HIGAKNOWIT.COM
4Aug/11Off

Debugging DHCP session with dhcpdump

Today I've came across interesting way to debug what's going on during DHCP session. What especially I was interested at were the DHCP options, which the clients in my testing environment were sending. And especially option 93, which is holding the architecture type of the client as defined by RFC 4578.

Initially my approach was to try to get the data directly from the raw tcpdump session, while filtering only DHCP traffic, but after spending few minutes on this I realized that I'd better view it in a more friendly way (I was definitely looking for something like the wireshark's interface, but for the command line realm). I start researching, whether any tool that could help me in this task already exist, and nearly immediately I came to a very interesting and helpful one, which exactly helped me to achieve what I wanted. The name of the tool is dhcpdump.

The idea behind the tool is to parse the output of the tcpdump, and display it in a human readable format. I've installed it as a rpm under my CentOS box. The package I got from repoforge.

After installing the rpm, and reading the man I was able to gather the info I needed immediately. Below is an example output of this tool:

[root@testserver01 ~]#
[root@testserver01 ~]# tcpdump -lenx -s 1500 port bootps or port bootpc | dhcpdump
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth0, link-type EN10MB (Ethernet), capture size 1500 bytes
 
TCPdump 3.8.x output
  TIME: 15:54:23.478149
    IP: > (00:50:56:94:00:01) >  (Broadcast)
    OP: 1 (BOOTPREQUEST)
 HTYPE: 1 (Ethernet)
  HLEN: 6
  HOPS: 0
   XID: 57940001
  SECS: 4
 FLAGS: 7f80
CIADDR: 0.0.0.0
YIADDR: 0.0.0.0
SIADDR: 0.0.0.0
GIADDR: 0.0.0.0
CHADDR: 00:50:56:94:00:01:00:00:00:00:00:00:00:00:00:00
 SNAME: .
 FNAME: .
OPTION:  53 (  1) DHCP message type           1 (DHCPDISCOVER)
OPTION:  55 ( 24) Parameter Request List      1 (Subnet mask)
                                              2 (Time offset)
                                              3 (Routers)
                                              5 (Name server)
                                              6 (DNS server)
                                             11 (Resource location server)
                                             12 (Host name)
                                             13 (Boot file size)
                                             15 (Domainname)
                                             16 (Swap server)
                                             17 (Root path)
                                             18 (Extensions path)
                                             43 (Vendor specific info)
                                             54 (Server identifier)
                                             60 (Vendor class identifier)
                                             67 (Bootfile name)
                                            128 (???)
                                            129 (???)
                                            130 (???)
                                            131 (???)
                                            132 (???)
                                            133 (???)
                                            134 (???)
                                            135 (???)
 
OPTION:  57 (  2) Maximum DHCP message size 1260
OPTION:  97 ( 17) UUID/GUID                 00421403732bbd8f .B..s+..
                                            e7e5d5fd1c8ce7a5 ........
                                            6c               l
OPTION:  93 (  2) Client System             0000             ..
OPTION:  94 (  3) Client NDI                010201           ...
OPTION:  60 ( 32) Vendor class identifier   PXEClient:Arch:00000:UNDI:002001
---------------------------------------------------------------------------
  TIME: 15:54:24.000937
    IP: > (00:50:56:94:00:08) >  (Broadcast)
    OP: 2 (BOOTPREPLY)
 HTYPE: 1 (Ethernet)
  HLEN: 6
  HOPS: 0
   XID: 57940001
  SECS: 4
 FLAGS: 7f80
CIADDR: 0.0.0.0
YIADDR: 10.2.0.67
SIADDR: 10.2.0.93
GIADDR: 0.0.0.0
CHADDR: 00:50:56:94:00:01:00:00:00:00:00:00:00:00:00:00
 SNAME: .
 FNAME: /pxelinux.0.
OPTION:  53 (  1) DHCP message type         2 (DHCPOFFER)
OPTION:  54 (  4) Server identifier         10.2.0.93
OPTION:  51 (  4) IP address leasetime      21600 (6h)
OPTION:   1 (  4) Subnet mask               255.255.255.0
OPTION:   3 (  4) Routers                   10.2.0.254
OPTION:   6 (  4) DNS server                10.2.0.254
OPTION:  12 (  3) Host name                 client
---------------------------------------------------------------------------
  TIME: 15:54:25.563625
    IP: > (00:50:56:94:00:01) >  (Broadcast)
    OP: 1 (BOOTPREQUEST)
 HTYPE: 1 (Ethernet)
  HLEN: 6
  HOPS: 0
   XID: 57940001
  SECS: 4
 FLAGS: 7f80
CIADDR: 0.0.0.0
YIADDR: 0.0.0.0
SIADDR: 0.0.0.0
GIADDR: 0.0.0.0
CHADDR: 00:50:56:94:00:01:00:00:00:00:00:00:00:00:00:00
 SNAME: .
 FNAME: .
OPTION:  53 (  1) DHCP message type           3 (DHCPREQUEST)
OPTION:  50 (  4) Request IP address          10.2.0.67
OPTION:  55 ( 24) Parameter Request List      1 (Subnet mask)
                                              2 (Time offset)
                                              3 (Routers)
                                              5 (Name server)
                                              6 (DNS server)
                                             11 (Resource location server)
                                             12 (Host name)
                                             13 (Boot file size)
                                             15 (Domainname)
                                             16 (Swap server)
                                             17 (Root path)
                                             18 (Extensions path)
                                             43 (Vendor specific info)
                                             54 (Server identifier)
                                             60 (Vendor class identifier)
                                             67 (Bootfile name)
                                            128 (???)
                                            129 (???)
                                            130 (???)
                                            131 (???)
                                            132 (???)
                                            133 (???)
                                            134 (???)
                                            135 (???)
 
OPTION:  57 (  2) Maximum DHCP message size 1260
OPTION:  54 (  4) Server identifier         10.2.0.93
OPTION:  97 ( 17) UUID/GUID                 00421403732bbd8f .B..s+..
                                            e7e5d5fd1c8ce7a5 ........
                                            6c               l
OPTION:  93 (  2) Client System             0000             ..
OPTION:  94 (  3) Client NDI                010201           ...
OPTION:  60 ( 32) Vendor class identifier   PXEClient:Arch:00000:UNDI:002001
---------------------------------------------------------------------------
  TIME: 15:54:25.568186
    IP: > (00:50:56:94:00:08) >  (Broadcast)
    OP: 2 (BOOTPREPLY)
 HTYPE: 1 (Ethernet)
  HLEN: 6
  HOPS: 0
   XID: 57940001
  SECS: 4
 FLAGS: 7f80
CIADDR: 0.0.0.0
YIADDR: 10.2.0.67
SIADDR: 10.2.0.93
GIADDR: 0.0.0.0
CHADDR: 00:50:56:94:00:01:00:00:00:00:00:00:00:00:00:00
 SNAME: .
 FNAME: /pxelinux.0.
OPTION:  53 (  1) DHCP message type         5 (DHCPACK)
OPTION:  54 (  4) Server identifier         10.2.0.93
OPTION:  51 (  4) IP address leasetime      21600 (6h)
OPTION:   1 (  4) Subnet mask               255.255.255.0
OPTION:   3 (  4) Routers                   10.2.0.254
OPTION:   6 (  4) DNS server                10.2.0.254
OPTION:  12 (  3) Host name                 client
---------------------------------------------------------------------------

As you can see the output is friendly enough for reading the entire content of the DHCP packets. I was able to examine the options I needed and continue further with the experimentation. I find this as a nice little tool, which I'll definitely keep on my list 🙂

 

Comments (1) Trackbacks (0)
  1. Hi, I think your blog might be having browser compatibility
    issues. When I look at your website in Chrome, it looks fine but when opening in Internet Explorer, it has
    some overlapping. I just wanted to give you a quick heads up!
    Other then that, excellent blog!


Trackbacks are disabled.