Jump to content

tcpdump + dhcp + option 82

Dushes
 Share

Recommended Posts

Dushes

Dushes

Posted
Posted (edited) 

tcpdump -n -i vlan10 -s 0 -v -vv port 67 > /root/c6509test

12:16:02.454800 IP (tos 0x0, ttl 255, id 23713, offset 0, flags [none], proto UDP (17), length 313)
   195.191.220.1.67 > 195.191.221.4.67: [udp sum ok] BOOTP/DHCP, Request from 40:4a:03:73:fc:eb, length 285, hops 1, xid 0xca76, Flags [broadcast] (0x8000)
  Gateway-IP 195.191.220.1
  Client-Ethernet-Address 40:4a:03:73:fc:eb
  Vendor-rfc1048 Extensions
    Magic Cookie 0x63825363
    DHCP-Message Option 53, length 1: Discover
    Client-ID Option 61, length 7: ether 40:4a:03:73:fc:eb
    Hostname Option 12, length 10: "NBG460NEE^@"
    Agent-Information Option 82, length 18: 
      Circuit-ID SubOption 1, length 6: ^@^D^B^H^B^N
      Remote-ID SubOption 2, length 8: ^@^F^@M-P^DM-MT^@
    END Option 255, length 0

 

dhcpdump -i vlan10 > /root/c6509test2

TIME: 2012-06-18 12:15:08.490
   IP: 195.191.220.1 (00:d0:04:cd:54:00) > 195.191.221.4 (00:1c:c4:6a:c0:fe)
   OP: 1 (BOOTPREQUEST)
HTYPE: 1 (Ethernet)
 HLEN: 6
 HOPS: 1
  XID: 0000f785
 SECS: 0
FLAGS: 7f80
CIADDR: 0.0.0.0
YIADDR: 0.0.0.0
SIADDR: 0.0.0.0
GIADDR: 195.191.220.1
CHADDR: 40:4a:03:73:fc:eb:00:00:00:00:00:00:00:00:00:00
SNAME: .
FNAME: .
OPTION:  53 (  1) DHCP message type         1 (DHCPDISCOVER)
OPTION:  61 (  7) Client-identifier         01:40:4a:03:73:fc:eb
OPTION:  12 ( 10) Host name                 NBG460NEE
OPTION:  82 ( 18) Relay Agent Information
                 Circuit-ID    00:04:02:08:02:0e                  Remote-ID     *MALFORMED -- TOO LARGE*

 

cat ..../dhcpd.conf

class "VLAN520" { match if (suffix(option agent.remote-id,6) = ? and binary-to-ascii(10,16,"",substring(option agent.circuit-id,2,2)) = "520" ); }

 

 

Помогите пожалуйста, как правельно составить правило для dhcpd.conf

1) в часности как узнать какой индификатор (remote-id) шлет 6509

2) правельно ли составлен class для выдергивания номера vlan из circuit

Edited by Dushes
Dushes

Dushes

Posted
  • Author
Posted

s.lobanov

Правельно ли я понял

 

Circuit-ID SubOption 1, length 6: ^@^D^B^H^B^N

Remote-ID SubOption 2, length 8: ^@^F^@M-P^DM-MT^@

 

нужно просто в hex просмотреть ?

 

Ivan_83

 

[13:30:38] Received 285 bytes from 195.191.220.1:67
DHCP head:
    op	= 1 (1) - BOOTREQUEST
    htype	= 1 (1) - Ethernet (10Mb)
    hlen	= 6 (6)
    hops	= 1 (1)
    xid	= 1b03 (6915)
    secs	= 0 (0)
    flags	= 8000 (32768) [b=1, MBZ=0]
    ciaddr	= 0.0.0.0
    yiaddr	= 0.0.0.0
    siaddr	= 0.0.0.0
    giaddr	= 195.191.220.1
    chaddr	= 404a0373fceb
    sname	= 
    file	= 
053 [001]: DHCP message type: 01 (001) - DISCOVER
061 [007]: DHCP Client identifier: 01404a0373fceb
012 [010]: Host name: NBG460NEE

[13:30:38] Received 285 bytes from 195.191.220.1:67 -> 195.191.220.3:67
Duplicate DHCP packet: op = 1, xid = 6915

Ivan_83

Ivan_83

Posted
Posted

Пакет напрямую, мимо релея залетел, потому опции82 не видно.

Если есть возможность - сделайте бинарный дамп пакета, я посмотрю и сделаю чтобы декодило.

sirmax

sirmax

Posted
Posted

Если мне не изменяет память tshark может смотреть

 

Internet Protocol, Src: , Dst: 
   Version: 4
   Header length: 20 bytes
   Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
       0000 00.. = Differentiated Services Codepoint: Default (0x00)
       .... ..0. = ECN-Capable Transport (ECT): 0
       .... ...0 = ECN-CE: 0
   Total Length: 362
   Identification: 0x0000 (0)
   Flags: 0x02 (Don't Fragment)
       0... .... = Reserved bit: Not set
       .1.. .... = Don't fragment: Set
       ..0. .... = More fragments: Not set
   Fragment offset: 0
   Time to live: 64
   Protocol: UDP (17)
   Header checksum: 0x3653 [correct]
       [Good: True]
       [bad: False]
   Source: 
   Destination: 
User Datagram Protocol, Src Port: 67 (67), Dst Port: 68 (68)
   Source port: 67 (67)
   Destination port: 68 (68)
   Length: 342
   Checksum: 0x0498 [validation disabled]
       [Good Checksum: False]
       [bad Checksum: False]
Bootstrap Protocol
   Message type: Boot Reply (2)
   Hardware type: Ethernet
   Hardware address length: 6
   Hops: 0
   Transaction ID: 0x3b7f99cc
   Seconds elapsed: 0
   Bootp flags: 0x0000 (Unicast)
       0... .... .... .... = Broadcast flag: Unicast
       .000 0000 0000 0000 = Reserved flags: 0x0000
   Client IP address: 94.154.37.251 (94.154.37.251)
   Your (client) IP address: 94.154.37.251 (94.154.37.251)
   Next server IP address: 0.0.0.0 (0.0.0.0)
   Relay agent IP address: 0.0.0.0 (0.0.0.0)
   Client MAC address: f8:d1:11:60:a0:cd (f8:d1:11:60:a0:cd)
   Client hardware address padding: 00000000000000000000
   Server host name not given
   Boot file name not given
   Magic cookie: DHCP
   Option: (t=53,l=1) DHCP Message Type = DHCP ACK
       Option: (53) DHCP Message Type
       Length: 1
       Value: 05
   Option: (t=54,l=4) DHCP Server Identifier = 10.2.0.1
       Option: (54) DHCP Server Identifier
       Length: 4
       Value: 0a020001
   Option: (t=51,l=4) IP Address Lease Time = 5 minutes
       Option: (51) IP Address Lease Time
       Length: 4
       Value: 0000012c
   Option: (t=1,l=4) Subnet Mask = 255.255.248.0
       Option: (1) Subnet Mask
       Length: 4
       Value: fffff800
   Option: (t=3,l=4) Router = 94.XX.XX.1
       Option: (3) Router
       Length: 4
       Value: 5e9a2001
   Option: (t=6,l=8) Domain Name Server
       Option: (6) Domain Name Server
       Length: 8
       Value: 0afffffe0afffffd
       IP Address: 10.255.255.254
       IP Address: 10.255.255.253
   Option: (t=15,l=12) Domain Name = "network.net.ua"
       Option: (15) Domain Name
       Length: 12
       Value: 646f6e65632e6e65742e7561
   Option: (t=121,l=9) Classless Static Route
       Option: (121) Classless Static Route
       Length: 9
       Value: 1c5e9a27f05e9a2001
       Subnet/MaskWidth-Router: 
   Option: (t=249,l=9) Private/Classless Static Route (Microsoft)
       Option: (249) Private/Classless Static Route (Microsoft)
       Length: 9
       Value: 1c5e9a27f05e9a2001
       Subnet/MaskWidth-Router: 
   Option: (t=82,l=18) Agent Information Option
       Option: (82) Agent Information Option
       Length: 18
       Value: 010600040be20102020800060012cfdd5f6f
       Agent Circuit ID: 00040be20102
       Agent Remote ID: 00060012cfdd5f6f
   End Option

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...
На сайте используются файлы cookie и сервисы аналитики для корректной работы форума и улучшения качества обслуживания. Продолжая использовать сайт, вы соглашаетесь с использованием файлов cookie и с Политикой конфиденциальности.