Ethereal-users: [Ethereal-users] Looking to build decode filter for DHCP Leasequery / RFC
Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.
From: Mark Millet <mmillet@xxxxxxxxx>
Date: Thu, 08 Dec 2005 18:44:29 -0800
As specified in
Here is the packet / decode from Ethereal Version 0.10.13
No. Time Source Destination Protocol Info
203 3.625318 4.177.0.1 4.104.0.69 DHCP DHCP Unknown Message Type - T
Frame 203 (342 bytes on wire, 342 bytes captured)
Arrival Time: Dec 8, 2005 16:28:01.094519000
Time delta from previous packet: 0.026514000 seconds
Time since reference or first frame: 3.625318000 seconds
Frame Number: 203
Packet Length: 342 bytes
Capture Length: 342 bytes
Ethernet II, Src: 00:0e:83:ca:00:72, Dst: 00:0d:28:8b:71:ff
Destination: 00:0d:28:8b:71:ff (Cisco_8b:71:ff)
Source: 00:0e:83:ca:00:72 (4.176.0.111)
Type: IP (0x0800)
Internet Protocol, Src Addr: 4.177.0.1 (4.177.0.1), Dst Addr: 4.104.0.69 (4.104.0.69)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..0. = ECN-Capable Transport (ECT): 0
.... ...0 = ECN-CE: 0
Total Length: 328
Identification: 0x96ed (38637)
Flags: 0x00
0... = Reserved bit: Not set
.0.. = Don't fragment: Not set
..0. = More fragments: Not set
Fragment offset: 0
Time to live: 255
Protocol: UDP (0x11)
Header checksum: 0x1a59 (correct)
Source: 4.177.0.1 (4.177.0.1)
Destination: 4.104.0.69 (4.104.0.69)
User Datagram Protocol, Src Port: bootps (67), Dst Port: bootps (67)
Source port: bootps (67)
Destination port: bootps (67)
Length: 308
Checksum: 0xe4a7 (correct)
Bootstrap Protocol
Message type: Boot Request (1)
Hardware type: NET/ROM pseudo
Hardware address length: 0
Hops: 1
Transaction ID: 0x00000000
Seconds elapsed: 0
Bootp flags: 0x0000 (Unicast)
0... .... .... .... = Broadcast flag: Unicast
.000 0000 0000 0000 = Reserved flags: 0x0000
Client IP address: 4.177.237.83 (4.177.237.83)
Your (client) IP address: 0.0.0.0 (0.0.0.0)
Next server IP address: 0.0.0.0 (0.0.0.0)
Relay agent IP address: 4.177.0.1 (4.177.0.1)
Client address not given
Server host name not given
Boot file name not given
Magic cookie: (OK)
Option 53: DHCP Message Type = DHCP Unknown Message Type
Option 57: Maximum DHCP Message Size = 548
Option 55: Parameter Request List
82 = Agent Information Option
51 = IP Address Lease Time
End Option
Padding
0000 00 0d 28 8b 71 ff 00 0e 83 ca 00 72 08 00 45 00 ..(.q......r..E.
0010 01 48 96 ed 00 00 ff 11 1a 59 04 b1 00 01 04 68 .H.......Y.....h
0020 00 45 00 43 00 43 01 34 e4 a7 01 00 00 01 00 00 .E.C.C.4........
0030 00 00 00 00 00 00 04 b1 ed 53 00 00 00 00 00 00 .........S......
0040 00 00 04 b1 00 01 00 00 00 00 00 00 00 00 00 00 ................
0050 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
0060 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
0070 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
0080 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
0090 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00a0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00b0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00c0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00d0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00e0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00f0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
0100 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
0110 00 00 00 00 00 00 63 82 53 63 35 01 0d 39 02 02 ......c.Sc5..9..
0120 24 37 02 52 33 ff d0 be 77 74 15 37 08 01 02 04 $7.R3...wt.7....
0130 42 80 03 07 43 3c 0a 64 6f 63 73 69 73 31 2e 31 B...C<.docsis1.1
0140 3a 34 01 03 52 0e 01 04 80 02 00 21 02 06 00 d0 :4..R......!....
0150 be 77 74 15 ff 00 .wt...
Where d0 be 77 74 15 37 08 = MAC address of device being looked up.
The "end option" is too early in the decode, and the padding bytes contain the expected data.
mmillet@xxxxxxxxx
draft-ietf-dhc-leasequery-09.txt And implemented for Cable / DOCSIS support on multiple platforms beyond those made by Cisco. http://www.cisco.com/univercd/cc/td/doc/product/rtrmgmt/ciscoasu/nr/nr50/cliref/clie.htm ++#define DHCPLEASEQUERY 13 ++#define DHCPLEASEKNOWN 14 ++#define DHCPLEASEUNKNOWN 15 ++#define DHCPLEASEACTIVE 16 ++#define DHCPUNIMPLEMENTED 17http://lists.freebsd.org/pipermail/freebsd-ports-bugs/2005-June/059690.html
Here is the packet / decode from Ethereal Version 0.10.13
No. Time Source Destination Protocol Info
203 3.625318 4.177.0.1 4.104.0.69 DHCP DHCP Unknown Message Type - T
Frame 203 (342 bytes on wire, 342 bytes captured)
Arrival Time: Dec 8, 2005 16:28:01.094519000
Time delta from previous packet: 0.026514000 seconds
Time since reference or first frame: 3.625318000 seconds
Frame Number: 203
Packet Length: 342 bytes
Capture Length: 342 bytes
Ethernet II, Src: 00:0e:83:ca:00:72, Dst: 00:0d:28:8b:71:ff
Destination: 00:0d:28:8b:71:ff (Cisco_8b:71:ff)
Source: 00:0e:83:ca:00:72 (4.176.0.111)
Type: IP (0x0800)
Internet Protocol, Src Addr: 4.177.0.1 (4.177.0.1), Dst Addr: 4.104.0.69 (4.104.0.69)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..0. = ECN-Capable Transport (ECT): 0
.... ...0 = ECN-CE: 0
Total Length: 328
Identification: 0x96ed (38637)
Flags: 0x00
0... = Reserved bit: Not set
.0.. = Don't fragment: Not set
..0. = More fragments: Not set
Fragment offset: 0
Time to live: 255
Protocol: UDP (0x11)
Header checksum: 0x1a59 (correct)
Source: 4.177.0.1 (4.177.0.1)
Destination: 4.104.0.69 (4.104.0.69)
User Datagram Protocol, Src Port: bootps (67), Dst Port: bootps (67)
Source port: bootps (67)
Destination port: bootps (67)
Length: 308
Checksum: 0xe4a7 (correct)
Bootstrap Protocol
Message type: Boot Request (1)
Hardware type: NET/ROM pseudo
Hardware address length: 0
Hops: 1
Transaction ID: 0x00000000
Seconds elapsed: 0
Bootp flags: 0x0000 (Unicast)
0... .... .... .... = Broadcast flag: Unicast
.000 0000 0000 0000 = Reserved flags: 0x0000
Client IP address: 4.177.237.83 (4.177.237.83)
Your (client) IP address: 0.0.0.0 (0.0.0.0)
Next server IP address: 0.0.0.0 (0.0.0.0)
Relay agent IP address: 4.177.0.1 (4.177.0.1)
Client address not given
Server host name not given
Boot file name not given
Magic cookie: (OK)
Option 53: DHCP Message Type = DHCP Unknown Message Type
Option 57: Maximum DHCP Message Size = 548
Option 55: Parameter Request List
82 = Agent Information Option
51 = IP Address Lease Time
End Option
Padding
0000 00 0d 28 8b 71 ff 00 0e 83 ca 00 72 08 00 45 00 ..(.q......r..E.
0010 01 48 96 ed 00 00 ff 11 1a 59 04 b1 00 01 04 68 .H.......Y.....h
0020 00 45 00 43 00 43 01 34 e4 a7 01 00 00 01 00 00 .E.C.C.4........
0030 00 00 00 00 00 00 04 b1 ed 53 00 00 00 00 00 00 .........S......
0040 00 00 04 b1 00 01 00 00 00 00 00 00 00 00 00 00 ................
0050 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
0060 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
0070 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
0080 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
0090 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00a0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00b0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00c0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00d0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00e0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00f0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
0100 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
0110 00 00 00 00 00 00 63 82 53 63 35 01 0d 39 02 02 ......c.Sc5..9..
0120 24 37 02 52 33 ff d0 be 77 74 15 37 08 01 02 04 $7.R3...wt.7....
0130 42 80 03 07 43 3c 0a 64 6f 63 73 69 73 31 2e 31 B...C<.docsis1.1
0140 3a 34 01 03 52 0e 01 04 80 02 00 21 02 06 00 d0 :4..R......!....
0150 be 77 74 15 ff 00 .wt...
Where d0 be 77 74 15 37 08 = MAC address of device being looked up.
The "end option" is too early in the decode, and the padding bytes contain the expected data.
Mark Millet
Security and System
Test
Cisco Systems
Inc. Direct:
650 303 2394
170 West Tasman
Dr Pager:
800 365 4578
San Jose, CA
95134- Follow-Ups:
- Prev by Date: Re: [Ethereal-users] Hiding Information
- Next by Date: Re: [Ethereal-users] Very Urgent Question!!!!
- Previous by thread: Re: [Ethereal-users] Intel Pro/wirelles 2200BG
- Next by thread: Re: [Ethereal-users] Looking to build decode filter for DHCP Leasequery / RFC
- Index(es):