wireshark DHCP DNS 抓包分析
Using WireShark for DHCP capture and DNS captur 09B04 The configuration of the WireSharkThe WireShark interface in Linux is as above. The capture is done in the lab, in an café house as well as in the dorm. The connection to cafe is wireless connection, in the lab the laptop is allocated to a public IP address and in dorm, where it is wired connection, the laptop is allocated to a private IP address, while the router’s IP is .While with wired connection, the interface selected is eth0,with wireless connection, the interface selected is eth 2. When capturing DHCP packet, the configuration of capture is as follows:When capturing DNS message, the configuration is as follows:The procedure of captureClick on the third button to While capturing, click the thirdstart capture. button to stop.DHCP analysisAfter input and in cmd ,, Release the link and rebuild the link using DHCP protocol.The five messages that the Wireshark packed are release, discover, offer, request and ACK. It can be inferred from the picture above that the source port number is 68 and the destination port number is 67. And the destination is a DHCP server as well as a router. The server’s IP address is (which is a private IP address used by a router) and the host’s IP address is 00(which is also a private IP address).Discover messageThe client broadcasts messages on the physical subnet to discover available DHCP servers. Network administrators can configure a local router to forward DHCP packets to a DHCP server from a different subnet. This client-implementation creates a User Datagram Protocol (UDP) packet with the broadcast destination of 55 or the specific subnet broadcast address.fieldvaluemeaningMessage type01from host to serverTransaction IDan integerFor client to match responseClient IP addressOnly field if the client is BOUND, REVEW, or REBIND, so it’s all 0.Your IP addressThe client is waiting to be assigned for an IP address, so this is all 0.Next serv