR: 0.0.0.0
CHADDR: 00:02:b3:af:ef:21:00:00:00:00:00:00:00:00:00:00
SNAME: argos.
FNAME: .
OPTION: 53 ( 1) DHCP message type 5 (DHCPACK)
OPTION: 54 ( 4) Server identifier 10.0.0.196
OPTION: 51 ( 4) IP address leasetime 3600 (60m)
OPTION: 1 ( 4) Subnet mask 255.255.255.0
OPTION: 3 ( 4) Routers 10.0.0.254
OPTION: 15 ( 41) Domainname acme.local
OPTION: 6 (

---------------------------------------------------------------------------
2 packets captured
2 packets received by filter
0 packets dropped by kernel
(IP addresses and domain names are obfuscated).
Now, have fun, playing with DHCP
Jens
13.11.2008 20:32 um 20:11 alter frickler, mach's netz wieder ganz !
PS: wenn ich diese komischen Captchas nicht entziffern kann, bedeutet das etwa, dass ich zum Computer werde?
13.11.2008 22:45 um 22:11 Nein, das bedeutet nur das du eine neue Brille brauchst :p
08.04.2010 13:27 um 13:04 Hui, lebt argos etwa noch?
10.04.2010 17:26 um 17:04 Yep, der lebt noch