Lab 6-1: Using Sniffers-DHCP Example
Most UNIX systems use the Internet Standards Consortium (ISC) DHCP package, which includes these tools:
A DHCP server (dhcpd)
A DHCP client (dhclient)
A DHCP relay agent (dhcrelay)
The dhcping and dhcdump utilities
DHCP relays are necessary when the DHCP server does not reside on the same subnet as the DHCP client. The package can be retrieved from http://www.isc.org/products/DHCP/.
In this lab, we will observe a typical client/server session to practice with the protocol analyzers described in this chapter. Figure 6-14 shows the lab setup for the DHCP scenario.
Figure 6-14. DHCP Lab Scenario
The ISC DHCP package keeps track of leases in /var/db/dhcpd.leases and consists of two configuration files:
/etc/dhcpd.conf
/etc/dhclient.conf
This package offers a variety of options and features, much more than can be covered in this lab. The example configurations in this chapter are provided without comments; consult the manual pages and package documentation for further details. The package sources contain all relevant RFCs and draft proposals.
Example 6-10 shows an example of the UNIX dhcpd configuration; Example 6-11 shows the start procedure for a particular interface.
Example 6-10. Castor /etc/dhcpd.conf
[root@castor:~#] cat /etc/dhcpd.conf
authoritative;
ddns-update-style ad-hoc;
subnet 192.168.7.0 netmask 255.255.255.0 {
range 192.168.7.10 192.168.7.250;
option routers 192.168.7.7;
default-lease-time 600;
max-lease-time 7200;
option domain-name-servers 195.34.133.10,195.34.133.11;
}
Example 6-11. Starting the DHCP Daemon
[root@castor:~#] dhcpd -cf /etc/dhcpd.conf -lf /var/db/dhcpd.leases ed0
This setup was tested with a Windows XP notebook. Example 6-12 shows the resulting sniffer output on castor, and Example 6-13 shows the corresponding log entries. In Example 6-13, you can also observe the initial lease and the result of the Windows command sequences ipconfig /release and ipconfig /renew.
Example 6-12. Sniffing the DHCP Dialogue
[root@castor:~#] tethereal ?i ed0
0.000000 192.168.7.250 -> castor DHCP DHCP Request - Transaction ID 0xe9603354
0.015647 castor -> 192.168.7.250 DHCP DHCP ACK - Transaction ID 0xe9603354
6.196025 192.168.7.250 -> castor DHCP DHCP Release - Transaction ID 0xdc19cc67
Example 6-13. DHCP Daemon Operation Logs in the /var/db/dhcpd.leases File
[root@castor:~#] cat /var/db/dhcpd.leases
lease 192.168.7.250 {
starts 1 2002/11/25 10:44:45;
ends 1 2002/11/25 10:54:45;
binding state active;
next binding state free;
hardware ethernet 08:00:46:64:74:1b; # initial lease
uid "\001\010\000Fdt\033";
client-hostname "pollux";
}
lease 192.168.7.250 {
starts 1 2002/11/25 10:44:45;
ends 1 2002/11/25 10:44:52; # release
tstp 1 2002/11/25 10:44:52;
binding state free;
hardware ethernet 08:00:46:64:74:1b;
uid "\001\010\000Fdt\033";
}
lease 192.168.7.250 {
starts 1 2002/11/25 10:45:06;
ends 1 2002/11/25 10:55:06;
binding state active; # renew
next binding state free;
hardware ethernet 08:00:46:64:74:1b;
uid "\001\010\000Fdt\033";
client-hostname "pollux";
}
Now we will configure a DHCP server on a Cisco router (scar) and request and release a DHCP address from a UNIX client workstation (castor). The corresponding client configuration is shown in Example 6-14, the corresponding server configuration in Example 6-15. Examples 6-16 and 6-17 show the resulting protocol dialogue and statistics, including a release request and completion.
Example 6-14. /etc/dhclient.conf on Castor
[root@castor:~#] cat /etc/dhclient.conf
request subnet-mask, broadcast-address, time-offset, routers,
domain-name, domain-name-servers, host-name;
require subnet-mask, domain-name-servers;
timeout 60;
retry 60;
reboot 10;
select-timeout 5;
initial-interval 2;
script "/etc/dhclient-script";
media "-link0 -link1 -link2", "link0 link1";
reject 192.168.7.253;
Example 6-15. Cisco DHCP Server Configuration
scar# show running-config
...
!
ip dhcp excluded-address 192.168.7.254
ip dhcp excluded-address 192.168.7.7
!
ip dhcp pool LAN
network 192.168.7.0 255.255.255.0
default-router 192.168.7.254
dns-server 195.34.133.10
!
...
Example 6-16. DHCP Client Request
[root@castor:~#] tethereal -i ed0 15.654523 0.0.0.0 -> 255.255.255.255 DHCP DHCP Discover - Transaction ID 0xaf358d15 17.657345 192.168.7.254 -> 192.168.7.2 DHCP DHCP Offer - Transaction ID 0xaf358d15 18.837461 0.0.0.0 -> 255.255.255.255 DHCP DHCP Request - Transaction ID 0xaf358d15 18.845023 192.168.7.254 -> 192.168.7.2 DHCP DHCP ACK - Transaction ID 0xaf358d15 [root@castor:~#] dhclient ed0 [root@castor:~#] dhclient ?r [root@castor:~#] cat /var/db/dhclient.leases lease { interface "ed0"; fixed-address 192.168.7.2; medium "-link0 -link1 -link2"; option subnet-mask 255.255.255.0; option routers 192.168.7.254; option dhcp-lease-time 86400; option dhcp-message-type 5; option domain-name-servers 195.34.133.10; option dhcp-server-identifier 192.168.7.254; option dhcp-renewal-time 43200; option dhcp-rebinding-time 75600; renew 2 2002/11/26 22:59:31; rebind 2 2002/11/26 22:59:31; expire 2 2002/11/26 22:59:31; }
Example 6-17. Cisco DHCP Server-Side Statistics
scar# show ip dhcp binding IP address Hardware address Lease expiration Type 192.168.7.2 5254.05e3.e488 Mar 02 1993 01:28 AM Automatic scar# show ip dhcp server statistics Memory usage 13270 Address pools 1 Database agents 0 Automatic bindings 1 Manual bindings 0 Expired bindings 0 Malformed messages 0 Message Received BOOTREQUEST 0 DHCPDISCOVER 1 DHCPREQUEST 1 DHCPDECLINE 0 DHCPRELEASE 1 DHCPINFORM 4 Message Sent BOOTREPLY 0 DHCPOFFER 1 DHCPACK 1 DHCPNAK 0
NOTE
dhcping is a DHCP client tool that can be deployed to monitor a DHCP server. It is based on DHCP_INFORM, DHCP_REQUEST, and DHCP_RELEASE packets. Consult the man page dhcping(8) for further details.
