資源描述:
《dhcp報(bào)文分析》由會(huì)員上傳分享,免費(fèi)在線閱讀��,更多相關(guān)內(nèi)容在學(xué)術(shù)論文-天天文庫(kù)�����。
1����、DHCP報(bào)文分析一、在windows下對(duì)DHCP過(guò)程的抓包進(jìn)步驟:1���、首先打開(kāi)wireshark進(jìn)行抓2����、在cmd中執(zhí)行ipconfig/release��,該命令的作用是用來(lái)釋放1P�����,如果出現(xiàn)如下提示信息����,表明本地連接沒(méi)有設(shè)置成自動(dòng)獲取;p:DocunentsandSettingssdc>ipconfig/releasewindowsIPConfigurationTheoperationfailedasnoadapterisinthestatepermissibleforrt;bisoperation.在網(wǎng)絡(luò)連接中將本地連接設(shè)成自動(dòng)獲取��,再次執(zhí)行ipconfig/relea
2�、se:釋放IP成功��。Wircshark抓包如圖::BootstrapProtocol(Release)Messagetype:BootRequest(1)Hardwaretype:Ethernet(0x01)Hardwareaddresslength:6Hops:0TransactsonID:OxlcOfc415tiSecondselapsed:0Bootpf1ags:0x0000(unicast)ClientIPaddress:192.168.75.235(192.168.75.235)Your(client)IPaddress:0.0.0.0(0.0.0.0)Nextse
3��、rverIPaddress:0.0.0.0(0.0.0.0)RelayagentIPaddress:0.0.0.0(0.0.0.0)ClientMACaddress:Dell_99:25:7c(d4:be:d9:99:25:7c)Clienthardwareaddresspadding:00000000000000000000ServerhostnamenotgivenBootfilenamenotgivenMagiccookie:DHCPti+J+JtloptionOptionOptionOptionPadding(53)DHCPMessageType(Release)(5
4��、4)DHCPServerIdentifier(61)ClientidentIf1er(255)End3�、執(zhí)行命令ipconfig/renew,發(fā)起一個(gè)DHCP過(guò)程��,分析從這里開(kāi)始�。DocunentsandSettingszdc>ipconfig/renewindowsIPConfigurationEthernetadapterUMwareNetworkAdapterUMnet8:Connection-specificDNSSuffix.:IPAddress:172.16.18.1SubnetMask:255.255.255.0DefaultGateway:Ethernet
5、adapterUMwareNetworkAdapterUMnetl:Connection-specificDNSSuffix.:IPAddress:172.16.159.1SubnetMask:255.255.255.0DefaultGatevia:Ethernetadapter本地連接2:Connection-specificDNSSuffix.:IPAddress:192.168.75.235SubnetMask:255.255.255.0DefaultGateway:192.168.75.254DHCP通常有Discover�、Offer、Request���、Ack四個(gè)階段��,
6��、wireshark抓包如下:448.753555000.0.0.0255.255.255.255DHCP342DHCPDiscover-TransactionID0x87380114458.75384200192.168.75.232255.255.255.255DHCP342DHCPOffer
7�、TransactionID0x87380114468.754616000.0.0.0255.255.255.255DHCP357DHCPRequest-TransactionID0x87380114478.75489700192.168.75.232255.255.255.255DH
8�����、CP343DHCPACK-TransactionID0x87380114此外還有重新登陸和更新租約���,這里不作解釋��。二����、DHCP協(xié)議的報(bào)文格式如下����,括號(hào)內(nèi)為長(zhǎng)度:OP⑴Htype(1)Hlen(l)Hops(1)TransactionID(4)Seconds⑵Flags(2)Ciaddr(4)Yiaddr(4)Siaddr(4)Giaddr(4)Chaddr(16)Snamc(64)File(128)Options(variable)下面結(jié)合在windows下對(duì)DHCP過(guò)程的抓進(jìn)行分析:1、現(xiàn)在�����,客戶機(jī)沒(méi)
