Wireshark數據包分析之DHCP協議包解讀

*此篇博客僅作爲個人筆記和學習參考

DHCP協議包格式

DHCP報文類型

DHCP Discover、DHCP Offer、DHCP Request、DHCP ACK、DHCP NAK、DHCP Release、DHCP Decline、DHCP Infrom;

DHCP Discover數據包分析(發現)

Bootstrap Protocol (Discover)
Message type: Boot Request (1) #DHCP消息類型,這是一個請求包,所以選項值爲1;#
Hardware type: Ethernet (0x01) #硬件類型#
Hardware address length: 6 #硬件地址長度#
Hops: 0 #經過DHCP的中繼數量#
Transaction ID: 0x11086465 #事務ID#
Seconds elapsed: 0 #客戶端啓動時間#
Bootp flags: 0x0000 (Unicast) #BOOTP標誌字段#
Client IP address: 0.0.0.0 (0.0.0.0) #客戶端IP地址#
Your (client) IP address: 0.0.0.0 (0.0.0.0) #自己(客戶端)的地址#
Next server IP address: 0.0.0.0 (0.0.0.0) #下一階段的DHCP服務器地址#
Relay agent IP address: 0.0.0.0 (0.0.0.0) #DHCP中繼器的IP地址#
Client MAC address: LiteonTe_47:ad:e1 (58:00:e3:47:ad:e1) #客戶端的MAC地址#
Client hardware address padding: 00000000000000000000 #客戶端硬件地址填充#
Server host name not given #服務器主機名#
Boot file name not given #啓動文件名#
Magic cookie: DHCP #與BOOTP兼容#
Option: (53) DHCP Message Type (Discover) #DHCP消息類型#
Length: 1 #長度值#
DHCP: Discover (1) #發現包#
Option: (61) Client identifier #客戶端標識符#
Length: 7 #長度值#
Hardware type: Ethernet (0x01) #硬件類型#
Client MAC address: LiteonTe_47:ad:e1 (58:00:e3:47:ad:e1) #客戶端MAV地址#
Option: (50) Requested IP Address #請求IP地址#
Length: 4 #長度值#
Requested IP Address: 192.168.1.104 (192.168.1.104) #請求的IP地址#
Option: (12) Host Name #客戶端主機名#
Length: 8 #長度值#
Host Name: Kemin-PC #主機名#
Option: (60) Vendor class identifier #供應商類標識符#
Length: 8 #長度值#
Vendor class identifier: MSFT 5.0 #供應商標識符#
Option: (55) Parameter Request List #參數請求列表#
Length: 12 #長度值#
Parameter Request List Item: (1) Subnet Mask #子網掩碼#
Parameter Request List Item: (15) Domain Name #域名#
Parameter Request List Item: (3) Router #路由#
Parameter Request List Item: (6) Domain Name Server #域名服務#
Parameter Request List Item: (44) NetBIOS over TCP/IP Name Server #NetBIOS名稱服務#
Parameter Request List Item: (46) NetBIOS over TCP/IP Node Type #NetBIOS節點類型#
Parameter Request List Item: (47) NetBIOS over TCP/IP Scope #NetBIOS作用範圍#
Parameter Request List Item: (31) Perform Router Discover #完成路由發現#
Parameter Request List Item: (33) Static Route #靜態路由#
Parameter Request List Item: (121) Classless Static Route #無類靜態路由#
Parameter Request List Item: (249) Private/Classless Static Route (Microsoft) #私有靜態路由#
Parameter Request List Item: (43) Vendor-Specific Information #供應商特定信息#
Option: (255) End
Option End: 255
Padding: 00000000000000

DHCP Offer數據包分析(響應)

Bootstrap Protocol (Offer)
Message type: Boot Reply (2) #DHCP消息類型,這是一個響應包,所以選項值爲2;#
Hardware type: Ethernet (0x01) #硬件類型#
Hardware address length: 6 #硬件地址長度#
Hops: 0 #經過的DHCP中繼數#
Transaction ID: 0x11086465 #事務ID#
Seconds elapsed: 0 #客戶端啓動時間#
Bootp flags: 0x0000 (Unicast) #BOOTP標誌字段#
Client IP address: 0.0.0.0 (0.0.0.0) #客戶端IP地址#
Your (client) IP address: 192.168.1.104 (192.168.1.104) #自己(客戶端)的IP地址#
Next server IP address: 0.0.0.0 (0.0.0.0) #下一階段使用的DHCP服務器IP地址#
Relay agent IP address: 0.0.0.0 (0.0.0.0) #DHCP中繼器的IP地址#
Client MAC address: LiteonTe_47:ad:e1 (58:00:e3:47:ad:e1) #客戶端的MAC地址#
Client hardware address padding: 00000000000000000000 #客戶端硬件地址填充#
Server host name not given #服務器主機名#
Boot file name not given #啓動文件名#
Magic cookie: DHCP #BOOTP兼容#
Option: (53) DHCP Message Type (Offer) #DHCP消息類型選項#
Length: 1 #長度值#
DHCP: Offer (2) #響應包#
Option: (54) DHCP Server Identifier #DHCP服務標識符#
Length: 4 #長度值#
DHCP Server Identifier: 192.168.1.1 (192.168.1.1) #DHCP服務標誌符#
Option: (51) IP Address Lease Time #IP地址租約最短時間#
Length: 4 #長度值#
IP Address Lease Time: (7200s) 2 hours #最短時間#
Option: (6) Domain Name Server #域名服務#
Length: 8 #長度值#
Domain Name Server: 101.126.60.9 (101.126.60.9) #首選域名服務地址#
Domain Name Server: 211.162.96.45 (211.162.96.45) #備選域名服務地址#
Option: (1) Subnet Mask #子網掩碼#
Length: 4 #長度值#
Subnet Mask: 255.255.255.0 #子網掩碼#
Option: (3) Router #路由#
Length: 4 #長度值#
Router: 192.168.1.1 (192.168.1.1) #路由器地址#
Option: (255) End
Option End: 255
Padding: 000000000000000000000000000000000000000000000000...

DHCP Request數據包分析(請求)

Bootstrap Protocol (Request)
Message type: Boot Request (1) #DHCP消息類型,這是一個請求包,所以選項值爲1;#
Hardware type: Ethernet (0x01) #硬件類型#
Hardware address length: 6 #硬件地址長度#
Hops: 0 #經過的DHCP中繼數#
Transaction ID: 0x11086465 #事務ID#
Seconds elapsed: 0 #客戶端啓動時間#
Bootp flags: 0x0000 (Unicast) #BOOTP標誌字段#
Client IP address: 0.0.0.0 (0.0.0.0) #客戶端IP地址#
Your (client) IP address: 0.0.0.0 (0.0.0.0) #自己(客戶端)的IP地址#
Next server IP address: 0.0.0.0 (0.0.0.0) #下一階段使用的DHCP服務器IP地址#
Relay agent IP address: 0.0.0.0 (0.0.0.0) #DHCP中繼器的IP地址#
Client MAC address: LiteonTe_47:ad:e1 (58:00:e3:47:ad:e1) #客戶端的MAC地址#
Client hardware address padding: 00000000000000000000 #客戶端硬件地址填充#
Server host name not given #服務器主機名#
Boot file name not given #啓動文件名#
Magic cookie: DHCP #BOOTP兼容#
Option: (53) DHCP Message Type (Request) #DHCP消息類型選項#
Length: 1 #長度值#
DHCP: Request (3) #請求包#
Option: (61) Client identifier #客戶端標識符#
Length: 7 #長度值#
Hardware type: Ethernet (0x01) #硬件類型#
Client MAC address: LiteonTe_47:ad:e1 (58:00:e3:47:ad:e1) #客戶端的MAC地址#
Option: (50) Requested IP Address #請求的IP地址#
Length: 4 #長度值#
Requested IP Address: 192.168.1.104 (192.168.1.104) #請求IP地址#
Option: (54) DHCP Server Identifier #DHCP服務器標誌符#
Length: 4 #長度值#
DHCP Server Identifier: 192.168.1.1 (192.168.1.1) #服務器標識符#
Option: (12) Host Name #客戶端主機名#
Length: 8 #長度值#
Host Name: Kemin-PC #主機名#
Option: (81) Client Fully Qualified Domain Name #客戶端完全合格標準域名#
Length: 11 #長度值#
Flags: 0x00 #標誌位#
0000 .... = Reserved flags: 0x0 #保留標誌#
.... 0... = Server DDNS: Some server updates #服務器DDNS#
.... .0.. = Encoding: ASCII encoding #編碼格式#
.... ..0. = Server overrides: No override #服務重寫#
.... ...0 = Server: Client #服務:客戶#
A-RR result: 0
PTR-RR result: 0
Client name: Kemin-PC #客戶端名稱#
Option: (60) Vendor class identifier #供應商類標識符#
Length: 8 #長度值#
Vendor class identifier: MSFT 5.0 #供應商標識符#
Option: (55) Parameter Request List #參數請求列表#
Length: 12 #長度值#
Parameter Request List Item: (1) Subnet Mask #子網掩碼#
Parameter Request List Item: (15) Domain Name #域名#
Parameter Request List Item: (3) Router #路由#
Parameter Request List Item: (6) Domain Name Server #域名解析服務#
Parameter Request List Item: (44) NetBIOS over TCP/IP Name Server #NetBIOS名稱服務#
Parameter Request List Item: (46) NetBIOS over TCP/IP Node Type #netBIOS節點類型#
Parameter Request List Item: (47) NetBIOS over TCP/IP Scope #NetBIOS作用範圍#
Parameter Request List Item: (31) Perform Router Discover #完成路由發現#
Parameter Request List Item: (33) Static Route #靜態路由#
Parameter Request List Item: (121) Classless Static Route #無類靜態路由#
Parameter Request List Item: (249) Private/Classless Static Route (Microsoft) #私有靜態路由#
Parameter Request List Item: (43) Vendor-Specific Information #供應商特定信息#
Option: (255) End
Option End: 255

DHCP ACK數據包分析(確認)

Bootstrap Protocol (ACK)
Message type: Boot Reply (2) #DHCP消息類型,這是一個響應包,所以選項值爲2;#
Hardware type: Ethernet (0x01) #硬件類型#
Hardware address length: 6 #硬件地址長度#
Hops: 0 #經過DHCP中繼數目#
Transaction ID: 0x11086465 #事務ID#
Seconds elapsed: 0 #客戶端啓動時間#
Bootp flags: 0x0000 (Unicast) #BOOTP標誌#
Client IP address: 0.0.0.0 (0.0.0.0) #客戶端IP地址#
Your (client) IP address: 192.168.1.104 (192.168.1.104) #自己(客戶端)的IP地址#
Next server IP address: 0.0.0.0 (0.0.0.0) #下一個階段使用的DHCP服務器IP地址#
Relay agent IP address: 0.0.0.0 (0.0.0.0) #DHCP中繼IP地址#
Client MAC address: LiteonTe_47:ad:e1 (58:00:e3:47:ad:e1) #客戶端MAC地址#
Client hardware address padding: 00000000000000000000 #客戶端硬件地址填充#
Server host name not given #服務器主機名#
Boot file name not given #啓動文件名#
Magic cookie: DHCP #BOOTP兼容#
Option: (53) DHCP Message Type (ACK) #DHCP消息類型#
Length: 1 #長度值#
DHCP: ACK (5) #確認包#
Option: (54) DHCP Server Identifier #DHCP服務標識符#
Length: 4 #長度#
DHCP Server Identifier: 192.168.1.1 (192.168.1.1) #DHCP服務標識#
Option: (51) IP Address Lease Time #IP地址最短租約時間#
Length: 4 #長度值#
IP Address Lease Time: (7200s) 2 hours #IP地址最短租約時間#
Option: (6) Domain Name Server #域名解析服務#
Length: 8 #長度值#
Domain Name Server: 101.126.60.9 (101.126.60.9) #首選域名服務地址#
Domain Name Server: 211.162.96.45 (211.162.96.45) #備選域名服務地址#
Option: (1) Subnet Mask #子網掩碼值#
Length: 4 #長度#
Subnet Mask: 255.255.255.0 #子網掩碼#
Option: (3) Router #路由#
Length: 4 #長度值#
Router: 192.168.1.1 (192.168.1.1) #路由地址#
Option: (255) End
Option End: 255
Padding: 000000000000000000000000000000000000000000000000...