[求助]DHCP 抓包、报文格式、分析

landyjie 2012-06-30 04:38:49

我用VB写了简短几句:
Dim i
Private Sub Form_Load()
w.Protocol = sckUDPProtocol
w.Bind 67
End Sub
Private Sub w_DataArrival(ByVal bytesTotal As Long)
Me.Caption = bytesTotal
Open "c:\t" & i & ".txt" For Binary As #1
Dim b
w.GetData b
Put #1, , b
Close #1
i = i + 1
End Sub

然后我拔插网线后收到4个回复，下面是第一个，应该是DHCP discover 包:
Offset 0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15

00000000 11 20 01 00 2C 01 00 00 00 00 00 00 01 01 06 00 . ..,...........
00000016 B1 05 66 6C 00 00 00 00 00 00 00 00 00 00 00 00 ?fl............
00000032 00 00 00 00 00 00 00 00 00 1A 73 4F A1 59 00 00 ..........sO..
00000048 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00000064 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00000080 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00000096 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00000112 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00000128 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00000144 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00000160 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00000176 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00000192 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00000208 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00000224 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00000240 00 00 00 00 00 00 00 00 63 82 53 63 35 01 01 74 ........c係c5..t
00000256 01 01 3D 07 01 00 1A 73 4F A1 59 0C 0F 63 68 69 ..=....sO..chi
00000272 6E 61 2D 61 32 32 38 39 31 38 66 62 3C 08 4D 53 na-a228918fb<.MS
00000288 46 54 20 35 2E 30 37 0B 01 0F 03 06 2C 2E 2F 1F FT 5.07.....,./.
00000304 21 F9 2B 2B 02 DC 00 FF !?+.?

我再把端口改成68，下面是收到的第一个包:
Offset 0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15

00000000 11 20 01 00 22 01 00 00 00 00 00 00 02 01 06 00 . .."...........
00000016 5E CE 51 F2 00 00 00 00 00 00 00 00 C0 A8 6F 45 ^蜵?.......括oE
00000032 C0 A8 6F 6F 00 00 00 00 00 1A 73 4F A1 59 00 00 括oo......sO..
00000048 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00000064 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00000080 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00000096 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00000112 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00000128 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00000144 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00000160 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00000176 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00000192 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00000208 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00000224 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00000240 00 00 00 00 00 00 00 00 63 82 53 63 35 01 02 01 ........c係c5...
00000256 04 FF FF FF 00 3A 04 00 00 A8 C0 3B 04 00 01 27 ..:...ɡ;...'
00000272 50 33 04 00 01 51 80 36 04 C0 A8 6F 6F 03 04 C0 P3...Q€6.括oo..?
00000288 A8 6F 6F 06 08 77 06 06 06 CA 6A 00 14 FF ╫o..w...蔶..

问题：
1。数据开始00000000 11 20 01 00 2C 01 00 00 00 00 00 00 代表的是什么？我写程序怎么去组这些数据？（怎么在DHCP协议里面没看见）
2。第一个数据包结尾处63 82 53 63 带表的是什么？我写程序怎么去组这些数据？
3。接着问题2后面35 01 01 代表的是DHCP Discover，帮我详细分析一下后面的内容。如果我自己写客户端，后面那些是必须的？
4。第二个包的内容我已经知道是网卡参数方面的了。重点解释前3个问题吧。

...全文

1263 4 打赏收藏转发到动态举报

写回复

用AI写文章

4 条回复

切换为时间正序

请发表友善的回复…

发表回复

landyjie 2012-07-02

打赏
举报

总算找到讲的详细的一篇：http://en.wikipedia.org/wiki/DHCP_server#DHCP_discovery

引用

DHCPDISCOVER
UDP Src=0.0.0.0 sPort=68
Dest=255.255.255.255 dPort=67
OP HTYPE HLEN HOPS
0x01 0x01 0x06 0x00
XID
0x3903F326
SECS FLAGS
0x0000 0x0000
CIADDR (Client IP Address)
0x00000000
YIADDR (Your IP Address)
0x00000000
SIADDR (Server IP Address)
0x00000000
GIADDR (Gateway IP Address)
0x00000000
CHADDR (Client Hardware Address)
0x00053C04
0x8D590000
0x00000000
0x00000000
192 octets of 0s, or overflow space for additional options. BOOTP legacy
Magic Cookie
0x63825363
DHCP Options
DHCP option 53: DHCP Discover
DHCP option 50: 192.168.1.100 requested
DHCP option 55: Parameter Request List:
Request Subnet Mask (1), Router (3), Domain Name (15),
Domain Name Server (6)

引用

DHCPOFFER
UDP Src=192.168.1.1 sPort=67
Dest=255.255.255.255 dPort=68
OP HTYPE HLEN HOPS
0x02 0x01 0x06 0x00
0x00000000
YIADDR (Your IP Address)
0xC0A80164
SIADDR (Server IP Address)
0xC0A80101
GIADDR (Gateway IP Address)
0x00000000
CHADDR (Client Hardware Address)
0x00053C04
0x8D590000
0x00000000
0x00000000
192 octets of 0s. BOOTP legacy
Magic Cookie
0x63825363
DHCP Options
DHCP option 53: DHCP Offer
DHCP option 1: 255.255.255.0 subnet mask
DHCP option 3: 192.168.1.1 router
DHCP option 51: 86400s (1 day) IP lease time
DHCP option 54: 192.168.1.1 DHCP server
DHCP option 6: DNS servers 9.7.10.15, 9.7.10.16, 9.7.10.18

引用

DHCPREQUEST
UDP Src=0.0.0.0 sPort=68
Dest=255.255.255.255 dPort=67
OP HTYPE HLEN HOPS
0x01 0x01 0x06 0x00
XID
0x3903F326
SECS FLAGS
0x0000 0x0000
CIADDR (Client IP Address)
0x00000000
YIADDR (Your IP Address)
0x00000000
SIADDR (Server IP Address)
0xC0A80101
GIADDR (Gateway IP Address)
0x00000000
CHADDR (Client Hardware Address)
0x00053C04
0x8D590000
0x00000000
0x00000000
192 octets of 0s. BOOTP legacy
Magic Cookie
0x63825363
DHCP Options
DHCP option 53: DHCP Request
DHCP option 50: 192.168.1.100 requested
DHCP option 54: 192.168.1.1 DHCP server.

引用

DHCPACK
UDP Src=192.168.1.1 sPort=67
Dest=255.255.255.255 dPort=68
OP HTYPE HLEN HOPS
0x02 0x01 0x06 0x00
XID
0x3903F326
SECS FLAGS
0x0000 0x0000
CIADDR (Client IP Address)
0x00000000
YIADDR (Your IP Address)
0xC0A80164
SIADDR (Server IP Address)
0xC0A80101
GIADDR (Gateway IP Address switched by relay)
0x00000000
CHADDR (Client Hardware Address)
0x00053C04
0x8D590000
0x00000000
0x00000000
192 octets of 0s. BOOTP legacy
Magic Cookie
0x63825363
DHCP Options
DHCP option 53: DHCP ACK
DHCP option 1: 255.255.255.0 subnet mask
DHCP option 3: 192.168.1.1 router
DHCP option 51: 86400s (1 day) IP lease time
DHCP option 54: 192.168.1.1 DHCP server
DHCP option 6: DNS servers 9.7.10.15, 9.7.10.16, 9.7.10.18

引用

DHCP Options
The following tables list the available DHCP options, as stated in RFC2132.[4]
RFC1497 Vendor Extensions
Code Name Length Notes
0 Pad 1 octet Can be used to pad other options so that they are aligned to the word boundary
1 Subnet Mask 4 octets Must be sent after the router option (option 3) if both are included
2 Time Offset 4 octets
3 Router multiples of 4 octets Available routers, should be listed in order of preference
4 Time Server multiples of 4 octets Available time servers to synchronise with, should be listed in order of preference
5 Name Server multiples of 4 octets Available IEN116 name servers, should be listed in order of preference
6 Domain Name Server multiples of 4 octets Available DNS servers, should be listed in order of preference
7 Log Server multiples of 4 octets Available log servers, should be listed in order of preference.
8 Cookie Server multiples of 4 octets
9 LPR Server multiples of 4 octets
10 Impress Server multiples of 4 octets
11 Resource Location Server multiples of 4 octets
12 Host Name minimum of 1 octet
13 Boot File Size 2 octets Length of the boot image in 4KiB blocks
14 Merit Dump File minimum of 1 octet Path where crash dumps should be stored
15 Domain Name minimum of 1 octet
16 Swap Server 4 octets
17 Root Path minimum of 1 octet
18 Extensions Path minimum of 1 octet
255 End 1 octet Used to mark the end of the vendor option field
IP Layer Parameters per Host
Code Name Length Notes
19 IP Forwarding Enable/Disable 1 octet
20 Non-Local Source Routing Enable/Disable 1 octet
21 Policy Filter multiples of 8 octets
22 Maximum Datagram Reassembly Size 2 octets
23 Default IP Time-to-live 1 octet
24 Path MTU Aging Timeout 4 octets
25 Path MTU Plateau Table multiples of 2 octets
IP Layer Paramaters per Interface
Code Name Length Notes
26 Interface MTU 2 octets
27 All Subnets are Local 1 octet
28 Broadcast Address 4 octets
29 Perform Mask Discovery 1 octet
30 Mask Supplier 1 octet
31 Perform Router Discovery 1 octet
32 Router Solicitation Address 4 octets
33 Static Route multiples of 8 octets A list of destination/router pairs
Link Layer Parameters per Interface
Code Name Length Notes
34 Trailer Encapsulation Option 1 octet
35 ARP Cache Timeout 4 octets
36 Ethernet Encapsulation 1 octet
TCP Parameters
Code Name Length Notes
37 TCP Default TTL 1 octet
38 TCP Keepalive Interval 4 octets
39 TCP Keepalive Garbage 1 octet
Application and Service Parameters
Code Name Length Notes
40 Network Information Service Domain minimum of 1 octet
41 Network Information Servers multiples of 4 octets
42 Network Time Protocol Servers multiples of 4 octets
43 Vendor Specific Information minimum of 1 octets
44 NetBIOS over TCP/IP Name Server multiples of 4 octets
45 NetBIOS over TCP/IP Datagram Distribution Server multiples of 4 octets
46 NetBIOS over TCP/IP Node Type 1 octet
47 NetBIOS over TCP/IP Scope minimum of 1 octet
48 X Window System Font Server multiples of 4 octets
49 X Window System Display Manager multiples of 4 octets
64 Network Information Service+ Domain minimum of 1 octet
65 Network Information Service+ Servers multiples of 4 octets
68 Mobile IP Home Agent multiples of 4 octets
69 Simple Mail Transport Protocol (SMTP) Server multiples of 4 octets
70 Post Office Protocol (POP3) Server multiples of 4 octets
71 Network News Transport Protocol (NNTP) Server multiples of 4 octets
72 Default World Wide Web (WWW) Server) multiples of 4 octets
73 Default Finger Server multiples of 4 octets
74 Default Internet Relay Chat (IRC) Server multiples of 4 octets
75 StreetTalk Server multiples of 4 octets
76 StreetTalk Directory Assistance (STDA) Server multiples of 4 octets
DHCP Extensions
Code Name Length Notes
50 Requested IP Address 4 octets
51 IP Address Lease Time 4 octets
52 Option Overload 1 octet
66 TFTP server name minimum of 1 octet
67 Bootfile name minimum of 1 octet
53 DHCP Message Type 1 octet
54 Server Identifier 4 octets
55 Parameter Request List minimum of 1 octet
56 Message minimum of 1 octet
57 Maximum DHCP Message Size 2 octets
58 Renewal (T1) Time Value 4 octets
59 Rebinding (T2) Time Value 4 octets
60 Vendor class identifier minimum of 1 octet
61 Client-identifier minimum of 2 octets

MAY 2012-07-02

打赏
举报

如果你不懂协议，就得依靠工具。
看文档积短时间不会有正确的认识。
用wireshark 工具，你会有意想不到的收获

landyjie 2012-06-30

打赏
举报

00000000 11 20 01 00 22 01 这6个字节中貌似只有第5个在变化。他的值等于从63 82 53 63开始到结束的字节个数减去20（十进制）。

谁知道前面6个字节到底代表的什么？

landyjie 2012-06-30

打赏
举报

第2个问题找到答案： 4个字节是固定的。
[Quote=协议中说:]
The first four octets of the 'options' field of the DHCP message
contain the (decimal) values 99, 130, 83 and 99, respectively (this
is the same magic cookie as is defined in RFC 1497 [17]). The
remainder of the 'options' field consists of a list of tagged
parameters that are called "options". All of the "vendor extensions"
listed in RFC 1497 are also DHCP options. RFC 1533 gives the
complete set of options defined for use with DHCP.
[/Quote]
其他问题望高人指点