(OK-HALF) To Find a Rogue DHCP Server—tcpdump/dhclient—nmap

nmap -sP 10.108.160.0/22
tcpdump -i enp13s0 -nev  >> /tmp/rogue

++++++++++++++
Rogue DHCP Server MAC:  c8:3a:35:11:70:00

All mac addresses starting with C8-3A-35 belong to the owner Tenda Technology Co.,

++++++++++++++

tcpdump -i enp13s0 -nev udp port 68 >> /tmp/rogue 2>&1 &
arping -i eth1 00:E0:29:XX:YY:ZZ
nmap -sP 192.168.0.0/24 >/dev/null && arp -an | grep c8:3a:35:11:70:00 | awk '{print $2}' | sed 's/[()]//g'

++++++++++++++ Tenda MAC address list
Vendor: TendaTec Mac address: C8:3A:35

++++++++++++++ TP-Link MAC address list
Vendor: Tp-LinkT Mac address: 00:19:E0
Vendor: Tp-LinkT Mac address: 00:1D:0F
Vendor: Tp-LinkT Mac address: 00:21:27
Vendor: Tp-LinkT Mac address: 00:23:CD
Vendor: Tp-LinkT Mac address: 00:25:86
Vendor: Tp-LinkT Mac address: 00:27:19
Vendor: Tp-LinkT Mac address: 40:16:9F
Vendor: Tp-LinkT Mac address: 54:E6:FC
Vendor: Tp-LinkT Mac address: 74:EA:3A
Vendor: Tp-LinkT Mac address: 94:0C:6D
Vendor: Tp-LinkT Mac address: B0:48:7A
Vendor: Tp-LinkT Mac address: D8:5D:4C
Vendor: Tp-LinkT Mac address: E0:05:C5
Vendor: Tp-LinkT Mac address: F4:EC:38


++++++++++++++++++++++++++++

+++++++++++++++++++异常

[root@localhost core]# tcpdump -i enp13s0 -nev udp port 68

tcpdump: listening on enp13s0, link-type EN10MB (Ethernet), capture size 65535 bytes
08:56:13.405651 3c:97:0e:f0:b5:bb > c8:3a:35:11:70:00, ethertype IPv4 (0x0800), length 342: (tos 0x0, ttl 64, id 56976, offset 0, flags [DF], proto UDP (17), length 328)
    192.168.0.111.bootpc > 192.168.0.1.bootps: BOOTP/DHCP, Request from 3c:97:0e:f0:b5:bb, length 300, xid 0x292e3d42, Flags [none]
      Client-IP 192.168.0.111
      Client-Ethernet-Address 3c:97:0e:f0:b5:bb
      Vendor-rfc1048 Extensions
        Magic Cookie 0x63825363
        DHCP-Message Option 53, length 1: Release
        Server-ID Option 54, length 4: 192.168.0.1
08:56:23.516772 3c:97:0e:f0:b5:bb > Broadcast, ethertype IPv4 (0x0800), length 342: (tos 0x10, ttl 128, id 0, offset 0, flags [none], proto UDP (17), length 328)
    0.0.0.0.bootpc > 255.255.255.255.bootps: BOOTP/DHCP, Request from 3c:97:0e:f0:b5:bb, length 300, xid 0xb5d8ea1c, Flags [none]
      Client-Ethernet-Address 3c:97:0e:f0:b5:bb
      Vendor-rfc1048 Extensions
        Magic Cookie 0x63825363
        DHCP-Message Option 53, length 1: Discover
        Requested-IP Option 50, length 4: 192.168.0.111
        Parameter-Request Option 55, length 13:
          Subnet-Mask, BR, Time-Zone, Classless-Static-Route
          Domain-Name, Domain-Name-Server, Hostname, YD
          YS, NTP, MTU, Option 119
          Default-Gateway
08:56:23.526530 c8:3a:35:11:70:00 > 3c:97:0e:f0:b5:bb, ethertype IPv4 (0x0800), length 590: (tos 0x0, ttl 64, id 0, offset 0, flags [none], proto UDP (17), length 576)
    192.168.0.1.bootps > 192.168.0.111.bootpc: BOOTP/DHCP, Reply, length 548, xid 0xb5d8ea1c, Flags [none]
      Your-IP 192.168.0.111
      Client-Ethernet-Address 3c:97:0e:f0:b5:bb
      Vendor-rfc1048 Extensions
        Magic Cookie 0x63825363
        DHCP-Message Option 53, length 1: Offer
        Server-ID Option 54, length 4: 192.168.0.1
        Lease-Time Option 51, length 4: 86400
        Subnet-Mask Option 1, length 4: 255.255.255.0
        Default-Gateway Option 3, length 4: 192.168.0.1
        Domain-Name-Server Option 6, length 8: 192.168.0.1,192.168.0.1
        MTU Option 26, length 2: 1500
08:56:23.526667 3c:97:0e:f0:b5:bb > Broadcast, ethertype IPv4 (0x0800), length 342: (tos 0x10, ttl 128, id 0, offset 0, flags [none], proto UDP (17), length 328)
    0.0.0.0.bootpc > 255.255.255.255.bootps: BOOTP/DHCP, Request from 3c:97:0e:f0:b5:bb, length 300, xid 0xb5d8ea1c, Flags [none]
      Client-Ethernet-Address 3c:97:0e:f0:b5:bb
      Vendor-rfc1048 Extensions
        Magic Cookie 0x63825363
        DHCP-Message Option 53, length 1: Request
        Server-ID Option 54, length 4: 192.168.0.1
        Requested-IP Option 50, length 4: 192.168.0.111
        Parameter-Request Option 55, length 13:
          Subnet-Mask, BR, Time-Zone, Classless-Static-Route
          Domain-Name, Domain-Name-Server, Hostname, YD
          YS, NTP, MTU, Option 119
          Default-Gateway
08:56:23.536296 00:0f:e2:6a:09:78 > Broadcast, ethertype IPv4 (0x0800), length 342: (tos 0xe0, ttl 255, id 12000, offset 0, flags [none], proto UDP (17), length 328)
    10.108.160.1.bootps > 255.255.255.255.bootpc: BOOTP/DHCP, Reply, length 300, hops 1, xid 0xb5d8ea1c, Flags [Broadcast]
      Gateway-IP 10.108.160.1
      Client-Ethernet-Address 3c:97:0e:f0:b5:bb
      Vendor-rfc1048 Extensions
        Magic Cookie 0x63825363
        DHCP-Message Option 53, length 1: NACK
        Server-ID Option 54, length 4: 10.3.9.2
        MSG Option 56, length 31: "requested address not available"
08:56:23.537153 00:0f:e2:6a:09:78 > Broadcast, ethertype IPv4 (0x0800), length 342: (tos 0xe0, ttl 255, id 12001, offset 0, flags [none], proto UDP (17), length 328)
    10.108.160.1.bootps > 255.255.255.255.bootpc: BOOTP/DHCP, Reply, length 300, hops 1, xid 0xb5d8ea1c, Flags [Broadcast]
      Gateway-IP 10.108.160.1
      Client-Ethernet-Address 3c:97:0e:f0:b5:bb
      Vendor-rfc1048 Extensions
        Magic Cookie 0x63825363
        DHCP-Message Option 53, length 1: NACK
        Server-ID Option 54, length 4: 10.3.9.31
        MSG Option 56, length 31: "requested address not available"
08:56:23.550490 c8:3a:35:11:70:00 > 3c:97:0e:f0:b5:bb, ethertype IPv4 (0x0800), length 590: (tos 0x0, ttl 64, id 0, offset 0, flags [none], proto UDP (17), length 576)
    192.168.0.1.bootps > 192.168.0.111.bootpc: BOOTP/DHCP, Reply, length 548, xid 0xb5d8ea1c, Flags [none]
      Your-IP 192.168.0.111
      Client-Ethernet-Address 3c:97:0e:f0:b5:bb
      Vendor-rfc1048 Extensions
        Magic Cookie 0x63825363
        DHCP-Message Option 53, length 1: ACK
        Server-ID Option 54, length 4: 192.168.0.1
        Lease-Time Option 51, length 4: 86400
        Subnet-Mask Option 1, length 4: 255.255.255.0
        Default-Gateway Option 3, length 4: 192.168.0.1
        Domain-Name-Server Option 6, length 8: 192.168.0.1,192.168.0.1
        MTU Option 26, length 2: 1500
08:56:23.961106 3c:97:0e:f0:b5:bb > Broadcast, ethertype IPv4 (0x0800), length 342: (tos 0x10, ttl 128, id 0, offset 0, flags [none], proto UDP (17), length 328)
    0.0.0.0.bootpc > 255.255.255.255.bootps: BOOTP/DHCP, Request from 3c:97:0e:f0:b5:bb, length 300, xid 0x2bdda24d, Flags [none]
      Client-Ethernet-Address 3c:97:0e:f0:b5:bb
      Vendor-rfc1048 Extensions
        Magic Cookie 0x63825363
        DHCP-Message Option 53, length 1: Discover
        Parameter-Request Option 55, length 13:
          Subnet-Mask, BR, Time-Zone, Classless-Static-Route
          Domain-Name, Domain-Name-Server, Hostname, YD
          YS, NTP, MTU, Option 119
          Default-Gateway
08:56:23.970519 c8:3a:35:11:70:00 > 3c:97:0e:f0:b5:bb, ethertype IPv4 (0x0800), length 590: (tos 0x0, ttl 64, id 0, offset 0, flags [none], proto UDP (17), length 576)
    192.168.0.1.bootps > 192.168.0.111.bootpc: BOOTP/DHCP, Reply, length 548, xid 0x2bdda24d, Flags [none]
      Your-IP 192.168.0.111
      Client-Ethernet-Address 3c:97:0e:f0:b5:bb
      Vendor-rfc1048 Extensions
        Magic Cookie 0x63825363
        DHCP-Message Option 53, length 1: Offer
        Server-ID Option 54, length 4: 192.168.0.1
        Lease-Time Option 51, length 4: 86400
        Subnet-Mask Option 1, length 4: 255.255.255.0
        Default-Gateway Option 3, length 4: 192.168.0.1
        Domain-Name-Server Option 6, length 8: 192.168.0.1,192.168.0.1
        MTU Option 26, length 2: 1500
08:56:23.970708 3c:97:0e:f0:b5:bb > Broadcast, ethertype IPv4 (0x0800), length 342: (tos 0x10, ttl 128, id 0, offset 0, flags [none], proto UDP (17), length 328)
    0.0.0.0.bootpc > 255.255.255.255.bootps: BOOTP/DHCP, Request from 3c:97:0e:f0:b5:bb, length 300, xid 0x2bdda24d, Flags [none]
      Client-Ethernet-Address 3c:97:0e:f0:b5:bb
      Vendor-rfc1048 Extensions
        Magic Cookie 0x63825363
        DHCP-Message Option 53, length 1: Request
        Server-ID Option 54, length 4: 192.168.0.1
        Requested-IP Option 50, length 4: 192.168.0.111
        Parameter-Request Option 55, length 13:
          Subnet-Mask, BR, Time-Zone, Classless-Static-Route
          Domain-Name, Domain-Name-Server, Hostname, YD
          YS, NTP, MTU, Option 119
          Default-Gateway
08:56:23.979893 00:0f:e2:6a:09:78 > Broadcast, ethertype IPv4 (0x0800), length 342: (tos 0xe0, ttl 255, id 12006, offset 0, flags [none], proto UDP (17), length 328)
    10.108.160.1.bootps > 255.255.255.255.bootpc: BOOTP/DHCP, Reply, length 300, hops 1, xid 0x2bdda24d, Flags [Broadcast]
      Gateway-IP 10.108.160.1
      Client-Ethernet-Address 3c:97:0e:f0:b5:bb
      Vendor-rfc1048 Extensions
        Magic Cookie 0x63825363
        DHCP-Message Option 53, length 1: NACK
        Server-ID Option 54, length 4: 10.3.9.31
        MSG Option 56, length 31: "requested address not available"
08:56:23.980828 00:0f:e2:6a:09:78 > Broadcast, ethertype IPv4 (0x0800), length 342: (tos 0xe0, ttl 255, id 12007, offset 0, flags [none], proto UDP (17), length 328)
    10.108.160.1.bootps > 255.255.255.255.bootpc: BOOTP/DHCP, Reply, length 300, hops 1, xid 0x2bdda24d, Flags [Broadcast]
      Gateway-IP 10.108.160.1
      Client-Ethernet-Address 3c:97:0e:f0:b5:bb
      Vendor-rfc1048 Extensions
        Magic Cookie 0x63825363
        DHCP-Message Option 53, length 1: NACK
        Server-ID Option 54, length 4: 10.3.9.2
        MSG Option 56, length 31: "requested address not available"
08:56:23.994474 c8:3a:35:11:70:00 > 3c:97:0e:f0:b5:bb, ethertype IPv4 (0x0800), length 590: (tos 0x0, ttl 64, id 0, offset 0, flags [none], proto UDP (17), length 576)
    192.168.0.1.bootps > 192.168.0.111.bootpc: BOOTP/DHCP, Reply, length 548, xid 0x2bdda24d, Flags [none]
      Your-IP 192.168.0.111
      Client-Ethernet-Address 3c:97:0e:f0:b5:bb
      Vendor-rfc1048 Extensions
        Magic Cookie 0x63825363
        DHCP-Message Option 53, length 1: ACK
        Server-ID Option 54, length 4: 192.168.0.1
        Lease-Time Option 51, length 4: 86400
        Subnet-Mask Option 1, length 4: 255.255.255.0
        Default-Gateway Option 3, length 4: 192.168.0.1
        Domain-Name-Server Option 6, length 8: 192.168.0.1,192.168.0.1
        MTU Option 26, length 2: 1500
08:56:24.525846 00:0f:e2:6a:09:78 > 3c:97:0e:f0:b5:bb, ethertype IPv4 (0x0800), length 349: (tos 0xe0, ttl 255, id 12032, offset 0, flags [none], proto UDP (17), length 335)
    10.108.160.1.bootps > 10.108.162.164.bootpc: BOOTP/DHCP, Reply, length 307, hops 1, xid 0xb5d8ea1c, Flags [none]
      Your-IP 10.108.162.164
      Gateway-IP 10.108.160.1
      Client-Ethernet-Address 3c:97:0e:f0:b5:bb
      Vendor-rfc1048 Extensions
        Magic Cookie 0x63825363
        DHCP-Message Option 53, length 1: Offer
        Server-ID Option 54, length 4: 10.3.9.2
        Lease-Time Option 51, length 4: 6878
        Subnet-Mask Option 1, length 4: 255.255.252.0
        BR Option 28, length 4: 10.108.163.255
        Domain-Name Option 15, length 11: "bupt.edu.cn"
        Domain-Name-Server Option 6, length 12: 10.3.9.4,10.3.9.5,10.3.9.6
        NTP Option 42, length 4: 10.3.9.9
        Default-Gateway Option 3, length 4: 10.108.160.1

+++++++++++++++++++++++++++++++
[root@localhost core]# tcpdump -i enp13s0 -nev udp port 68 >> /tmp/rogue 2>&1 &
[root@localhost core]# cat /tmp/rogue
[root@localhost core]# tcpdump -i enp13s0 -nev udp port 68

tcpdump: WARNING: enp13s0: no IPv4 address assigned
tcpdump: listening on enp13s0, link-type EN10MB (Ethernet), capture size 65535 bytes
08:57:50.318066 74:27:ea:ac:07:52 > Broadcast, ethertype IPv4 (0x0800), length 342: (tos 0x0, ttl 64, id 9019, offset 0, flags [none], proto UDP (17), length 328)
    10.108.163.64.bootpc > 255.255.255.255.bootps: BOOTP/DHCP, Request from 74:27:ea:ac:07:52, length 300, xid 0x460dbace, Flags [none]
      Client-IP 10.108.163.64
      Client-Ethernet-Address 74:27:ea:ac:07:52
      Vendor-rfc1048 Extensions
        Magic Cookie 0x63825363
        DHCP-Message Option 53, length 1: Inform
        Client-ID Option 61, length 7: ether 74:27:ea:ac:07:52
        Hostname Option 12, length 12: "xiaoyifei-PC"
        Vendor-Class Option 60, length 8: "MSFT 5.0"
        Parameter-Request Option 55, length 13:
          Subnet-Mask, Domain-Name, Default-Gateway, Domain-Name-Server
          Netbios-Name-Server, Netbios-Node, Netbios-Scope, Router-Discovery
          Static-Route, Classless-Static-Route, Classless-Static-Route-Microsoft, Vendor-Option
          Option 252
08:57:50.733654 3c:97:0e:f0:b5:bb > Broadcast, ethertype IPv4 (0x0800), length 342: (tos 0x10, ttl 128, id 0, offset 0, flags [none], proto UDP (17), length 328)
    0.0.0.0.bootpc > 255.255.255.255.bootps: BOOTP/DHCP, Request from 3c:97:0e:f0:b5:bb, length 300, xid 0xbdc7c05e, Flags [none]
      Client-Ethernet-Address 3c:97:0e:f0:b5:bb
      Vendor-rfc1048 Extensions
        Magic Cookie 0x63825363
        DHCP-Message Option 53, length 1: Discover
        Requested-IP Option 50, length 4: 192.168.0.111
        Parameter-Request Option 55, length 13:
          Subnet-Mask, BR, Time-Zone, Classless-Static-Route
          Domain-Name, Domain-Name-Server, Hostname, YD
          YS, NTP, MTU, Option 119
          Default-Gateway
08:57:50.742946 c8:3a:35:11:70:00 > 3c:97:0e:f0:b5:bb, ethertype IPv4 (0x0800), length 590: (tos 0x0, ttl 64, id 0, offset 0, flags [none], proto UDP (17), length 576)
    192.168.0.1.bootps > 192.168.0.111.bootpc: BOOTP/DHCP, Reply, length 548, xid 0xbdc7c05e, Flags [none]
      Your-IP 192.168.0.111
      Client-Ethernet-Address 3c:97:0e:f0:b5:bb
      Vendor-rfc1048 Extensions
        Magic Cookie 0x63825363
        DHCP-Message Option 53, length 1: Offer
        Server-ID Option 54, length 4: 192.168.0.1
        Lease-Time Option 51, length 4: 86400
        Subnet-Mask Option 1, length 4: 255.255.255.0
        Default-Gateway Option 3, length 4: 192.168.0.1
        Domain-Name-Server Option 6, length 8: 192.168.0.1,192.168.0.1
        MTU Option 26, length 2: 1500
08:57:50.743076 3c:97:0e:f0:b5:bb > Broadcast, ethertype IPv4 (0x0800), length 342: (tos 0x10, ttl 128, id 0, offset 0, flags [none], proto UDP (17), length 328)
    0.0.0.0.bootpc > 255.255.255.255.bootps: BOOTP/DHCP, Request from 3c:97:0e:f0:b5:bb, length 300, xid 0xbdc7c05e, Flags [none]
      Client-Ethernet-Address 3c:97:0e:f0:b5:bb
      Vendor-rfc1048 Extensions
        Magic Cookie 0x63825363
        DHCP-Message Option 53, length 1: Request
        Server-ID Option 54, length 4: 192.168.0.1
        Requested-IP Option 50, length 4: 192.168.0.111
        Parameter-Request Option 55, length 13:
          Subnet-Mask, BR, Time-Zone, Classless-Static-Route
          Domain-Name, Domain-Name-Server, Hostname, YD
          YS, NTP, MTU, Option 119
          Default-Gateway
08:57:50.766898 c8:3a:35:11:70:00 > 3c:97:0e:f0:b5:bb, ethertype IPv4 (0x0800), length 590: (tos 0x0, ttl 64, id 0, offset 0, flags [none], proto UDP (17), length 576)
    192.168.0.1.bootps > 192.168.0.111.bootpc: BOOTP/DHCP, Reply, length 548, xid 0xbdc7c05e, Flags [none]
      Your-IP 192.168.0.111
      Client-Ethernet-Address 3c:97:0e:f0:b5:bb
      Vendor-rfc1048 Extensions
        Magic Cookie 0x63825363
        DHCP-Message Option 53, length 1: ACK
        Server-ID Option 54, length 4: 192.168.0.1
        Lease-Time Option 51, length 4: 86400
        Subnet-Mask Option 1, length 4: 255.255.255.0
        Default-Gateway Option 3, length 4: 192.168.0.1
        Domain-Name-Server Option 6, length 8: 192.168.0.1,192.168.0.1
        MTU Option 26, length 2: 1500
08:57:50.773417 00:0f:e2:6a:09:78 > Broadcast, ethertype IPv4 (0x0800), length 342: (tos 0xe0, ttl 255, id 14201, offset 0, flags [none], proto UDP (17), length 328)
    10.108.160.1.bootps > 255.255.255.255.bootpc: BOOTP/DHCP, Reply, length 300, hops 1, xid 0xbdc7c05e, Flags [Broadcast]
      Gateway-IP 10.108.160.1
      Client-Ethernet-Address 3c:97:0e:f0:b5:bb
      Vendor-rfc1048 Extensions
        Magic Cookie 0x63825363
        DHCP-Message Option 53, length 1: NACK
        Server-ID Option 54, length 4: 10.3.9.31
        MSG Option 56, length 31: "requested address not available"
08:57:50.774332 00:0f:e2:6a:09:78 > Broadcast, ethertype IPv4 (0x0800), length 342: (tos 0xe0, ttl 255, id 14202, offset 0, flags [none], proto UDP (17), length 328)
    10.108.160.1.bootps > 255.255.255.255.bootpc: BOOTP/DHCP, Reply, length 300, hops 1, xid 0xbdc7c05e, Flags [Broadcast]
      Gateway-IP 10.108.160.1
      Client-Ethernet-Address 3c:97:0e:f0:b5:bb
      Vendor-rfc1048 Extensions
        Magic Cookie 0x63825363
        DHCP-Message Option 53, length 1: NACK
        Server-ID Option 54, length 4: 10.3.9.2
        MSG Option 56, length 31: "requested address not available"
08:57:51.745699 00:0f:e2:6a:09:78 > 3c:97:0e:f0:b5:bb, ethertype IPv4 (0x0800), length 349: (tos 0xe0, ttl 255, id 14219, offset 0, flags [none], proto UDP (17), length 335)
    10.108.160.1.bootps > 10.108.162.164.bootpc: BOOTP/DHCP, Reply, length 307, hops 1, xid 0xbdc7c05e, Flags [none]
      Your-IP 10.108.162.164
      Gateway-IP 10.108.160.1
      Client-Ethernet-Address 3c:97:0e:f0:b5:bb
      Vendor-rfc1048 Extensions
        Magic Cookie 0x63825363
        DHCP-Message Option 53, length 1: Offer
        Server-ID Option 54, length 4: 10.3.9.2
        Lease-Time Option 51, length 4: 6791
        Subnet-Mask Option 1, length 4: 255.255.252.0
        BR Option 28, length 4: 10.108.163.255
        Domain-Name Option 15, length 11: "bupt.edu.cn"
        Domain-Name-Server Option 6, length 12: 10.3.9.4,10.3.9.5,10.3.9.6
        NTP Option 42, length 4: 10.3.9.9
        Default-Gateway Option 3, length 4: 10.108.160.1
08:57:58.891406 3c:97:0e:a6:bf:95 > Broadcast, ethertype IPv4 (0x0800), length 342: (tos 0x0, ttl 64, id 22516, offset 0, flags [none], proto UDP (17), length 328)
    10.108.162.31.bootpc > 255.255.255.255.bootps: BOOTP/DHCP, Request from 3c:97:0e:a6:bf:95, length 300, xid 0x34f84154, Flags [none]
      Client-IP 10.108.162.31
      Client-Ethernet-Address 3c:97:0e:a6:bf:95
      Vendor-rfc1048 Extensions
        Magic Cookie 0x63825363
        DHCP-Message Option 53, length 1: Inform
        Client-ID Option 61, length 7: ether 3c:97:0e:a6:bf:95
        Hostname Option 12, length 3: "ytx"
        Vendor-Class Option 60, length 8: "MSFT 5.0"
        Parameter-Request Option 55, length 13:
          Subnet-Mask, Domain-Name, Default-Gateway, Domain-Name-Server
          Netbios-Name-Server, Netbios-Node, Netbios-Scope, Router-Discovery
          Static-Route, Classless-Static-Route, Classless-Static-Route-Microsoft, Vendor-Option
          Option 252

++++++++++++++++++++正常

[root@localhost core]# cat /tmp/rogue
tcpdump: listening on enp13s0, link-type EN10MB (Ethernet), capture size 65535 bytes
09:03:31.867877 3c:97:0e:f0:b5:bb > 00:0f:e2:6a:09:78, ethertype IPv4 (0x0800), length 342: (tos 0x0, ttl 64, id 32929, offset 0, flags [DF], proto UDP (17), length 328)
    10.108.162.164.bootpc > 192.168.0.1.bootps: BOOTP/DHCP, Request from 3c:97:0e:f0:b5:bb, length 300, xid 0x4d825b75, Flags [none]
      Client-IP 192.168.0.111
      Client-Ethernet-Address 3c:97:0e:f0:b5:bb
      Vendor-rfc1048 Extensions
        Magic Cookie 0x63825363
        DHCP-Message Option 53, length 1: Release
        Server-ID Option 54, length 4: 192.168.0.1
09:03:35.721679 3c:97:0e:f0:b5:bb > Broadcast, ethertype IPv4 (0x0800), length 342: (tos 0x10, ttl 128, id 0, offset 0, flags [none], proto UDP (17), length 328)
    0.0.0.0.bootpc > 255.255.255.255.bootps: BOOTP/DHCP, Request from 3c:97:0e:f0:b5:bb, length 300, xid 0xf7a09f4e, Flags [none]
      Client-Ethernet-Address 3c:97:0e:f0:b5:bb
      Vendor-rfc1048 Extensions
        Magic Cookie 0x63825363
        DHCP-Message Option 53, length 1: Discover
        Requested-IP Option 50, length 4: 192.168.0.111
        Parameter-Request Option 55, length 13:
          Subnet-Mask, BR, Time-Zone, Classless-Static-Route
          Domain-Name, Domain-Name-Server, Hostname, YD
          YS, NTP, MTU, Option 119
          Default-Gateway
09:03:36.730560 00:0f:e2:6a:09:78 > 3c:97:0e:f0:b5:bb, ethertype IPv4 (0x0800), length 349: (tos 0xe0, ttl 255, id 23033, offset 0, flags [none], proto UDP (17), length 335)
    10.108.160.1.bootps > 10.108.162.164.bootpc: BOOTP/DHCP, Reply, length 307, hops 1, xid 0xf7a09f4e, Flags [none]
      Your-IP 10.108.162.164
      Gateway-IP 10.108.160.1
      Client-Ethernet-Address 3c:97:0e:f0:b5:bb
      Vendor-rfc1048 Extensions
        Magic Cookie 0x63825363
        DHCP-Message Option 53, length 1: Offer
        Server-ID Option 54, length 4: 10.3.9.2
        Lease-Time Option 51, length 4: 6446
        Subnet-Mask Option 1, length 4: 255.255.252.0
        BR Option 28, length 4: 10.108.163.255
        Domain-Name Option 15, length 11: "bupt.edu.cn"
        Domain-Name-Server Option 6, length 12: 10.3.9.4,10.3.9.5,10.3.9.6
        NTP Option 42, length 4: 10.3.9.9
        Default-Gateway Option 3, length 4: 10.108.160.1
09:03:36.730688 3c:97:0e:f0:b5:bb > Broadcast, ethertype IPv4 (0x0800), length 342: (tos 0x10, ttl 128, id 0, offset 0, flags [none], proto UDP (17), length 328)
    0.0.0.0.bootpc > 255.255.255.255.bootps: BOOTP/DHCP, Request from 3c:97:0e:f0:b5:bb, length 300, xid 0xf7a09f4e, Flags [none]
      Client-Ethernet-Address 3c:97:0e:f0:b5:bb
      Vendor-rfc1048 Extensions
        Magic Cookie 0x63825363
        DHCP-Message Option 53, length 1: Request
        Server-ID Option 54, length 4: 10.3.9.2
        Requested-IP Option 50, length 4: 10.108.162.164
        Parameter-Request Option 55, length 13:
          Subnet-Mask, BR, Time-Zone, Classless-Static-Route
          Domain-Name, Domain-Name-Server, Hostname, YD
          YS, NTP, MTU, Option 119
          Default-Gateway
09:03:36.741608 00:0f:e2:6a:09:78 > 3c:97:0e:f0:b5:bb, ethertype IPv4 (0x0800), length 349: (tos 0xe0, ttl 255, id 23037, offset 0, flags [none], proto UDP (17), length 335)
    10.108.160.1.bootps > 10.108.162.164.bootpc: BOOTP/DHCP, Reply, length 307, hops 1, xid 0xf7a09f4e, Flags [none]
      Your-IP 10.108.162.164
      Gateway-IP 10.108.160.1
      Client-Ethernet-Address 3c:97:0e:f0:b5:bb
      Vendor-rfc1048 Extensions
        Magic Cookie 0x63825363
        DHCP-Message Option 53, length 1: ACK
        Server-ID Option 54, length 4: 10.3.9.2
        Lease-Time Option 51, length 4: 6445
        Subnet-Mask Option 1, length 4: 255.255.252.0
        BR Option 28, length 4: 10.108.163.255
        Domain-Name Option 15, length 11: "bupt.edu.cn"
        Domain-Name-Server Option 6, length 12: 10.3.9.4,10.3.9.5,10.3.9.6
        NTP Option 42, length 4: 10.3.9.9
        Default-Gateway Option 3, length 4: 10.108.160.1
09:03:36.742581 00:0f:e2:6a:09:78 > 3c:97:0e:f0:b5:bb, ethertype IPv4 (0x0800), length 349: (tos 0xe0, ttl 255, id 23038, offset 0, flags [none], proto UDP (17), length 335)
    10.108.160.1.bootps > 10.108.162.164.bootpc: BOOTP/DHCP, Reply, length 307, hops 1, xid 0xf7a09f4e, Flags [none]
      Your-IP 10.108.162.164
      Gatew[root@localhost core]#
posted @ 2016-04-03 08:09  张同光  阅读(130)  评论(0编辑  收藏  举报