Wireshark数据包分析之DHCP协议包解读

Posted

tags:

篇首语:本文由小常识网(cha138.com)小编为大家整理,主要介绍了Wireshark数据包分析之DHCP协议包解读相关的知识,希望对你有一定的参考价值。

*此篇博客仅作为个人笔记和学习参考

DHCP协议包格式

技术分享图片

DHCP报文类型

DHCP Discover、DHCP Offer、DHCP Request、DHCP ACK、DHCP NAK、DHCP Release、DHCP Decline、DHCP Infrom;

DHCP Discover数据包分析(发现)

技术分享图片
技术分享图片

Bootstrap Protocol (Discover)
Message type: Boot Request (1) #DHCP消息类型,这是一个请求包,所以选项值为1;#
Hardware type: Ethernet (0x01) #硬件类型#
Hardware address length: 6 #硬件地址长度#
Hops: 0 #经过DHCP的中继数量#
Transaction ID: 0x11086465 #事务ID#
Seconds elapsed: 0 #客户端启动时间#
Bootp flags: 0x0000 (Unicast) #BOOTP标志字段#
Client IP address: 0.0.0.0 (0.0.0.0) #客户端IP地址#
Your (client) IP address: 0.0.0.0 (0.0.0.0) #自己(客户端)的地址#
Next server IP address: 0.0.0.0 (0.0.0.0) #下一阶段的DHCP服务器地址#
Relay agent IP address: 0.0.0.0 (0.0.0.0) #DHCP中继器的IP地址#
Client MAC address: LiteonTe_47:ad:e1 (58:00:e3:47:ad:e1) #客户端的MAC地址#
Client hardware address padding: 00000000000000000000 #客户端硬件地址填充#
Server host name not given #服务器主机名#
Boot file name not given #启动文件名#
Magic cookie: DHCP #与BOOTP兼容#
Option: (53) DHCP Message Type (Discover) #DHCP消息类型#
Length: 1 #长度值#
DHCP: Discover (1) #发现包#
Option: (61) Client identifier #客户端标识符#
Length: 7 #长度值#
Hardware type: Ethernet (0x01) #硬件类型#
Client MAC address: LiteonTe_47:ad:e1 (58:00:e3:47:ad:e1) #客户端MAV地址#
Option: (50) Requested IP Address #请求IP地址#
Length: 4 #长度值#
Requested IP Address: 192.168.1.104 (192.168.1.104) #请求的IP地址#
Option: (12) Host Name #客户端主机名#
Length: 8 #长度值#
Host Name: Kemin-PC #主机名#
Option: (60) Vendor class identifier #供应商类标识符#
Length: 8 #长度值#
Vendor class identifier: MSFT 5.0 #供应商标识符#
Option: (55) Parameter Request List #参数请求列表#
Length: 12 #长度值#
Parameter Request List Item: (1) Subnet Mask #子网掩码#
Parameter Request List Item: (15) Domain Name #域名#
Parameter Request List Item: (3) Router #路由#
Parameter Request List Item: (6) Domain Name Server #域名服务#
Parameter Request List Item: (44) NetBios over TCP/IP Name Server #NetBIOS名称服务#
Parameter Request List Item: (46) NetBIOS over TCP/IP Node Type #NetBIOS节点类型#
Parameter Request List Item: (47) NetBIOS over TCP/IP Scope #NetBIOS作用范围#
Parameter Request List Item: (31) Perform Router Discover #完成路由发现#
Parameter Request List Item: (33) Static Route #静态路由#
Parameter Request List Item: (121) Classless Static Route #无类静态路由#
Parameter Request List Item: (249) Private/Classless Static Route (Microsoft) #私有静态路由#
Parameter Request List Item: (43) Vendor-Specific Information #供应商特定信息#
Option: (255) End
Option End: 255
Padding: 00000000000000

DHCP Offer数据包分析(响应)

技术分享图片
技术分享图片

Bootstrap Protocol (Offer)
Message type: Boot Reply (2) #DHCP消息类型,这是一个响应包,所以选项值为2;#
Hardware type: Ethernet (0x01) #硬件类型#
Hardware address length: 6 #硬件地址长度#
Hops: 0 #经过的DHCP中继数#
Transaction ID: 0x11086465 #事务ID#
Seconds elapsed: 0 #客户端启动时间#
Bootp flags: 0x0000 (Unicast) #BOOTP标志字段#
Client IP address: 0.0.0.0 (0.0.0.0) #客户端IP地址#
Your (client) IP address: 192.168.1.104 (192.168.1.104) #自己(客户端)的IP地址#
Next server IP address: 0.0.0.0 (0.0.0.0) #下一阶段使用的DHCP服务器IP地址#
Relay agent IP address: 0.0.0.0 (0.0.0.0) #DHCP中继器的IP地址#
Client MAC address: LiteonTe_47:ad:e1 (58:00:e3:47:ad:e1) #客户端的MAC地址#
Client hardware address padding: 00000000000000000000 #客户端硬件地址填充#
Server host name not given #服务器主机名#
Boot file name not given #启动文件名#
Magic cookie: DHCP #BOOTP兼容#
Option: (53) DHCP Message Type (Offer) #DHCP消息类型选项#
Length: 1 #长度值#
DHCP: Offer (2) #响应包#
Option: (54) DHCP Server Identifier #DHCP服务标识符#
Length: 4 #长度值#
DHCP Server Identifier: 192.168.1.1 (192.168.1.1) #DHCP服务标志符#
Option: (51) IP Address Lease Time #IP地址租约最短时间#
Length: 4 #长度值#
IP Address Lease Time: (7200s) 2 hours #最短时间#
Option: (6) Domain Name Server #域名服务#
Length: 8 #长度值#
Domain Name Server: 101.126.60.9 (101.126.60.9) #首选域名服务地址#
Domain Name Server: 211.162.96.45 (211.162.96.45) #备选域名服务地址#
Option: (1) Subnet Mask #子网掩码#
Length: 4 #长度值#
Subnet Mask: 255.255.255.0 #子网掩码#
Option: (3) Router #路由#
Length: 4 #长度值#
Router: 192.168.1.1 (192.168.1.1) #路由器地址#
Option: (255) End
Option End: 255
Padding: 000000000000000000000000000000000000000000000000...

DHCP Request数据包分析(请求)

技术分享图片
技术分享图片

Bootstrap Protocol (Request)
Message type: Boot Request (1) #DHCP消息类型,这是一个请求包,所以选项值为1;#
Hardware type: Ethernet (0x01) #硬件类型#
Hardware address length: 6 #硬件地址长度#
Hops: 0 #经过的DHCP中继数#
Transaction ID: 0x11086465 #事务ID#
Seconds elapsed: 0 #客户端启动时间#
Bootp flags: 0x0000 (Unicast) #BOOTP标志字段#
Client IP address: 0.0.0.0 (0.0.0.0) #客户端IP地址#
Your (client) IP address: 0.0.0.0 (0.0.0.0) #自己(客户端)的IP地址#
Next server IP address: 0.0.0.0 (0.0.0.0) #下一阶段使用的DHCP服务器IP地址#
Relay agent IP address: 0.0.0.0 (0.0.0.0) #DHCP中继器的IP地址#
Client MAC address: LiteonTe_47:ad:e1 (58:00:e3:47:ad:e1) #客户端的MAC地址#
Client hardware address padding: 00000000000000000000 #客户端硬件地址填充#
Server host name not given #服务器主机名#
Boot file name not given #启动文件名#
Magic cookie: DHCP #BOOTP兼容#
Option: (53) DHCP Message Type (Request) #DHCP消息类型选项#
Length: 1 #长度值#
DHCP: Request (3) #请求包#
Option: (61) Client identifier #客户端标识符#
Length: 7 #长度值#
Hardware type: Ethernet (0x01) #硬件类型#
Client MAC address: LiteonTe_47:ad:e1 (58:00:e3:47:ad:e1) #客户端的MAC地址#
Option: (50) Requested IP Address #请求的IP地址#
Length: 4 #长度值#
Requested IP Address: 192.168.1.104 (192.168.1.104) #请求IP地址#
Option: (54) DHCP Server Identifier #DHCP服务器标志符#
Length: 4 #长度值#
DHCP Server Identifier: 192.168.1.1 (192.168.1.1) #服务器标识符#
Option: (12) Host Name #客户端主机名#
Length: 8 #长度值#
Host Name: Kemin-PC #主机名#
Option: (81) Client Fully Qualified Domain Name #客户端完全合格标准域名#
Length: 11 #长度值#
Flags: 0x00 #标志位#
0000 .... = Reserved flags: 0x0 #保留标志#
.... 0... = Server DDNS: Some server updates #服务器DDNS#
.... .0.. = Encoding: ASCII encoding #编码格式#
.... ..0. = Server overrides: No override #服务重写#
.... ...0 = Server: Client #服务:客户#
A-RR result: 0
PTR-RR result: 0
Client name: Kemin-PC #客户端名称#
Option: (60) Vendor class identifier #供应商类标识符#
Length: 8 #长度值#
Vendor class identifier: MSFT 5.0 #供应商标识符#
Option: (55) Parameter Request List #参数请求列表#
Length: 12 #长度值#
Parameter Request List Item: (1) Subnet Mask #子网掩码#
Parameter Request List Item: (15) Domain Name #域名#
Parameter Request List Item: (3) Router #路由#
Parameter Request List Item: (6) Domain Name Server #域名解析服务#
Parameter Request List Item: (44) NetBIOS over TCP/IP Name Server #NetBIOS名称服务#
Parameter Request List Item: (46) NetBIOS over TCP/IP Node Type #netBIOS节点类型#
Parameter Request List Item: (47) NetBIOS over TCP/IP Scope #NetBIOS作用范围#
Parameter Request List Item: (31) Perform Router Discover #完成路由发现#
Parameter Request List Item: (33) Static Route #静态路由#
Parameter Request List Item: (121) Classless Static Route #无类静态路由#
Parameter Request List Item: (249) Private/Classless Static Route (Microsoft) #私有静态路由#
Parameter Request List Item: (43) Vendor-Specific Information #供应商特定信息#
Option: (255) End
Option End: 255

DHCP ACK数据包分析(确认)

技术分享图片
技术分享图片

Bootstrap Protocol (ACK)
Message type: Boot Reply (2) #DHCP消息类型,这是一个响应包,所以选项值为2;#
Hardware type: Ethernet (0x01) #硬件类型#
Hardware address length: 6 #硬件地址长度#
Hops: 0 #经过DHCP中继数目#
Transaction ID: 0x11086465 #事务ID#
Seconds elapsed: 0 #客户端启动时间#
Bootp flags: 0x0000 (Unicast) #BOOTP标志#
Client IP address: 0.0.0.0 (0.0.0.0) #客户端IP地址#
Your (client) IP address: 192.168.1.104 (192.168.1.104) #自己(客户端)的IP地址#
Next server IP address: 0.0.0.0 (0.0.0.0) #下一个阶段使用的DHCP服务器IP地址#
Relay agent IP address: 0.0.0.0 (0.0.0.0) #DHCP中继IP地址#
Client MAC address: LiteonTe_47:ad:e1 (58:00:e3:47:ad:e1) #客户端MAC地址#
Client hardware address padding: 00000000000000000000 #客户端硬件地址填充#
Server host name not given #服务器主机名#
Boot file name not given #启动文件名#
Magic cookie: DHCP #BOOTP兼容#
Option: (53) DHCP Message Type (ACK) #DHCP消息类型#
Length: 1 #长度值#
DHCP: ACK (5) #确认包#
Option: (54) DHCP Server Identifier #DHCP服务标识符#
Length: 4 #长度#
DHCP Server Identifier: 192.168.1.1 (192.168.1.1) #DHCP服务标识#
Option: (51) IP Address Lease Time #IP地址最短租约时间#
Length: 4 #长度值#
IP Address Lease Time: (7200s) 2 hours #IP地址最短租约时间#
Option: (6) Domain Name Server #域名解析服务#
Length: 8 #长度值#
Domain Name Server: 101.126.60.9 (101.126.60.9) #首选域名服务地址#
Domain Name Server: 211.162.96.45 (211.162.96.45) #备选域名服务地址#
Option: (1) Subnet Mask #子网掩码值#
Length: 4 #长度#
Subnet Mask: 255.255.255.0 #子网掩码#
Option: (3) Router #路由#
Length: 4 #长度值#
Router: 192.168.1.1 (192.168.1.1) #路由地址#
Option: (255) End
Option End: 255
Padding: 000000000000000000000000000000000000000000000000...

以上是关于Wireshark数据包分析之DHCP协议包解读的主要内容,如果未能解决你的问题,请参考以下文章

Wireshark数据包分析之UDP协议包解读

Wireshark数据包分析之HTTP协议包解读

Wireshark数据包分析之FTP协议包解读

2021-08-21 网安实验-Wireshark数据抓包分析之DNS协议

Wireshark数据抓包教程之认识捕获分析数据包

《Wireshark数据包分析实战》(三)地址解析协议(ARP)