dhcp抓包分析

admin

在axm上dump包，然后重启k2a（192.168.253.12），可以dump到dhcp（bootp）的包

toor@server:~# tcpdump -i k2a -ne   ##k2a是server端上连接client的接口
" U. O6 y- D8 R8 vtcpdump: WARNING: k2a: no IPv4 address assigned
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on k2a, link-type EN10MB (Ethernet), capture size 65535 bytes
04:25:16.517103 b4:99:4c:b8:6f:69(clinet MAC) > ff:ff:ff:ff:ff:ff, ethertype IPv4 (0x0800), length 342:0.0.0.0.68 >255.255.255.255.67: BOOTP/DHCP, Request from b4:99:4c:b8:6f:69, length300 ##（见tcp/ip详解卷1，第16章）. 68是client用端口，67是server用端口. client事先没有IP，所以client的bootp包中设置源ip是0.0.0.0
04:25:16.517349 02:40:43:77:07:01(server MAC) > b4:99:4c:b8:6f:69, ethertype IPv4 (0x0800), length 342: 192.168.253.9.67 >192.168.253.12.68: BOOTP/DHCP, Reply, length 300 ## server端给client分配了IP为192.168.253.12，并reply给client端
04:25:16.517613 b4:99:4c:b8:6f:69(client MAC) > ff:ff:ff:ff:ff:ff, ethertype ARP (0x0806), length 64: Request who-has 192.168.253.9 tell 192.168.253.12, length 50  ##client要发送arp包得到server端MAC地址
04:25:16.517641 02:40:43:77:07:01 > b4:99:4c:b8:6f:69, ethertype ARP (0x0806), length 42: Reply 192.168.253.9 is-at 02:40:43:77:07:01, length 28
04:25:16.517751 b4:99:4c:b8:6f:69（client MAC） > 02:40:43:77:07:01（server MAC）, ethertype IPv4 (0x0800), length 65: 192.168.253.12.1234 > 192.168.253.9.69:  23 RRQ "u-boot-eth.bin" octet ##client端发送TFTP请求从server段读取client所需的引导文件（下面block 1~355）
+ L( W$ b8 b/ p04:25:16.645200 02:40:43:77:07:01 > b4:99:4c:b8:6f:69, ethertype IPv4 (0x0800), length 558: 192.168.253.9.69 > 192.168.253.12.1234:  516 DATA block 1
* ^  M- n5 F4 p5 E04:25:16.645429 b4:99:4c:b8:6f:69 > 02:40:43:77:07:01, ethertype IPv4 (0x0800), length 64: 192.168.253.12.1234 > 192.168.253.9.69:  4 ACK block 1
04:25:16.650059 02:40:43:77:07:01 > b4:99:4c:b8:6f:69, ethertype IPv4 (0x0800), length 558: 192.168.253.9.69 > 192.168.253.12.1234:  516 DATA block 2
04:25:16.650281 b4:99:4c:b8:6f:69 > 02:40:43:77:07:01, ethertype IPv4 (0x0800), length 64: 192.168.253.12.1234 > 192.168.253.9.69:  4 ACK block 2
04:25:16.653322 02:40:43:77:07:01 > b4:99:4c:b8:6f:69, ethertype IPv4 (0x0800), length 558: 192.168.253.9.69 > 192.168.253.12.1234:  516 DATA block 3
04:25:16.653543 b4:99:4c:b8:6f:69 > 02:40:43:77:07:01, ethertype IPv4 (0x0800), length 64: 192.168.253.12.1234 > 192.168.253.9.69:  4 ACK block 3
- G, R  E, V# E1 R  R... ...
09:46:29.947034 02:40:43:77:07:01 > b4:99:4c:b8:6f:69, ethertype IPv4 (0x0800), length 558: 192.168.253.9.69 > 192.168.253.12.1234:  516 DATA block 352
09:46:29.947241 b4:99:4c:b8:6f:69 > 02:40:43:77:07:01, ethertype IPv4 (0x0800), length 64: 192.168.253.12.1234 > 192.168.253.9.69:  4 ACK block 352
09:46:29.947297 02:40:43:77:07:01 > b4:99:4c:b8:6f:69, ethertype IPv4 (0x0800), length 558: 192.168.253.9.69 > 192.168.253.12.1234:  516 DATA block 353
) {0 f6 M2 b2 f/ ]% I- M" S09:46:29.947504 b4:99:4c:b8:6f:69 > 02:40:43:77:07:01, ethertype IPv4 (0x0800), length 64: 192.168.253.12.1234 > 192.168.253.9.69:  4 ACK block 353
1 p" r8 ?  e! c6 w3 Y* U09:46:29.947552 02:40:43:77:07:01 > b4:99:4c:b8:6f:69, ethertype IPv4 (0x0800), length 558: 192.168.253.9.69 > 192.168.253.12.1234:  516 DATA block 354
. q% E1 C& i6 p# F4 e; m9 C09:46:29.947759 b4:99:4c:b8:6f:69 > 02:40:43:77:07:01, ethertype IPv4 (0x0800), length 64: 192.168.253.12.1234 > 192.168.253.9.69:  4 ACK block 354
# M% x$ U& [+ Y# t09:46:29.947825 02:40:43:77:07:01 > b4:99:4c:b8:6f:69, ethertype IPv4 (0x0800), length 277: 192.168.253.9.69 > 192.168.253.12.1234:  235 DATA block 355
9 D* q* Q# ?; J$ M6 t09:46:29.947997 b4:99:4c:b8:6f:69 > 02:40:43:77:07:01, ethertype IPv4 (0x0800), length 64: 192.168.253.12.1234 > 192.168.253.9.69:  4 ACK block 355
# d+ Y3 p0 t  `09:46:34.647872 b4:99:4c:b8:6f:69 > ff:ff:ff:ff:ff:ff, ethertype IPv4 (0x0800), length 303: 0.0.0.0.68 > 255.255.255.255.67: BOOTP/DHCP, Request from b4:99:4c:b8:6f:69, length 261
09:46:34.648098 02:40:43:77:07:01 > b4:99:4c:b8:6f:69, ethertype IPv4 (0x0800), length 342: 192.168.253.9.67 > 192.168.253.12.68: BOOTP/DHCP, Reply, length 300
1 V7 w1 c/ K) D/ m( Z1 N09:46:34.648213 b4:99:4c:b8:6f:69 > ff:ff:ff:ff:ff:ff, ethertype IPv4 (0x0800), length 315: 0.0.0.0.68 > 255.255.255.255.67: BOOTP/DHCP, Request from b4:99:4c:b8:6f:69, length 273
09:46:34.649072 02:40:43:77:07:01 > b4:99:4c:b8:6f:69, ethertype IPv4 (0x0800), length 342: 192.168.253.9.67 > 192.168.253.12.68: BOOTP/DHCP, Reply, length 300
5 @0 W7 \* d% s' r# u09:46:34.947189 b4:99:4c:b8:6f:69 > ff:ff:ff:ff:ff:ff, ethertype ARP (0x0806), length 60: Request who-has 192.168.253.9 tell 192.168.253.12, length 46
% ]3 G, }8 l0 C6 Z2 Q' n, g  K09:46:34.947215 02:40:43:77:07:01 > b4:99:4c:b8:6f:69, ethertype ARP (0x0806), length 42: Reply 192.168.253.9 is-at 02:40:43:77:07:01, length 28
; G% s1 _' y1 T5 c: b09:46:34.947360 b4:99:4c:b8:6f:69 > 02:40:43:77:07:01, ethertype IPv4 (0x0800), length 98: 192.168.253.12.1000 > 192.168.253.9.111: UDP, length 56
09:46:34.947512 02:40:43:77:07:01 > b4:99:4c:b8:6f:69, ethertype IPv4 (0x0800), length 70: 192.168.253.9.111 > 192.168.253.12.1000: UDP, length 28
09:46:34.947616 b4:99:4c:b8:6f:69 > 02:40:43:77:07:01, ethertype IPv4 (0x0800), length 98: 192.168.253.12.1000 > 192.168.253.9.111: UDP, length 56
) y: H+ n+ A) T) M* y09:46:34.947710 02:40:43:77:07:01 > b4:99:4c:b8:6f:69, ethertype IPv4 (0x0800), length 70: 192.168.253.9.111 > 192.168.253.12.1000: UDP, length 28
09:46:34.947829 b4:99:4c:b8:6f:69 > 02:40:43:77:07:01, ethertype IPv4 (0x0800), length 122: 192.168.253.12.1000 > 192.168.253.9.48232: UDP, length 80
09:46:34.949267 02:40:43:77:07:01 > b4:99:4c:b8:6f:69, ethertype IPv4 (0x0800), length 102: 192.168.253.9.48232 > 192.168.253.12.1000: UDP, length 60
09:46:34.949408 b4:99:4c:b8:6f:69 > 02:40:43:77:07:01, ethertype IPv4 (0x0800), length 150: 192.168.253.12.4 > 192.168.253.9.2049: 108 lookup fh Unknown/0100010101000000C30000000000000000000000000000000000000000000000 "skern.bin"
7 x2 m! I6 C+ [# F09:46:34.949711 02:40:43:77:07:01 > b4:99:4c:b8:6f:69, ethertype IPv4 (0x0800), length 170: 192.168.253.9.2049 > 192.168.253.12.4: reply ok 128 lookup fh Unknown/0100010101000000B20800000000000000000000000000000000000000000000
09:46:34.949835 b4:99:4c:b8:6f:69 > 02:40:43:77:07:01, ethertype IPv4 (0x0800), length 146: 192.168.253.12.5 > 192.168.253.9.2049: 104 read fh Unknown/0100010101000000B20800000000000000000000000000000000000000000000 1024 bytes @ 0

server端dhcp配置文件：
/etc/dhcp/dhcpd.conf:
one-lease-per-client on;          # 每一个客户机对应一个租约信息
3 j# \( @5 g! {  jsubnet 192.168.253.8 netmask 255.255.255.248 {
    range dynamic-bootp 192.168.253.10 192.168.253.14;
   next-server 192.168.253.9;#设定存放初始启动文档的主机地址,The next-server statement is used to specify the host address of the server from which the initial boot file (specified in the filename statement) is to be loaded. Server-name should be a numeric IP address or a domain name. If no next-server statement applies to a given client, the address 0.0.0.0 is used.
8 N1 ?" `! m& t' X! Q- l    option subnet-mask 255.255.255.248;
    filename "u-boot-eth.bin";   ##下载启动文档的文件名,这个filename语句可以用来指定客户端启动要载入的初始启动文件，这个文件名应该是客户端能够识别的任何文件传送协议，可以用来传送那个文件。
& @* Z, \# w* M+ K( {, K/ F    option root-path "/squash/ks";
    default-lease-time -1;         #无限租约时间
; g' t% N0 ?$ R& L3 S" V    max-lease-time -1;             #无限租约时间
  }
8 j2 p  k( A; o( O7 R
9 L" s% H$ ^# R8 L6 R  o. N! m( iThe next-server directive is used to specify the IP address of the TFTP server.
The filename directive defines the path to /boot/pxeboot. A relative filename is used, meaning that /b/tftpboot is not included in the path.
The root-path option defines the path to the NFS root file system.
+ K1 m' ~( {& r5 r
5 w& H  W9 c5 u0 C# [8 n" w' T9 W