Wireshark-users: Re: [Wireshark-users] DHCP option 66

From: "Bob Carlson" <bob@xxxxxxxxxxxxx>
Date: Sat, 19 May 2012 15:52:12 -0700
In the DHCP Request or Discover messages, there is a list of requested options.
Option 66 must be in that list or it will not be returned.

Cheers, Bob
Eugene, OR - Tucson, AZ

-----Original Message-----
From: wireshark-users-bounces@xxxxxxxxxxxxx
[mailto:wireshark-users-bounces@xxxxxxxxxxxxx] On Behalf Of Noam Birnbaum
Sent: Friday, May 18, 2012 16:23
To: wireshark-users@xxxxxxxxxxxxx
Subject: [Wireshark-users] DHCP option 66

We are trying to configure a client's DHCP server to provide Option 66 (TFTP
server address) as part of its lease acknowledgements.  We've configured and
troubleshooted the DHCP server to do so, but Option 66 simply does not show up
in packet captures of the DHCP transaction.  

We've tried swapping out the client router with a completely different
make/model, thinking perhaps the original router's DHCP server had a bug, but
the new router's DHCP acknowledgements also don't have any trace of Option 66.

Below is a text export of the acknowledgement frame from the new DHCP server to
the client.  Am I looking in the wrong spot for Option 66?


****

No.     Time        Source                Destination           Protocol Length
Info                                                            src port dst
port
    122 6.783709    192.168.29.1          255.255.255.255       DHCP     320
DHCP ACK      - Transaction ID 0x31838ff0                       67       68

Frame 122: 320 bytes on wire (2560 bits), 320 bytes captured (2560 bits)
    Arrival Time: May 18, 2012 15:52:26.966006000 PDT
    Epoch Time: 1337381546.966006000 seconds
    [Time delta from previous captured frame: 0.000295000 seconds]
    [Time delta from previous displayed frame: 0.000295000 seconds]
    [Time since reference or first frame: 6.783709000 seconds]
    Frame Number: 122
    Frame Length: 320 bytes (2560 bits)
    Capture Length: 320 bytes (2560 bits)
    [Frame is marked: False]
    [Frame is ignored: False]
    [Protocols in frame: eth:ip:udp:bootp]
    [Coloring Rule Name: UDP]
    [Coloring Rule String: udp]
Ethernet II, Src: Sonicwal_ae:fb:9c (00:17:c5:ae:fb:9c), Dst: Broadcast
(ff:ff:ff:ff:ff:ff)
    Destination: Broadcast (ff:ff:ff:ff:ff:ff)
        Address: Broadcast (ff:ff:ff:ff:ff:ff)
        .... ...1 .... .... .... .... = IG bit: Group address
(multicast/broadcast)
        .... ..1. .... .... .... .... = LG bit: Locally administered address
(this is NOT the factory default)
    Source: Sonicwal_ae:fb:9c (00:17:c5:ae:fb:9c)
        Address: Sonicwal_ae:fb:9c (00:17:c5:ae:fb:9c)
        .... ...0 .... .... .... .... = IG bit: Individual address (unicast)
        .... ..0. .... .... .... .... = LG bit: Globally unique address (factory
default)
    Type: IP (0x0800)
Internet Protocol Version 4, Src: 192.168.29.1 (192.168.29.1), Dst:
255.255.255.255 (255.255.255.255)
    Version: 4
    Header length: 20 bytes
    Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT
(Not ECN-Capable Transport))
        0000 00.. = Differentiated Services Codepoint: Default (0x00)
        .... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable
Transport) (0x00)
    Total Length: 306
    Identification: 0x0000 (0)
    Flags: 0x02 (Don't Fragment)
        0... .... = Reserved bit: Not set
        .1.. .... = Don't fragment: Set
        ..0. .... = More fragments: Not set
    Fragment offset: 0
    Time to live: 32
    Protocol: UDP (17)
    Header checksum: 0x7c12 [validation disabled]
        [Good: False]
        [Bad: False]
    Source: 192.168.29.1 (192.168.29.1)
    Destination: 255.255.255.255 (255.255.255.255) User Datagram Protocol, Src
Port: 67 (67), Dst Port: 68 (68)
    Source port: 67 (67)
    Destination port: 68 (68)
    Length: 286
    Checksum: 0x3f24 [validation disabled]
        [Good Checksum: False]
        [Bad Checksum: False]
Bootstrap Protocol
    Message type: Boot Reply (2)
    Hardware type: Ethernet
    Hardware address length: 6
    Hops: 0
    Transaction ID: 0x31838ff0
    Seconds elapsed: 0
    Bootp flags: 0x0000 (Unicast)
        0... .... .... .... = Broadcast flag: Unicast
        .000 0000 0000 0000 = Reserved flags: 0x0000
    Client IP address: 0.0.0.0 (0.0.0.0)
    Your (client) IP address: 192.168.29.152 (192.168.29.152)
    Next server IP address: 0.0.0.0 (0.0.0.0)
    Relay agent IP address: 0.0.0.0 (0.0.0.0)
    Client MAC address: Apple_8a:b2:e5 (c8:bc:c8:8a:b2:e5)
    Client hardware address padding: 00000000000000000000
    Server host name not given
    Boot file name not given
    Magic cookie: DHCP
    Option: (t=53,l=1) DHCP Message Type = DHCP ACK
        Option: (53) DHCP Message Type
        Length: 1
        Value: 05
    Option: (t=54,l=4) DHCP Server Identifier = 192.168.29.1
        Option: (54) DHCP Server Identifier
        Length: 4
        Value: c0a81d01
    Option: (t=1,l=4) Subnet Mask = 255.255.255.0
        Option: (1) Subnet Mask
        Length: 4
        Value: ffffff00
    Option: (t=51,l=4) IP Address Lease Time = 1 day
        Option: (51) IP Address Lease Time
        Length: 4
        Value: 00015180
    Option: (t=3,l=4) Router = 192.168.29.1
        Option: (3) Router
        Length: 4
        Value: c0a81d01
    Option: (t=6,l=8) Domain Name Server
        Option: (6) Domain Name Server
        Length: 8
        Value: 0808080804020202
        IP Address: 8.8.8.8
        IP Address: 4.2.2.2
    End Option


___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users@xxxxxxxxxxxxx>
Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
             mailto:wireshark-users-request@xxxxxxxxxxxxx?subject=unsubscribe