Use tcpdump to get dhcp packets

Enterprise 2021-03-02 06:20:35 views: null

DHCP (Dynamic Host Configuration Protocol) is a network protocol of a local area network. It works with UDP protocol. It has two main purposes: to automatically assign IP addresses to internal networks or network service providers, and to users or internal network administrators. As a means of central management of all computers.

We can use tcpdump to capture dhcp packets on linux , and then use wireshark to analyze it.

As you can see, wireshark captured 4 DHCP packets, namely discover, offer, request, and ack.
This corresponds to the four processes of the host requesting the DHCP server to allocate an IP: DHCP server discovery, DHCP server provision, DHCP request, and DHCP ACK.
Next, look at the specific content of each message in detail:

1. Discover: DHCP server discovery

It can be seen from the packet information that the transport layer protocol of the DHCP packet is UDP, and the port number is 67. Because the host does not know its own IP address or the address of the DHCP server at this time, the source address 0.0.0.0 and the broadcast destination address 255.255.255.255 are used.

2. Offer: Provided by the DHCP server

After receiving a DHCP discovery message, the DHCP server responds with a DHCP offer message. It can be seen from the package that the server IP address is 192.168.1.1, and the IP address assigned to the host is 192.168.1.103. The transaction ID of this message is 0x8100beb0, which is the same as the transaction ID of the last discovery message.
In addition, you can also obtain the IP address lease period, subnet mask, routing information, etc. from the Option field.

Three, Request: DHCP request

After receiving the Offer message, the host responds with a DHCP request message. At this time, just like the DHCP discovery message, the host uses the source address 0.0.0.0 and the broadcast destination address 255.255.255.255. And re-select a new transaction ID and echo configuration parameters. Such as the requested IP address, etc.

4. ACK: DHCP ACK response

Finally, the server responds to the DHCP request message with a DHCP ACK message to verify the required parameters.
At this point, the entire IP request allocation process is completed, and the client can use the IP address allocated by DHCP during the lease period.
————————————————

Guess you like

Origin blog.51cto.com/15117737/2642719
Recommended
Ranking
vue project automated build tools 1.0, support for multi-page build
JDBC add, update, delete data
SpringCloud combat service in response to the decline tutorial series (Chapter IV)
A segmentation fault (core dumped) error occurs when C+11 compiles and calls the PCL library
Django achieve websocket
Go语言并发之道--笔记1
Three-tier structure and application
Zhejiang data structure after-school exercise practice two 7-2 Reversing Linked List (25 points)
Front-end interview brushing day9 (updated daily high-frequency inspection points for front-end interviews)
The difference between the shell of the single and double quote
Daily
More
2024-05-02(0)
2024-05-01(4)
2024-04-30(36)
2024-04-29(5)
2024-04-28(12)
2024-04-27(29)
2024-04-26(22)
2024-04-25(32)
2024-04-24(30)
2024-04-23(30)

Code World

© 2018 codetd.com