DHCP-debugging

Z Wiki UnArt Slavičín
Přejít na: navigace, hledání

Pokud chceme debugovat DHCP, musíte zajistit, aby na počítač, na kterém poběží tshark/tethereal nebo Packetyzer, dostával všechny packety, jako DHCP server.

Pokud je DHCP server Linux, je to snadné - spustíte tshark přímo na něm. Pokud je to Mikrotik, můžete si z něj nechat přeposílat všechny packety na stroj, na kterém poběží tshark.

Pro analýzu komunikace DHCP klient-server stačí spustit následující příkaz:

tshark -i eth1 udp portrange 67-68

Vysvětlení options: "-i eth1" = zachytáváme na eth1 "udp" = zajímá nás pouze protokol UDP (po kterém DHCP komunikuje) "portrange 67-68" - DHCP server naslouchá na portu 67, odpovědi posílá na port 68

Pro jednu úspěšnou DHCP transakci by měl být výstup tohoto příkazu následující:

 (Čas     |IP zdroje | IP cíle     |prot.|typ transakce| ID Transakce) 
 0.000000 0.0.0.0 -> 255.255.255.255 DHCP DHCP Discover - Transaction ID 0xd72d50af
 0.001191 10.143.100.1 -> 255.255.255.255 DHCP DHCP Offer    - Transaction ID 0xd72d50af
 0.002441 10.143.100.44 -> 255.255.255.255 DHCP DHCP Request  - Transaction ID 0xd72d50af
 0.003178 10.143.100.1 -> 255.255.255.255 DHCP DHCP ACK      - Transaction ID 0xd72d50af


Všimněte si následujících detailů:

  1. transakce: klient bez IP adresy (IP=0.0.0.0) posílá broadcast (IP=255.255.255.255), jehož účelem je objevit DHCP server
  2. transakce: DHCP server 10.143.100.1 nabízí broadcastem (IP cíle = 255.255.255.255) novou IP adresu, unicast zatím nelze, protože klient ještě nemá IP
  3. transakce:


Pokud ale nastanou problémy, jednoduchý výpis jako výše nebude stačit - budeme potřebovat detaily. Spustíme proto tshark s parametrem -V:

tshark -lVi eth1 udp portrange 67-68 | less

Vysvětlení:

  • "-V" znamená "verbose" - tiskni detaily packetů
  • "-l" znamená spláchni výstupní buffer po každém vytisklém řádku
  • " | less" znamená posílej výstup rourou příkazu less, který umožnuje stránkovat a vyhledávat ve výstupu


Dostaneme např. následující výpis (pro přehlednost vynechám nepodstatné řádky):

Frame 1 - DHCP Discover

...
   [Protocols in frame: eth:ip:udp:bootp]
Ethernet II, Src: Vmware_5e:20:9c (00:0c:29:5e:20:9c), Dst: Broadcast (ff:ff:ff:ff:ff:ff)
   Destination: Broadcast (ff:ff:ff:ff:ff:ff)
       Address: Broadcast (ff:ff:ff:ff:ff:ff)
       .... ...1 .... .... .... .... = IG bit: Group address (multicast/broadcast)
       .... ..1. .... .... .... .... = LG bit: Locally administered address (this is NOT the factory default)
   Source: Vmware_5e:20:9c (00:0c:29:5e:20:9c)
       Address: Vmware_5e:20:9c (00:0c:29:5e:20:9c)
       .... ...0 .... .... .... .... = IG bit: Individual address (unicast)
       .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
   Type: IP (0x0800)
Internet Protocol, Src: 0.0.0.0 (0.0.0.0), Dst: 255.255.255.255 (255.255.255.255)
   Version: 4
   Header length: 20 bytes
...
   Protocol: UDP (0x11)
   Source: 0.0.0.0 (0.0.0.0)
   Destination: 255.255.255.255 (255.255.255.255)
User Datagram Protocol, Src Port: bootpc (68), Dst Port: bootps (67)
 ...
Bootstrap Protocol
   Message type: Boot Request (1)
...
   Transaction ID: 0x9d05a0c1
   Seconds elapsed: 0
   Bootp flags: 0x8000 (Broadcast)
       1... .... .... .... = Broadcast flag: Broadcast
       .000 0000 0000 0000 = Reserved flags: 0x0000
   Client IP address: 0.0.0.0 (0.0.0.0)
   Your (client) IP address: 0.0.0.0 (0.0.0.0)
   Next server IP address: 0.0.0.0 (0.0.0.0)
   Relay agent IP address: 0.0.0.0 (0.0.0.0)
   Client MAC address: Vmware_5e:20:9c (00:0c:29:5e:20:9c)
   Server host name not given
   Boot file name not given
   Magic cookie: (OK)
   Option: (t=53,l=1) DHCP Message Type = DHCP Discover
       Option: (53) DHCP Message Type
       Length: 1
       Value: 01
   Option: (t=61,l=7) Client identifier
       Option: (61) Client identifier
       Length: 7
       Value: 01000C295E209C
       Hardware type: Ethernet
       Client MAC address: Vmware_5e:20:9c (00:0c:29:5e:20:9c)
   Option: (t=55,l=4) Parameter Request List
       Option: (55) Parameter Request List
       Length: 4
       Value: 0103062A
       1 = Subnet Mask
       3 = Router
       6 = Domain Name Server
       42 = Network Time Protocol Servers
   Option: (t=12,l=19) Host Name = "Router WiFi Sabatec"
       Option: (12) Host Name
       Length: 19
       Value: 526F7574657220576946692053616261746563
   End Option
   Padding

Frame 2 - DHCP Offer

Ethernet II, Src: Msi_29:d0:9f (00:16:17:29:d0:9f), Dst: Broadcast (ff:ff:ff:ff:ff:ff)
   Destination: Broadcast (ff:ff:ff:ff:ff:ff)
       Address: Broadcast (ff:ff:ff:ff:ff:ff)
       .... ...1 .... .... .... .... = IG bit: Group address (multicast/broadcast)
       .... ..1. .... .... .... .... = LG bit: Locally administered address (this is NOT the factory default)
   Source: Msi_29:d0:9f (00:16:17:29:d0:9f)
       Address: Msi_29:d0:9f (00:16:17:29:d0:9f)
       .... ...0 .... .... .... .... = IG bit: Individual address (unicast)
       .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
   Type: IP (0x0800)
Internet Protocol, Src: 10.143.100.1 (10.143.100.1), Dst: 255.255.255.255 (255.255.255.255)
...
   Protocol: UDP (0x11)
...
User Datagram Protocol, Src Port: bootps (67), Dst Port: bootpc (68)
   Source port: bootps (67)
   Destination port: bootpc (68)
   Length: 308
   Checksum: 0x93b3 [correct]
Bootstrap Protocol
   Message type: Boot Reply (2)
   Hardware type: Ethernet
   Hardware address length: 6
   Hops: 0
   Transaction ID: 0x9d05a0c1
   Seconds elapsed: 0
   Bootp flags: 0x8000 (Broadcast)
       1... .... .... .... = Broadcast flag: Broadcast
       .000 0000 0000 0000 = Reserved flags: 0x0000
   Client IP address: 0.0.0.0 (0.0.0.0)
   Your (client) IP address: 10.143.100.44 (10.143.100.44)
   Next server IP address: 10.143.100.1 (10.143.100.1)
   Relay agent IP address: 0.0.0.0 (0.0.0.0)
   Client MAC address: Vmware_5e:20:9c (00:0c:29:5e:20:9c)
   Server host name not given
   Boot file name not given
   Magic cookie: (OK)
   Option: (t=53,l=1) DHCP Message Type = DHCP Offer
       Option: (53) DHCP Message Type
       Length: 1
       Value: 02
   Option: (t=54,l=4) Server Identifier = 10.143.100.1
       Option: (54) Server Identifier
       Length: 4
       Value: 0A8F6401
   Option: (t=51,l=4) IP Address Lease Time = 3 days
       Option: (51) IP Address Lease Time
       Length: 4
       Value: 0003F480
   Option: (t=1,l=4) Subnet Mask = 255.255.255.0
       Option: (1) Subnet Mask
       Length: 4
       Value: FFFFFF00
   Option: (t=3,l=4) Router = 10.143.100.1
       Option: (3) Router
       Length: 4
       Value: 0A8F6401
   Option: (t=6,l=4) Domain Name Server = 10.143.128.1
       Option: (6) Domain Name Server
       Length: 4
       Value: 0A8F8001
   Option: (t=42,l=8) Network Time Protocol Servers
       Option: (42) Network Time Protocol Servers
       Length: 8
       Value: 0A8F6401C37190C9
       IP Address: 10.143.100.1
       IP Address: 195.113.144.201
   End Option
   Padding

Frame 3 - DHCP Request

...    
[Protocols in frame: eth:ip:udp:bootp]
Ethernet II, Src: Vmware_5e:20:9c (00:0c:29:5e:20:9c), Dst: Broadcast (ff:ff:ff:ff:ff:ff)
   Destination: Broadcast (ff:ff:ff:ff:ff:ff)
       Address: Broadcast (ff:ff:ff:ff:ff:ff)
       .... ...1 .... .... .... .... = IG bit: Group address (multicast/broadcast)
       .... ..1. .... .... .... .... = LG bit: Locally administered address (this is NOT the factory default)
   Source: Vmware_5e:20:9c (00:0c:29:5e:20:9c)
       Address: Vmware_5e:20:9c (00:0c:29:5e:20:9c)
       .... ...0 .... .... .... .... = IG bit: Individual address (unicast)
       .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
   Type: IP (0x0800)
Internet Protocol, Src: 10.143.100.44 (10.143.100.44), Dst: 255.255.255.255 (255.255.255.255)
   Version: 4
...
   Protocol: UDP (0x11)
   Source: 10.143.100.44 (10.143.100.44)
   Destination: 255.255.255.255 (255.255.255.255)
User Datagram Protocol, Src Port: bootpc (68), Dst Port: bootps (67)
   Source port: bootpc (68)
   Destination port: bootps (67)
   Length: 308
   Checksum: 0x83c9 [correct]
Bootstrap Protocol
   Message type: Boot Request (1)
   Hardware type: Ethernet
   Hardware address length: 6
   Hops: 0
   Transaction ID: 0x9d05a0c1
   Seconds elapsed: 0
   Bootp flags: 0x8000 (Broadcast)
       1... .... .... .... = Broadcast flag: Broadcast
       .000 0000 0000 0000 = Reserved flags: 0x0000
   Client IP address: 10.143.100.44 (10.143.100.44)
   Your (client) IP address: 0.0.0.0 (0.0.0.0)
   Next server IP address: 0.0.0.0 (0.0.0.0)
   Relay agent IP address: 0.0.0.0 (0.0.0.0)
   Client MAC address: Vmware_5e:20:9c (00:0c:29:5e:20:9c)
   Server host name not given
   Boot file name not given
   Magic cookie: (OK)
   Option: (t=53,l=1) DHCP Message Type = DHCP Request
       Option: (53) DHCP Message Type
       Length: 1
       Value: 03
   Option: (t=54,l=4) Server Identifier = 10.143.100.1
       Option: (54) Server Identifier
       Length: 4
       Value: 0A8F6401
   Option: (t=50,l=4) Requested IP Address = 10.143.100.44
       Option: (50) Requested IP Address
       Length: 4
       Value: 0A8F642C
   Option: (t=61,l=7) Client identifier
       Option: (61) Client identifier
       Length: 7
       Value: 01000C295E209C
       Hardware type: Ethernet
       Client MAC address: Vmware_5e:20:9c (00:0c:29:5e:20:9c)
   Option: (t=55,l=4) Parameter Request List
       Option: (55) Parameter Request List
       Length: 4
       Value: 0103062A
       1 = Subnet Mask
       3 = Router
       6 = Domain Name Server
       42 = Network Time Protocol Servers
   Option: (t=12,l=19) Host Name = "Router WiFi Sabatec"
       Option: (12) Host Name
       Length: 19
       Value: 526F7574657220576946692053616261746563
   End Option
   Padding

Frame 4 - DHCP Ack

...
   [Protocols in frame: eth:ip:udp:bootp]
Ethernet II, Src: Msi_29:d0:9f (00:16:17:29:d0:9f), Dst: Broadcast (ff:ff:ff:ff:ff:ff)
   Destination: Broadcast (ff:ff:ff:ff:ff:ff)
       Address: Broadcast (ff:ff:ff:ff:ff:ff)
       .... ...1 .... .... .... .... = IG bit: Group address (multicast/broadcast)
       .... ..1. .... .... .... .... = LG bit: Locally administered address (this is NOT the factory default)
   Source: Msi_29:d0:9f (00:16:17:29:d0:9f)
       Address: Msi_29:d0:9f (00:16:17:29:d0:9f)
       .... ...0 .... .... .... .... = IG bit: Individual address (unicast)
       .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
   Type: IP (0x0800)
Internet Protocol, Src: 10.143.100.1 (10.143.100.1), Dst: 255.255.255.255 (255.255.255.255)
...
   Protocol: UDP (0x11)
   Source: 10.143.100.1 (10.143.100.1)
   Destination: 255.255.255.255 (255.255.255.255)
User Datagram Protocol, Src Port: bootps (67), Dst Port: bootpc (68)
   Source port: bootps (67)
   Destination port: bootpc (68)
   Length: 308
   Checksum: 0x21f8 [correct]
Bootstrap Protocol
   Message type: Boot Reply (2)
   Hardware type: Ethernet
   Hardware address length: 6
   Hops: 0
   Transaction ID: 0x9d05a0c1
   Seconds elapsed: 0
   Bootp flags: 0x8000 (Broadcast)
       1... .... .... .... = Broadcast flag: Broadcast
       .000 0000 0000 0000 = Reserved flags: 0x0000
   Client IP address: 10.143.100.44 (10.143.100.44)
   Your (client) IP address: 10.143.100.44 (10.143.100.44)
   Next server IP address: 10.143.100.1 (10.143.100.1)
   Relay agent IP address: 0.0.0.0 (0.0.0.0)
   Client MAC address: Vmware_5e:20:9c (00:0c:29:5e:20:9c)
   Server host name not given
   Boot file name not given
   Magic cookie: (OK)
   Option: (t=53,l=1) DHCP Message Type = DHCP ACK
       Option: (53) DHCP Message Type
       Length: 1
       Value: 05
   Option: (t=54,l=4) Server Identifier = 10.143.100.1
       Option: (54) Server Identifier
       Length: 4
       Value: 0A8F6401
   Option: (t=51,l=4) IP Address Lease Time = 3 days
       Option: (51) IP Address Lease Time
       Length: 4
       Value: 0003F480
   Option: (t=1,l=4) Subnet Mask = 255.255.255.0
       Option: (1) Subnet Mask
       Length: 4
       Value: FFFFFF00
   Option: (t=3,l=4) Router = 10.143.100.1
       Option: (3) Router
       Length: 4
       Value: 0A8F6401
   Option: (t=6,l=4) Domain Name Server = 10.143.128.1
       Option: (6) Domain Name Server
       Length: 4
       Value: 0A8F8001
   Option: (t=42,l=8) Network Time Protocol Servers
       Option: (42) Network Time Protocol Servers
       Length: 8
       Value: 0A8F6401C37190C9
       IP Address: 10.143.100.1
       IP Address: 195.113.144.201
   End Option
   Padding