====== Analyse du protocole ======
===== Premier démarrage de la station =====
==== Résumé de la capture ====
No. Time Source Destination Protocol Info
1 66.901361 0.0.0.0 255.255.255.255 DHCP DHCP Discover - Transaction ID 0xc0b5592f
2 66.901867 192.168.0.252 192.168.0.67 ICMP Echo (ping) request
3 67.902846 192.168.0.252 192.168.0.67 DHCP DHCP Offer - Transaction ID 0xc0b5592f
4 67.904780 0.0.0.0 255.255.255.255 DHCP DHCP Request - Transaction ID 0xc0b5592f
5 67.930502 192.168.0.252 192.168.0.67 DHCP DHCP ACK - Transaction ID 0xc0b5592f
- Le client effectue une découverte de serveur DHCP. Il n'a pas encore d'adresse IP et adopte donc l'adresse factice 0.0.0.0. En réalité c'est bien sûr au niveau Ethernet que les adresses seront significatives, l'analyse approfondie le montrera.
- Le serveur (192.168.0.252) effectue un ping sur l'adresse 192.168.0.67, parce qu'il a l'intention d'attribuer cette adresse au client. S'il recevait une réponse au ping, cela voudrait dirue que cette adresse est déjà en service sur le réseau, à cause d'une anomalie quelconque. Il n'y a pas de réponse au ping, ce qui est à priori normal sur un réseau normalement géré.
- Le serveur offre une proposition au client.
- Le client fait une contre-proposition. L'analyse détaillée va montrer qu'en principe, elle est identique à la proposition du serveur.
- Le serveur accepte la contre-proposition. Le bail est donc validé par les deux protagonistes.
==== Analyse détaillée ====
=== Discover ===
Frame 1 (342 bytes on wire, 342 bytes captured)
Arrival Time: May 8, 2009 10:13:07.933412000
[Time delta from previous captured frame: 66.901361000 seconds]
[Time delta from previous displayed frame: 66.901361000 seconds]
[Time since reference or first frame: 66.901361000 seconds]
Frame Number: 2
Frame Length: 342 bytes
Capture Length: 342 bytes
[Frame is marked: False]
[Protocols in frame: eth:ip:udp:bootp]
[Coloring Rule Name: UDP]
[Coloring Rule String: udp]
Ethernet II, Src: QuantaCo_51:5d:5a (00:16:36:51:5d:5a), Dst: Broadcast (ff:ff:ff:ff:ff:ff)
En voilà un joli broadcast ethernet...
Destination: Broadcast (ff:ff:ff:ff:ff:ff)
Address: Broadcast (ff:ff:ff:ff:ff:ff)
.... ...1 .... .... .... .... = IG bit: Group address (multicast/broadcast)
.... ..1. .... .... .... .... = LG bit: Locally administered address (this is NOT the factory default)
Source: QuantaCo_51:5d:5a (00:16:36:51:5d:5a)
Address: QuantaCo_51:5d:5a (00:16:36:51:5d:5a)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Type: IP (0x0800)
Internet Protocol, Src: 0.0.0.0 (0.0.0.0), Dst: 255.255.255.255 (255.255.255.255)
Broadcast qui se retrouve sur la couche IP
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x10 (DSCP 0x04: Unknown DSCP; ECN: 0x00)
0001 00.. = Differentiated Services Codepoint: Unknown (0x04)
.... ..0. = ECN-Capable Transport (ECT): 0
.... ...0 = ECN-CE: 0
Total Length: 328
Identification: 0x0000 (0)
Flags: 0x00
0... = Reserved bit: Not set
.0.. = Don't fragment: Not set
..0. = More fragments: Not set
Fragment offset: 0
Time to live: 128
Protocol: UDP (0x11)
Header checksum: 0x3996 [correct]
[Good: True]
[Bad : False]
Source: 0.0.0.0 (0.0.0.0)
Destination: 255.255.255.255 (255.255.255.255)
User Datagram Protocol, Src Port: bootpc (68), Dst Port: bootps (67)
Source port: bootpc (68)
Destination port: bootps (67)
Length: 308
Checksum: 0x746b [correct]
[Good Checksum: True]
[Bad Checksum: False]
Bootstrap Protocol
Message type: Boot Request (1)
Hardware type: Ethernet
Hardware address length: 6
Hops: 0
Transaction ID: 0xc0b5592f
Seconds elapsed: 0
Bootp flags: 0x0000 (Unicast)
0... .... .... .... = Broadcast flag: Unicast
.000 0000 0000 0000 = Reserved flags: 0x0000
Client IP address: 0.0.0.0 (0.0.0.0)
Your (client) IP address: 0.0.0.0 (0.0.0.0)
Next server IP address: 0.0.0.0 (0.0.0.0)
Relay agent IP address: 0.0.0.0 (0.0.0.0)
Client MAC address: QuantaCo_51:5d:5a (00:16:36:51:5d:5a)
Server host name not given
Boot file name not given
Magic cookie: (OK)
Option: (t=53,l=1) DHCP Message Type = DHCP Discover
Option: (53) DHCP Message Type
Length: 1
Value: 01
Option: (t=55,l=12) Parameter Request List
Option: (55) Parameter Request List
Length: 12
Value: 011C02030F06770C2C2F1A79
1 = Subnet Mask
28 = Broadcast Address
2 = Time Offset
3 = Router
15 = Domain Name
6 = Domain Name Server
119 = Domain Search
12 = Host Name
44 = NetBIOS over TCP/IP Name Server
47 = NetBIOS over TCP/IP Scope
26 = Interface MTU
121 = Classless Static Route
End Option
Padding
Nous avons dans cette requête la liste des paramètres que le client souhaite recevoir, en plus bien entendu de son adresse IP.
Cette capture est également l'occasion de constater que DHCP utilise UDP, sur le port 67 pour le client et le port 68 pour le serveur.
=== Ping ===
Frame 2 (62 bytes on wire, 62 bytes captured)
Arrival Time: May 8, 2009 10:13:07.933918000
[Time delta from previous captured frame: 0.000506000 seconds]
[Time delta from previous displayed frame: 0.000506000 seconds]
[Time since reference or first frame: 66.901867000 seconds]
Frame Number: 3
Frame Length: 62 bytes
Capture Length: 62 bytes
[Frame is marked: False]
[Protocols in frame: eth:ip:icmp:data]
[Coloring Rule Name: ICMP]
[Coloring Rule String: icmp]
Ethernet II, Src: D-Link_48:2b:84 (00:05:5d:48:2b:84), Dst: QuantaCo_51:5d:5a (00:16:36:51:5d:5a)
Destination: QuantaCo_51:5d:5a (00:16:36:51:5d:5a)
Address: QuantaCo_51:5d:5a (00:16:36:51:5d:5a)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Source: D-Link_48:2b:84 (00:05:5d:48:2b:84)
Address: D-Link_48:2b:84 (00:05:5d:48:2b:84)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Type: IP (0x0800)
Internet Protocol, Src: 192.168.0.252 (192.168.0.252), Dst: 192.168.0.67 (192.168.0.67)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..0. = ECN-Capable Transport (ECT): 0
.... ...0 = ECN-CE: 0
Total Length: 48
Identification: 0x0000 (0)
Flags: 0x04 (Don't Fragment)
0... = Reserved bit: Not set
.1.. = Don't fragment: Set
..0. = More fragments: Not set
Fragment offset: 0
Time to live: 64
Protocol: ICMP (0x01)
Header checksum: 0xb83d [correct]
[Good: True]
[Bad : False]
Source: 192.168.0.252 (192.168.0.252)
Destination: 192.168.0.67 (192.168.0.67)
Internet Control Message Protocol
Type: 8 (Echo (ping) request)
Code: 0 ()
Checksum: 0xd3c8 [correct]
Identifier: 0x2437
Sequence number: 0 (0x0000)
Data (20 bytes)
0000 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
0010 00 00 00 00 ....
Data: 0000000000000000000000000000000000000000
Rien de bien particulier, un ping ICMP classique que le serveur fait sur l'adresse qu'il compte fournir à son client.
=== Offer ===
Frame 3 (342 bytes on wire, 342 bytes captured)
Arrival Time: May 8, 2009 10:13:08.934897000
[Time delta from previous captured frame: 1.000979000 seconds]
[Time delta from previous displayed frame: 1.000979000 seconds]
[Time since reference or first frame: 67.902846000 seconds]
Frame Number: 4
Frame Length: 342 bytes
Capture Length: 342 bytes
[Frame is marked: False]
[Protocols in frame: eth:ip:udp:bootp]
[Coloring Rule Name: UDP]
[Coloring Rule String: udp]
Ethernet II, Src: D-Link_48:2b:84 (00:05:5d:48:2b:84), Dst: QuantaCo_51:5d:5a (00:16:36:51:5d:5a)
Ici, ce n'est plus du broadcast
Destination: QuantaCo_51:5d:5a (00:16:36:51:5d:5a)
Address: QuantaCo_51:5d:5a (00:16:36:51:5d:5a)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Source: D-Link_48:2b:84 (00:05:5d:48:2b:84)
Address: D-Link_48:2b:84 (00:05:5d:48:2b:84)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Type: IP (0x0800)
Internet Protocol, Src: 192.168.0.252 (192.168.0.252), Dst: 192.168.0.67 (192.168.0.67)
Le serveur répond au client sur sa potentielle future adresse IP.
Notez bien que le client ne la connait pas encore...
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x10 (DSCP 0x04: Unknown DSCP; ECN: 0x00)
0001 00.. = Differentiated Services Codepoint: Unknown (0x04)
.... ..0. = ECN-Capable Transport (ECT): 0
.... ...0 = ECN-CE: 0
Total Length: 328
Identification: 0x0000 (0)
Flags: 0x00
0... = Reserved bit: Not set
.0.. = Don't fragment: Not set
..0. = More fragments: Not set
Fragment offset: 0
Time to live: 128
Protocol: UDP (0x11)
Header checksum: 0xb705 [correct]
[Good: True]
[Bad : False]
Source: 192.168.0.252 (192.168.0.252)
Destination: 192.168.0.67 (192.168.0.67)
User Datagram Protocol, Src Port: bootps (67), Dst Port: bootpc (68)
Source port: bootps (67)
Destination port: bootpc (68)
Length: 308
Checksum: 0x2a4d [correct]
[Good Checksum: True]
[Bad Checksum: False]
Bootstrap Protocol
Message type: Boot Reply (2)
Hardware type: Ethernet
Hardware address length: 6
Hops: 0
Transaction ID: 0xc0b5592f
Seconds elapsed: 0
Bootp flags: 0x0000 (Unicast)
0... .... .... .... = Broadcast flag: Unicast
.000 0000 0000 0000 = Reserved flags: 0x0000
Client IP address: 0.0.0.0 (0.0.0.0)
Your (client) IP address: 192.168.0.67 (192.168.0.67)
Next server IP address: 0.0.0.0 (0.0.0.0)
Relay agent IP address: 0.0.0.0 (0.0.0.0)
Client MAC address: QuantaCo_51:5d:5a (00:16:36:51:5d:5a)
Server host name not given
Boot file name not given
Magic cookie: (OK)
Option: (t=53,l=1) DHCP Message Type = DHCP Offer
Option: (53) DHCP Message Type
Length: 1
Value: 02
Option: (t=54,l=4) Server Identifier = 192.168.0.252
Option: (54) Server Identifier
Length: 4
Value: C0A800FC
Option: (t=51,l=4) IP Address Lease Time = 1 hour
Option: (51) IP Address Lease Time
Length: 4
Value: 00000E10
Option: (t=1,l=4) Subnet Mask = 255.255.255.0
Option: (1) Subnet Mask
Length: 4
Value: FFFFFF00
Option: (t=3,l=4) Router = 192.168.0.252
Option: (3) Router
Length: 4
Value: C0A800FC
Option: (t=15,l=10) Domain Name = "maison.mrs"
Option: (15) Domain Name
Length: 10
Value: 6D6169736F6E2E6D7273
Option: (t=6,l=4) Domain Name Server = 192.168.0.252
Option: (6) Domain Name Server
Length: 4
Value: C0A800FC
Option: (t=44,l=4) NetBIOS over TCP/IP Name Server = 192.168.0.252
Option: (44) NetBIOS over TCP/IP Name Server
Length: 4
Value: C0A800FC
End Option
Padding
Le serveur propose donc à notre client une configuration complète, avec tous les paramètres demandés que le serveur est en état de fournir.
=== Request ===
Frame 4 (342 bytes on wire, 342 bytes captured)
Arrival Time: May 8, 2009 10:13:08.936831000
[Time delta from previous captured frame: 0.001934000 seconds]
[Time delta from previous displayed frame: 0.001934000 seconds]
[Time since reference or first frame: 67.904780000 seconds]
Frame Number: 5
Frame Length: 342 bytes
Capture Length: 342 bytes
[Frame is marked: False]
[Protocols in frame: eth:ip:udp:bootp]
[Coloring Rule Name: UDP]
[Coloring Rule String: udp]
Ethernet II, Src: QuantaCo_51:5d:5a (00:16:36:51:5d:5a), Dst: Broadcast (ff:ff:ff:ff:ff:ff)
Destination: Broadcast (ff:ff:ff:ff:ff:ff)
Address: Broadcast (ff:ff:ff:ff:ff:ff)
.... ...1 .... .... .... .... = IG bit: Group address (multicast/broadcast)
.... ..1. .... .... .... .... = LG bit: Locally administered address (this is NOT the factory default)
Source: QuantaCo_51:5d:5a (00:16:36:51:5d:5a)
Address: QuantaCo_51:5d:5a (00:16:36:51:5d:5a)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Type: IP (0x0800)
Internet Protocol, Src: 0.0.0.0 (0.0.0.0), Dst: 255.255.255.255 (255.255.255.255)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x10 (DSCP 0x04: Unknown DSCP; ECN: 0x00)
0001 00.. = Differentiated Services Codepoint: Unknown (0x04)
.... ..0. = ECN-Capable Transport (ECT): 0
.... ...0 = ECN-CE: 0
Total Length: 328
Identification: 0x0000 (0)
Flags: 0x00
0... = Reserved bit: Not set
.0.. = Don't fragment: Not set
..0. = More fragments: Not set
Fragment offset: 0
Time to live: 128
Protocol: UDP (0x11)
Header checksum: 0x3996 [correct]
[Good: True]
[Bad : False]
Source: 0.0.0.0 (0.0.0.0)
Destination: 255.255.255.255 (255.255.255.255)
User Datagram Protocol, Src Port: bootpc (68), Dst Port: bootps (67)
Source port: bootpc (68)
Destination port: bootps (67)
Length: 308
Checksum: 0xd980 [correct]
[Good Checksum: True]
[Bad Checksum: False]
Bootstrap Protocol
Message type: Boot Request (1)
Hardware type: Ethernet
Hardware address length: 6
Hops: 0
Transaction ID: 0xc0b5592f
Seconds elapsed: 0
Bootp flags: 0x0000 (Unicast)
0... .... .... .... = Broadcast flag: Unicast
.000 0000 0000 0000 = Reserved flags: 0x0000
Client IP address: 0.0.0.0 (0.0.0.0)
Your (client) IP address: 0.0.0.0 (0.0.0.0)
Next server IP address: 0.0.0.0 (0.0.0.0)
Relay agent IP address: 0.0.0.0 (0.0.0.0)
Client MAC address: QuantaCo_51:5d:5a (00:16:36:51:5d:5a)
Server host name not given
Boot file name not given
Magic cookie: (OK)
Option: (t=53,l=1) DHCP Message Type = DHCP Request
Option: (53) DHCP Message Type
Length: 1
Value: 03
Option: (t=54,l=4) Server Identifier = 192.168.0.252
Option: (54) Server Identifier
Length: 4
Value: C0A800FC
Option: (t=50,l=4) Requested IP Address = 192.168.0.67
Option: (50) Requested IP Address
Length: 4
Value: C0A80043
Option: (t=55,l=12) Parameter Request List
Option: (55) Parameter Request List
Length: 12
Value: 011C02030F06770C2C2F1A79
1 = Subnet Mask
28 = Broadcast Address
2 = Time Offset
3 = Router
15 = Domain Name
6 = Domain Name Server
119 = Domain Search
12 = Host Name
44 = NetBIOS over TCP/IP Name Server
47 = NetBIOS over TCP/IP Scope
26 = Interface MTU
121 = Classless Static Route
End Option
Padding
Notre client effectue sa requête, toujours en broadcast. Il indique cependant :
* l'adresse IP du serveur DHCP auprès duquel il fait la demande, évitant ainsi, s'il y a d'autres serveurs, qu'ils poursuivent le dialogue ;
* l'adresse IP qu'il accepte.
Il n'a pas d'autres exigences.
=== ACK ===
Frame 5 (342 bytes on wire, 342 bytes captured)
Arrival Time: May 8, 2009 10:13:08.962553000
[Time delta from previous captured frame: 0.025722000 seconds]
[Time delta from previous displayed frame: 0.025722000 seconds]
[Time since reference or first frame: 67.930502000 seconds]
Frame Number: 6
Frame Length: 342 bytes
Capture Length: 342 bytes
[Frame is marked: False]
[Protocols in frame: eth:ip:udp:bootp]
[Coloring Rule Name: UDP]
[Coloring Rule String: udp]
Ethernet II, Src: D-Link_48:2b:84 (00:05:5d:48:2b:84), Dst: QuantaCo_51:5d:5a (00:16:36:51:5d:5a)
Destination: QuantaCo_51:5d:5a (00:16:36:51:5d:5a)
Address: QuantaCo_51:5d:5a (00:16:36:51:5d:5a)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Source: D-Link_48:2b:84 (00:05:5d:48:2b:84)
Address: D-Link_48:2b:84 (00:05:5d:48:2b:84)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Type: IP (0x0800)
Internet Protocol, Src: 192.168.0.252 (192.168.0.252), Dst: 192.168.0.67 (192.168.0.67)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x10 (DSCP 0x04: Unknown DSCP; ECN: 0x00)
0001 00.. = Differentiated Services Codepoint: Unknown (0x04)
.... ..0. = ECN-Capable Transport (ECT): 0
.... ...0 = ECN-CE: 0
Total Length: 328
Identification: 0x0000 (0)
Flags: 0x00
0... = Reserved bit: Not set
.0.. = Don't fragment: Not set
..0. = More fragments: Not set
Fragment offset: 0
Time to live: 128
Protocol: UDP (0x11)
Header checksum: 0xb705 [correct]
[Good: True]
[Bad : False]
Source: 192.168.0.252 (192.168.0.252)
Destination: 192.168.0.67 (192.168.0.67)
User Datagram Protocol, Src Port: bootps (67), Dst Port: bootpc (68)
Source port: bootps (67)
Destination port: bootpc (68)
Length: 308
Checksum: 0x274d [correct]
[Good Checksum: True]
[Bad Checksum: False]
Bootstrap Protocol
Message type: Boot Reply (2)
Hardware type: Ethernet
Hardware address length: 6
Hops: 0
Transaction ID: 0xc0b5592f
Seconds elapsed: 0
Bootp flags: 0x0000 (Unicast)
0... .... .... .... = Broadcast flag: Unicast
.000 0000 0000 0000 = Reserved flags: 0x0000
Client IP address: 0.0.0.0 (0.0.0.0)
Your (client) IP address: 192.168.0.67 (192.168.0.67)
Next server IP address: 0.0.0.0 (0.0.0.0)
Relay agent IP address: 0.0.0.0 (0.0.0.0)
Client MAC address: QuantaCo_51:5d:5a (00:16:36:51:5d:5a)
Server host name not given
Boot file name not given
Magic cookie: (OK)
Option: (t=53,l=1) DHCP Message Type = DHCP ACK
Option: (53) DHCP Message Type
Length: 1
Value: 05
Option: (t=54,l=4) Server Identifier = 192.168.0.252
Option: (54) Server Identifier
Length: 4
Value: C0A800FC
Option: (t=51,l=4) IP Address Lease Time = 1 hour
Option: (51) IP Address Lease Time
Length: 4
Value: 00000E10
Option: (t=1,l=4) Subnet Mask = 255.255.255.0
Option: (1) Subnet Mask
Length: 4
Value: FFFFFF00
Option: (t=3,l=4) Router = 192.168.0.252
Option: (3) Router
Length: 4
Value: C0A800FC
Option: (t=15,l=10) Domain Name = "maison.mrs"
Option: (15) Domain Name
Length: 10
Value: 6D6169736F6E2E6D7273
Option: (t=6,l=4) Domain Name Server = 192.168.0.252
Option: (6) Domain Name Server
Length: 4
Value: C0A800FC
Option: (t=44,l=4) NetBIOS over TCP/IP Name Server = 192.168.0.252
Option: (44) NetBIOS over TCP/IP Name Server
Length: 4
Value: C0A800FC
End Option
Padding
Le serveur donne donc son accord pour le bail avec ses paramètres définitifs. Il n'y a plus ici de broadcast, le serveur s'adresse en unicast à son client.
===== Renouvèlement =====
Lorsque nous sommes arrivé à l'heure ''renew'', notre client va contacter le serveur DHCP :
No. Time Source Destination Protocol Info
1 0.000000 192.168.0.67 192.168.0.252 DHCP DHCP Request - Transaction ID 0xc0b5592f
Frame 1 (342 bytes on wire, 342 bytes captured)
Arrival Time: May 8, 2009 10:38:01.936555000
[Time delta from previous captured frame: 0.000000000 seconds]
[Time delta from previous displayed frame: 0.000000000 seconds]
[Time since reference or first frame: 0.000000000 seconds]
Frame Number: 1
Frame Length: 342 bytes
Capture Length: 342 bytes
[Frame is marked: False]
[Protocols in frame: eth:ip:udp:bootp]
[Coloring Rule Name: UDP]
[Coloring Rule String: udp]
Ethernet II, Src: QuantaCo_51:5d:5a (00:16:36:51:5d:5a), Dst: D-Link_48:2b:84 (00:05:5d:48:2b:84)
Destination: D-Link_48:2b:84 (00:05:5d:48:2b:84)
Address: D-Link_48:2b:84 (00:05:5d:48:2b:84)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Source: QuantaCo_51:5d:5a (00:16:36:51:5d:5a)
Address: QuantaCo_51:5d:5a (00:16:36:51:5d:5a)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Type: IP (0x0800)
Internet Protocol, Src: 192.168.0.67 (192.168.0.67), Dst: 192.168.0.252 (192.168.0.252)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..0. = ECN-Capable Transport (ECT): 0
.... ...0 = ECN-CE: 0
Total Length: 328
Identification: 0x0000 (0)
Flags: 0x04 (Don't Fragment)
0... = Reserved bit: Not set
.1.. = Don't fragment: Set
..0. = More fragments: Not set
Fragment offset: 0
Time to live: 64
Protocol: UDP (0x11)
Header checksum: 0xb715 [correct]
[Good: True]
[Bad : False]
Source: 192.168.0.67 (192.168.0.67)
Destination: 192.168.0.252 (192.168.0.252)
User Datagram Protocol, Src Port: bootpc (68), Dst Port: bootps (67)
Source port: bootpc (68)
Destination port: bootps (67)
Length: 308
Checksum: 0x2eef [correct]
[Good Checksum: True]
[Bad Checksum: False]
Bootstrap Protocol
Message type: Boot Request (1)
Hardware type: Ethernet
Hardware address length: 6
Hops: 0
Transaction ID: 0xc0b5592f
Seconds elapsed: 0
Bootp flags: 0x0000 (Unicast)
0... .... .... .... = Broadcast flag: Unicast
.000 0000 0000 0000 = Reserved flags: 0x0000
Client IP address: 192.168.0.67 (192.168.0.67)
Your (client) IP address: 0.0.0.0 (0.0.0.0)
Next server IP address: 0.0.0.0 (0.0.0.0)
Relay agent IP address: 0.0.0.0 (0.0.0.0)
Client MAC address: QuantaCo_51:5d:5a (00:16:36:51:5d:5a)
Server host name not given
Boot file name not given
Magic cookie: (OK)
Option: (t=53,l=1) DHCP Message Type = DHCP Request
Option: (53) DHCP Message Type
Length: 1
Value: 03
Option: (t=55,l=12) Parameter Request List
Option: (55) Parameter Request List
Length: 12
Value: 011C02030F06770C2C2F1A79
1 = Subnet Mask
28 = Broadcast Address
2 = Time Offset
3 = Router
15 = Domain Name
6 = Domain Name Server
119 = Domain Search
12 = Host Name
44 = NetBIOS over TCP/IP Name Server
47 = NetBIOS over TCP/IP Scope
26 = Interface MTU
121 = Classless Static Route
End Option
Padding
Et le serveur répond :
No. Time Source Destination Protocol Info
2 0.027503 192.168.0.252 192.168.0.67 DHCP DHCP ACK - Transaction ID 0xc0b5592f
Frame 2 (342 bytes on wire, 342 bytes captured)
Arrival Time: May 8, 2009 10:38:01.964058000
[Time delta from previous captured frame: 0.027503000 seconds]
[Time delta from previous displayed frame: 0.027503000 seconds]
[Time since reference or first frame: 0.027503000 seconds]
Frame Number: 2
Frame Length: 342 bytes
Capture Length: 342 bytes
[Frame is marked: False]
[Protocols in frame: eth:ip:udp:bootp]
[Coloring Rule Name: UDP]
[Coloring Rule String: udp]
Ethernet II, Src: D-Link_48:2b:84 (00:05:5d:48:2b:84), Dst: QuantaCo_51:5d:5a (00:16:36:51:5d:5a)
Destination: QuantaCo_51:5d:5a (00:16:36:51:5d:5a)
Address: QuantaCo_51:5d:5a (00:16:36:51:5d:5a)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Source: D-Link_48:2b:84 (00:05:5d:48:2b:84)
Address: D-Link_48:2b:84 (00:05:5d:48:2b:84)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Type: IP (0x0800)
Internet Protocol, Src: 192.168.0.252 (192.168.0.252), Dst: 192.168.0.67 (192.168.0.67)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..0. = ECN-Capable Transport (ECT): 0
.... ...0 = ECN-CE: 0
Total Length: 328
Identification: 0x0000 (0)
Flags: 0x04 (Don't Fragment)
0... = Reserved bit: Not set
.1.. = Don't fragment: Set
..0. = More fragments: Not set
Fragment offset: 0
Time to live: 64
Protocol: UDP (0x11)
Header checksum: 0xb715 [correct]
[Good: True]
[Bad : False]
Source: 192.168.0.252 (192.168.0.252)
Destination: 192.168.0.67 (192.168.0.67)
User Datagram Protocol, Src Port: bootps (67), Dst Port: bootpc (68)
Source port: bootps (67)
Destination port: bootpc (68)
Length: 308
Checksum: 0x6661 [correct]
[Good Checksum: True]
[Bad Checksum: False]
Bootstrap Protocol
Message type: Boot Reply (2)
Hardware type: Ethernet
Hardware address length: 6
Hops: 0
Transaction ID: 0xc0b5592f
Seconds elapsed: 0
Bootp flags: 0x0000 (Unicast)
0... .... .... .... = Broadcast flag: Unicast
.000 0000 0000 0000 = Reserved flags: 0x0000
Client IP address: 192.168.0.67 (192.168.0.67)
Your (client) IP address: 192.168.0.67 (192.168.0.67)
Next server IP address: 0.0.0.0 (0.0.0.0)
Relay agent IP address: 0.0.0.0 (0.0.0.0)
Client MAC address: QuantaCo_51:5d:5a (00:16:36:51:5d:5a)
Server host name not given
Boot file name not given
Magic cookie: (OK)
Option: (t=53,l=1) DHCP Message Type = DHCP ACK
Option: (53) DHCP Message Type
Length: 1
Value: 05
Option: (t=54,l=4) Server Identifier = 192.168.0.252
Option: (54) Server Identifier
Length: 4
Value: C0A800FC
Option: (t=51,l=4) IP Address Lease Time = 1 hour
Option: (51) IP Address Lease Time
Length: 4
Value: 00000E10
Option: (t=1,l=4) Subnet Mask = 255.255.255.0
Option: (1) Subnet Mask
Length: 4
Value: FFFFFF00
Option: (t=3,l=4) Router = 192.168.0.252
Option: (3) Router
Length: 4
Value: C0A800FC
Option: (t=15,l=10) Domain Name = "maison.mrs"
Option: (15) Domain Name
Length: 10
Value: 6D6169736F6E2E6D7273
Option: (t=6,l=4) Domain Name Server = 192.168.0.252
Option: (6) Domain Name Server
Length: 4
Value: C0A800FC
Option: (t=44,l=4) NetBIOS over TCP/IP Name Server = 192.168.0.252
Option: (44) NetBIOS over TCP/IP Name Server
Length: 4
Value: C0A800FC
End Option
Padding
Notez que dans le dialogue, le client annonce cette fois-ci son adresse IP et que le serveur la lui confirme. Toutes les autres options peuvent changer d'un bail à l'autre, ce qui permet, lorsque l'administrateur a planifié par exemple un changement d'adresse de passerelle ou de DNS, de s'arranger pour que la modification se passe en douceur dans un laps de temps que l'on peut estimer.
Ce renouvèlement se fait entièrement en mode unicast.
===== Le grain de sable =====
Tout ceci est parfait, mais imaginons que notre serveur DHCP tombe en panne. Que va-t-il se produire ? Faisons la manip. Nous jouons un sale tour à notre client en posant sur le serveur DHCP la règle IPtables :
iptables -A OUTPUT -d 192.168.0.67 -j DROP
Alors...
==== Renew ====
A l'heure dite, le client va lancer un ''renew'', mais le serveur ne répond pas...
Le client insiste :
No. Time Source Destination Protocol Info
1 0.000000 192.168.0.67 192.168.0.252 DHCP DHCP Request - Transaction ID 0xc0b5592f
2 4.995823 192.168.0.67 192.168.0.252 DHCP DHCP Request - Transaction ID 0xc0b5592f
3 14.995826 192.168.0.67 192.168.0.252 DHCP DHCP Request - Transaction ID 0xc0b5592f
4 29.995825 192.168.0.67 192.168.0.252 DHCP DHCP Request - Transaction ID 0xc0b5592f
5 44.995826 192.168.0.67 192.168.0.252 DHCP DHCP Request - Transaction ID 0xc0b5592f
6 51.995826 192.168.0.67 192.168.0.252 DHCP DHCP Request - Transaction ID 0xc0b5592f
7 62.995841 192.168.0.67 192.168.0.252 DHCP DHCP Request - Transaction ID 0xc0b5592f
8 74.995824 192.168.0.67 192.168.0.252 DHCP DHCP Request - Transaction ID 0xc0b5592f
9 95.995830 192.168.0.67 192.168.0.252 DHCP DHCP Request - Transaction ID 0xc0b5592f
10 116.995824 192.168.0.67 192.168.0.252 DHCP DHCP Request - Transaction ID 0xc0b5592f
11 129.995829 192.168.0.67 192.168.0.252 DHCP DHCP Request - Transaction ID 0xc0b5592f
12 148.995836 192.168.0.67 192.168.0.252 DHCP DHCP Request - Transaction ID 0xc0b5592f
13 163.995835 192.168.0.67 192.168.0.252 DHCP DHCP Request - Transaction ID 0xc0b5592f
14 177.995833 192.168.0.67 192.168.0.252 DHCP DHCP Request - Transaction ID 0xc0b5592f
15 193.995844 192.168.0.67 192.168.0.252 DHCP DHCP Request - Transaction ID 0xc0b5592f
16 211.995839 192.168.0.67 192.168.0.252 DHCP DHCP Request - Transaction ID 0xc0b5592f
17 225.995830 192.168.0.67 192.168.0.252 DHCP DHCP Request - Transaction ID 0xc0b5592f
...
Admirez la patience (obstination ?) de notre client qui va sans relâche insister jusqu'à :
No. Time Source Destination Protocol Info
1 0.000000 192.168.0.67 192.168.0.252 DHCP DHCP Request - Transaction ID 0xc0b5592f
2 15.000000 192.168.0.67 192.168.0.252 DHCP DHCP Request - Transaction ID 0xc0b5592f
3 23.999995 192.168.0.67 192.168.0.252 DHCP DHCP Request - Transaction ID 0xc0b5592f
4 39.999999 192.168.0.67 192.168.0.252 DHCP DHCP Request - Transaction ID 0xc0b5592f
5 58.000005 192.168.0.67 192.168.0.252 DHCP DHCP Request - Transaction ID 0xc0b5592f
6 78.999998 192.168.0.67 192.168.0.252 DHCP DHCP Request - Transaction ID 0xc0b5592f
7 89.999997 192.168.0.67 192.168.0.252 DHCP DHCP Request - Transaction ID 0xc0b5592f
8 111.000002 192.168.0.67 255.255.255.255 DHCP DHCP Request - Transaction ID 0xc0b5592f
9 131.999996 192.168.0.67 255.255.255.255 DHCP DHCP Request - Transaction ID 0xc0b5592f
10 151.999988 192.168.0.67 255.255.255.255 DHCP DHCP Request - Transaction ID 0xc0b5592f
11 159.999990 192.168.0.67 255.255.255.255 DHCP DHCP Request - Transaction ID 0xc0b5592f
Notre client change de tactique. Il n'interroge plus 192.168.0.252. Il a fini par se rendre à l'évidence : ce serveur est hors service. Il va alors, tout en conservant son adresse IP actuelle, commencer une série de requêtes en broadcast, des fois qu'un bon admin aurait mis en place un autre DHCP, mais avec une autre adresse IP.
Voyons le détail des paquets 7 et 8 :
Frame 7 (342 bytes on wire, 342 bytes captured)
Arrival Time: May 8, 2009 16:25:50.932358000
[Time delta from previous captured frame: 10.999999000 seconds]
[Time delta from previous displayed frame: 10.999999000 seconds]
[Time since reference or first frame: 89.999997000 seconds]
Frame Number: 7
Frame Length: 342 bytes
Capture Length: 342 bytes
[Frame is marked: False]
[Protocols in frame: eth:ip:udp:bootp]
[Coloring Rule Name: UDP]
[Coloring Rule String: udp]
Ethernet II, Src: QuantaCo_51:5d:5a (00:16:36:51:5d:5a), Dst: D-Link_48:2b:84 (00:05:5d:48:2b:84)
Destination: D-Link_48:2b:84 (00:05:5d:48:2b:84)
Address: D-Link_48:2b:84 (00:05:5d:48:2b:84)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Source: QuantaCo_51:5d:5a (00:16:36:51:5d:5a)
Address: QuantaCo_51:5d:5a (00:16:36:51:5d:5a)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Type: IP (0x0800)
Internet Protocol, Src: 192.168.0.67 (192.168.0.67), Dst: 192.168.0.252 (192.168.0.252)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..0. = ECN-Capable Transport (ECT): 0
.... ...0 = ECN-CE: 0
Total Length: 328
Identification: 0x0000 (0)
Flags: 0x04 (Don't Fragment)
0... = Reserved bit: Not set
.1.. = Don't fragment: Set
..0. = More fragments: Not set
Fragment offset: 0
Time to live: 64
Protocol: UDP (0x11)
Header checksum: 0xb715 [correct]
[Good: True]
[Bad : False]
Source: 192.168.0.67 (192.168.0.67)
Destination: 192.168.0.252 (192.168.0.252)
User Datagram Protocol, Src Port: bootpc (68), Dst Port: bootps (67)
Source port: bootpc (68)
Destination port: bootps (67)
Length: 308
Checksum: 0x27f7 [correct]
[Good Checksum: True]
[Bad Checksum: False]
Bootstrap Protocol
Message type: Boot Request (1)
Hardware type: Ethernet
Hardware address length: 6
Hops: 0
Transaction ID: 0xc0b5592f
Seconds elapsed: 1784
Bootp flags: 0x0000 (Unicast)
0... .... .... .... = Broadcast flag: Unicast
.000 0000 0000 0000 = Reserved flags: 0x0000
Client IP address: 192.168.0.67 (192.168.0.67)
Your (client) IP address: 0.0.0.0 (0.0.0.0)
Next server IP address: 0.0.0.0 (0.0.0.0)
Relay agent IP address: 0.0.0.0 (0.0.0.0)
Client MAC address: QuantaCo_51:5d:5a (00:16:36:51:5d:5a)
Server host name not given
Boot file name not given
Magic cookie: (OK)
Option: (t=53,l=1) DHCP Message Type = DHCP Request
Option: (53) DHCP Message Type
Length: 1
Value: 03
Option: (t=55,l=12) Parameter Request List
Option: (55) Parameter Request List
Length: 12
Value: 011C02030F06770C2C2F1A79
1 = Subnet Mask
28 = Broadcast Address
2 = Time Offset
3 = Router
15 = Domain Name
6 = Domain Name Server
119 = Domain Search
12 = Host Name
44 = NetBIOS over TCP/IP Name Server
47 = NetBIOS over TCP/IP Scope
26 = Interface MTU
121 = Classless Static Route
End Option
Padding
Paquet 7, la requête est bien encore unicast. Dans la suivante :
Frame 8 (342 bytes on wire, 342 bytes captured)
Arrival Time: May 8, 2009 16:26:11.932363000
[Time delta from previous captured frame: 21.000005000 seconds]
[Time delta from previous displayed frame: 21.000005000 seconds]
[Time since reference or first frame: 111.000002000 seconds]
Frame Number: 8
Frame Length: 342 bytes
Capture Length: 342 bytes
[Frame is marked: False]
[Protocols in frame: eth:ip:udp:bootp]
[Coloring Rule Name: UDP]
[Coloring Rule String: udp]
Ethernet II, Src: QuantaCo_51:5d:5a (00:16:36:51:5d:5a), Dst: Broadcast (ff:ff:ff:ff:ff:ff)
Destination: Broadcast (ff:ff:ff:ff:ff:ff)
Address: Broadcast (ff:ff:ff:ff:ff:ff)
.... ...1 .... .... .... .... = IG bit: Group address (multicast/broadcast)
.... ..1. .... .... .... .... = LG bit: Locally administered address (this is NOT the factory default)
Source: QuantaCo_51:5d:5a (00:16:36:51:5d:5a)
Address: QuantaCo_51:5d:5a (00:16:36:51:5d:5a)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Type: IP (0x0800)
Internet Protocol, Src: 192.168.0.67 (192.168.0.67), Dst: 255.255.255.255 (255.255.255.255)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x10 (DSCP 0x04: Unknown DSCP; ECN: 0x00)
0001 00.. = Differentiated Services Codepoint: Unknown (0x04)
.... ..0. = ECN-Capable Transport (ECT): 0
.... ...0 = ECN-CE: 0
Total Length: 328
Identification: 0x0000 (0)
Flags: 0x00
0... = Reserved bit: Not set
.0.. = Don't fragment: Not set
..0. = More fragments: Not set
Fragment offset: 0
Time to live: 128
Protocol: UDP (0x11)
Header checksum: 0x78aa [correct]
[Good: True]
[Bad : False]
Source: 192.168.0.67 (192.168.0.67)
Destination: 255.255.255.255 (255.255.255.255)
User Datagram Protocol, Src Port: bootpc (68), Dst Port: bootps (67)
Source port: bootpc (68)
Destination port: bootps (67)
Length: 308
Checksum: 0xe986 [correct]
[Good Checksum: True]
[Bad Checksum: False]
Bootstrap Protocol
Message type: Boot Request (1)
Hardware type: Ethernet
Hardware address length: 6
Hops: 0
Transaction ID: 0xc0b5592f
Seconds elapsed: 1805
Bootp flags: 0x0000 (Unicast)
0... .... .... .... = Broadcast flag: Unicast
.000 0000 0000 0000 = Reserved flags: 0x0000
Client IP address: 192.168.0.67 (192.168.0.67)
Your (client) IP address: 0.0.0.0 (0.0.0.0)
Next server IP address: 0.0.0.0 (0.0.0.0)
Relay agent IP address: 0.0.0.0 (0.0.0.0)
Client MAC address: QuantaCo_51:5d:5a (00:16:36:51:5d:5a)
Server host name not given
Boot file name not given
Magic cookie: (OK)
Option: (t=53,l=1) DHCP Message Type = DHCP Request
Option: (53) DHCP Message Type
Length: 1
Value: 03
Option: (t=55,l=12) Parameter Request List
Option: (55) Parameter Request List
Length: 12
Value: 011C02030F06770C2C2F1A79
1 = Subnet Mask
28 = Broadcast Address
2 = Time Offset
3 = Router
15 = Domain Name
6 = Domain Name Server
119 = Domain Search
12 = Host Name
44 = NetBIOS over TCP/IP Name Server
47 = NetBIOS over TCP/IP Scope
26 = Interface MTU
121 = Classless Static Route
End Option
Padding
Nous avons bien ici du broadcast, mais le reste de la requête reste inchangé. Le client conserve l'espoir de trouver un autre serveur DHCP qui lui renouvellera son bail actuel. Notre client a changé de tactique à l'heure ''rebind'' indiquée dans le bail précédent.
Cependant notre règle IPtables est encore plus obstinée que notre client, il n'y a pas de nouveau serveur DHCP sur le réseau et finalement, le bail expire à l'heure ''expire'' :
==== Mort (et résurection) ====
No. Time Source Destination Protocol Info
1 0.000000 192.168.0.67 255.255.255.255 DHCP DHCP Request - Transaction ID 0xc0b5592f
2 14.999984 192.168.0.67 255.255.255.255 DHCP DHCP Request - Transaction ID 0xc0b5592f
3 24.999987 192.168.0.67 255.255.255.255 DHCP DHCP Request - Transaction ID 0xc0b5592f
4 38.999972 192.168.0.67 255.255.255.255 DHCP DHCP Request - Transaction ID 0xc0b5592f
5 47.999964 192.168.0.67 255.255.255.255 DHCP DHCP Request - Transaction ID 0xc0b5592f
6 64.999972 192.168.0.67 255.255.255.255 DHCP DHCP Request - Transaction ID 0xc0b5592f
7 71.045835 0.0.0.0 255.255.255.255 DHCP DHCP Discover - Transaction ID 0xf4b2bf16
8 71.046413 192.168.0.252 192.168.0.67 DHCP DHCP Offer - Transaction ID 0xf4b2bf16
9 71.046704 0.0.0.0 255.255.255.255 DHCP DHCP Request - Transaction ID 0xf4b2bf16
10 71.115898 192.168.0.252 192.168.0.67 DHCP DHCP ACK - Transaction ID 0xf4b2bf16
La trame 7 montre que notre client a perdu son adresse IP, mais il ne renonce toujours pas. Il fait maintenant une recherche de DHCP (Discover) et là, le miracle se produit, il redécouvre notre DHCP qui lui attribue alors un bail tout neuf. Contre toute attente, l'histoire finit bien.
Mais est-ce vraiment un miracle ?
En réalité, l'obstination de notre client a eu raison de celle de la règle IPtables. En effet, notre Netfilter ne laisse rien sortir vers 192.168.0.67, mais notre client a repris l'adresse factice 0.0.0.0 et Netfilter, leurré, laisse tomber son fromage. Notre client ne manque alors pas de s'en saisir.
S'il s'était agi d'une vraie panne de DHCP, il n'y aurait pas eu de fromage et notre client serait resté le bec dans l'eau.
===== Conclusion =====
Nous avons pu constater ici que DHCP est un protocole extrêmement opiniâtre et prudent. Le client se laisse de la marge en cas d'accident et commence à demander un renouvèlement bien avant l'heure d'expiration, en cas d'accident, il essaye de retrouver un autre serveur qui lui renouvèlerait son bail, et même mort, il essaye encore.
Il n'aura pas échappé au lecteur attentif que, bien que le bail ait expiré, le nouveau bail récupéré par tromperie de Netfilter propose la même adresse IP que la précédente. Est-ce un hasard ?
Pas du tout. En réalité le serveur garde en mémoire toutes les informations concernant les baux qu'il distribue et dans toute la mesure du possible, cherchera à attribuer la même adresse IP à une adresse MAC donnée. C'est généralement le cas, sauf lorsqu'il y a pénurie d'adresses IP. Le serveur est alors obligé de donner des adresses déjà attribuées, mais libérées, à de nouveaux clients.
Nous n'avons pas vu en détail toutes les possibilités de DHCP, mais ce chapitre a pu montrer le principe de base. Un client peut avoir quelques exigences sur divers paramètres, qu'il va alors annoncer dans sa requête. Le serveur pourra ou non satisfaire à ces exigences une négociation plus ou moins serrée pourra s'en suivre terminée par une entente cordiale ou non. Ce genre de situation reste cependant assez rare.
Pour tout savoir sur DHCP, le mieux est de poursuivre par la lecture des [[http://www.ietf.org/rfc/rfc2131.txt|RFC 2131 : « Dynamic Host Configuration Protocol »]] et aussi pourquoi pas, des [[http://www.ietf.org/rfc/rfc2132.txt|RFC 2132 : « DHCP Options and BOOTP Vendor Extensions »
]].