📅 最后修改于: 2023-12-03 15:35:15.681000 🧑 作者: Mango
tcpdump是一个常用的网络抓包工具,可以用于捕捉网络数据包,并在命令行中显示出来。
在本文中,我们将介绍如何使用tcpdump获取dhcp数据包。
首先,你需要在你的机器上安装tcpdump。如果你正在使用Debian或者Ubuntu,运行以下命令即可安装:
sudo apt-get install tcpdump
对于其他操作系统,你可以通过官网下载并安装tcpdump。
获取dhcp数据包的命令如下:
sudo tcpdump -i eth0 -vv -s 1500 port 67 and port 68
其中:
-i eth0:表示监听网卡为eth0,你需要根据你的网卡名称进行修改。-vv:表示输出详细信息。-s 1500:表示捕捉最大数据包大小为1500字节。port 67 and port 68:表示监听dhcp的端口号。运行以上命令后,你将会看到类似如下的输出:
listening on eth0, link-type EN10MB (Ethernet), capture size 1500 bytes
11:51:18.489186 IP (tos 0x0, ttl 64, id 0, offset 0, flags [none], proto UDP (17), length 328)
0.0.0.0.bootpc > 255.255.255.255.bootps: [udp sum ok] BOOTP/DHCP, Request from xx:xx:xx:xx:xx:xx, length 300, xid 0x232de9c9, secs 10, Flags [none] (0x0000)
Client-Ethernet-Address xx:xx:xx:xx:xx:xx
Vendor-rfc1048 Extensions
Magic Cookie 0x63825363
DHCP-Message Option 53, length 1: Discover
Parameter-Request Option 55, length 9:
Subnet-Mask, BR, Time-Zone, Classless-Static-Route
Domain-Name, Domain-Name-Server, Hostname
Netbios-Name-Server, Netbios-Scope
11:51:18.491989 IP (tos 0x0, ttl 64, id 0, offset 0, flags [none], proto UDP (17), length 343)
192.168.1.1.bootps > 192.168.1.3.bootpc: [udp sum ok] BOOTP/DHCP, Reply, length 315, xid 0x232de9c9, secs 10, Flags [none] (0x0000)
Your-IP 192.168.1.3
Server-IP 192.168.1.1
Client-Ethernet-Address xx:xx:xx:xx:xx:xx
Vendor-rfc1048 Extensions
Magic Cookie 0x63825363
DHCP-Message Option 53, length 1: Offer
Server-Identifier Option 54, length 4: 192.168.1.1
Lease-Time Option 51, length 4: 259200
Subnet-Mask Option 1, length 4: 255.255.255.0
Router Option 3, length 4: 192.168.1.1
Domain-Name-Server Option 6, length 4: 192.168.1.1
11:51:19.490257 IP (tos 0x0, ttl 64, id 0, offset 0, flags [none], proto UDP (17), length 328)
0.0.0.0.bootpc > 255.255.255.255.bootps: [udp sum ok] BOOTP/DHCP, Request from xx:xx:xx:xx:xx:xx, length 300, xid 0x232de9c9, secs 10, Flags [none] (0x0000)
Client-Ethernet-Address xx:xx:xx:xx:xx:xx
Vendor-rfc1048 Extensions
Magic Cookie 0x63825363
DHCP-Message Option 53, length 1: Discover
Parameter-Request Option 55, length 9:
Subnet-Mask, BR, Time-Zone, Classless-Static-Route
Domain-Name, Domain-Name-Server, Hostname
Netbios-Name-Server, Netbios-Scope
11:51:19.490538 IP (tos 0x0, ttl 64, id 0, offset 0, flags [none], proto UDP (17), length 568)
192.168.1.1.bootps > 192.168.1.3.bootpc: [udp sum ok] BOOTP/DHCP, Reply, length 540, xid 0x232de9c9, secs 10, Flags [none] (0x0000)
Your-IP 192.168.1.3
Server-IP 192.168.1.1
Client-Ethernet-Address xx:xx:xx:xx:xx:xx
Vendor-rfc1048 Extensions
Magic Cookie 0x63825363
DHCP-Message Option 53, length 1: Ack
Server-Identifier Option 54, length 4: 192.168.1.1
Lease-Time Option 51, length 4: 259200
Subnet-Mask Option 1, length 4: 255.255.255.0
Router Option 3, length 4: 192.168.1.1
Domain-Name-Server Option 6, length 4: 192.168.1.1
以上就是捕捉dhcp数据包的全部过程。
在本文中,我们介绍了如何使用tcpdump捕捉dhcp数据包。通过这种方式,你可以方便地监控和分析网络流量。