Packet cap diff... for classic dhcp over winxp s/w bridge prob.

From: Coenraad Loubser (c10u_at_ananzi.co.za)
Date: 04/23/05

• Next message: prg: "Re: multihomed linux box IP packets sent on wrong subnet"
• Previous message: Matt Fuerst: "Issues with NAI uvscan?"
• In reply to: Coenraad Loubser: "Re: Classic DHCP over bridge problem"
• Next in thread: Horst Knobloch: "Re: Packet cap diff... for classic dhcp over winxp s/w bridge prob."
• Reply: Horst Knobloch: "Re: Packet cap diff... for classic dhcp over winxp s/w bridge prob."
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Date: Sat, 23 Apr 2005 05:42:01 +0200

I captured these packets on the client behind the windows bridge and on
the server simultaneously.

I dont know whats up with the time diffs! It is the correct capture!

Now, the client is the Chaintech nic.
The Senao nic is the wireless adapter on the XP bridge.

There we have it. Windows XP bridge changes the Mac.
Hmmm

But I must say... I can't think of any other way that it could work...

Can I?

The < is sent
the > is received, past the bridge

2c2
< 449 8.455054 0.0.0.0 255.255.255.255 DHCP
    DHCP Discover - Transaction ID 0xe5448fbb

---
 >       1 0.000000    0.0.0.0               255.255.255.255       DHCP 
     DHCP Discover - Transaction ID 0xe5448fbb
4,8c4,8
< Frame 449 (342 bytes on wire, 342 bytes captured)
<     Arrival Time: Apr 23, 2005 04:57:18.194455000
<     Time delta from previous packet: 0.061046000 seconds
<     Time since reference or first frame: 8.455054000 seconds
<     Frame Number: 449
---
 > Frame 1 (342 bytes on wire, 342 bytes captured)
 >     Arrival Time: Apr 22, 2005 22:58:23.146586000
 >     Time delta from previous packet: 0.000000000 seconds
 >     Time since reference or first frame: 0.000000000 seconds
 >     Frame Number: 1
11c11
< Ethernet II, Src: 00:50:70:44:e7:6b, Dst: ff:ff:ff:ff:ff:ff
---
 > Ethernet II, Src: 00:02:6f:35:29:b9, Dst: ff:ff:ff:ff:ff:ff
13c13
<     Source: 00:50:70:44:e7:6b (Chaintec_44:e7:6b)
---
 >     Source: 00:02:6f:35:29:b9 (SenaoInt_35:29:b9)
38c38
<     Checksum: 0x3b18 (correct)
---
 >     Checksum: 0xfa27 (correct)
53c53
<     Client hardware address: 00:50:70:44:e7:6b
---
 >     Client hardware address: 00:02:6f:35:29:b9
61c61
< 0000  ff ff ff ff ff ff 00 50 70 44 e7 6b 08 00 45 10   .......PpD.k..E.
---
 > 0000  ff ff ff ff ff ff 00 02 6f 35 29 b9 08 00 45 10   ........o5)...E.
63c63
< 0020  ff ff 00 44 00 43 01 34 3b 18 01 01 06 00 e5 44   ...D.C.4;......D
---
 > 0020  ff ff 00 44 00 43 01 34 fa 27 01 01 06 00 e5 44   ...D.C.4.'.....D
65c65
< 0040  00 00 00 00 00 00 00 50 70 44 e7 6b 00 00 00 00   .......PpD.k....
---
 > 0040  00 00 00 00 00 00 00 02 6f 35 29 b9 00 00 00 00   ........o5).....
85c85
<     451 8.461315    0.0.0.0               255.255.255.255       DHCP 
    DHCP Discover - Transaction ID 0xe6448fbb
---
 >       3 0.007364    0.0.0.0               255.255.255.255       DHCP 
     DHCP Discover - Transaction ID 0xe6448fbb
87,91c87,91
< Frame 451 (590 bytes on wire, 590 bytes captured)
<     Arrival Time: Apr 23, 2005 04:57:18.200716000
<     Time delta from previous packet: 0.000239000 seconds
<     Time since reference or first frame: 8.461315000 seconds
<     Frame Number: 451
---
 > Frame 3 (590 bytes on wire, 590 bytes captured)
 >     Arrival Time: Apr 22, 2005 22:58:23.153950000
 >     Time delta from previous packet: 0.007364000 seconds
 >     Time since reference or first frame: 0.007364000 seconds
 >     Frame Number: 3
94c94
< Ethernet II, Src: 00:50:70:44:e7:6b, Dst: ff:ff:ff:ff:ff:ff
---
 > Ethernet II, Src: 00:02:6f:35:29:b9, Dst: ff:ff:ff:ff:ff:ff
96c96
<     Source: 00:50:70:44:e7:6b (Chaintec_44:e7:6b)
---
 >     Source: 00:02:6f:35:29:b9 (SenaoInt_35:29:b9)
121c121
<     Checksum: 0x2619 (correct)
---
 >     Checksum: 0xe528 (correct)
136c136
<     Client hardware address: 00:50:70:44:e7:6b
---
 >     Client hardware address: 00:02:6f:35:29:b9
159c159
< 0000  ff ff ff ff ff ff 00 50 70 44 e7 6b 08 00 45 10   .......PpD.k..E.
---
 > 0000  ff ff ff ff ff ff 00 02 6f 35 29 b9 08 00 45 10   ........o5)...E.
161c161
< 0020  ff ff 00 44 00 43 02 2c 26 19 01 01 06 00 e6 44   ...D.C.,&......D
---
 > 0020  ff ff 00 44 00 43 02 2c e5 28 01 01 06 00 e6 44   ...D.C.,.(.....D
163c163
< 0040  00 00 00 00 00 00 00 50 70 44 e7 6b 00 00 00 00   .......PpD.k....
---
 > 0040  00 00 00 00 00 00 00 02 6f 35 29 b9 00 00 00 00   ........o5).....
198c198
<     453 8.468172    0.0.0.0               255.255.255.255       DHCP 
    DHCP Request  - Transaction ID 0xe7448fbb
---
 >       9 0.018200    0.0.0.0               255.255.255.255       DHCP 
     DHCP Request  - Transaction ID 0xe7448fbb
200,204c200,204
< Frame 453 (590 bytes on wire, 590 bytes captured)
<     Arrival Time: Apr 23, 2005 04:57:18.207573000
<     Time delta from previous packet: 0.000118000 seconds
<     Time since reference or first frame: 8.468172000 seconds
<     Frame Number: 453
---
 > Frame 9 (590 bytes on wire, 590 bytes captured)
 >     Arrival Time: Apr 22, 2005 22:58:23.164786000
 >     Time delta from previous packet: 0.010836000 seconds
 >     Time since reference or first frame: 0.018200000 seconds
 >     Frame Number: 9
207c207
< Ethernet II, Src: 00:50:70:44:e7:6b, Dst: ff:ff:ff:ff:ff:ff
---
 > Ethernet II, Src: 00:02:6f:35:29:b9, Dst: ff:ff:ff:ff:ff:ff
209c209
<     Source: 00:50:70:44:e7:6b (Chaintec_44:e7:6b)
---
 >     Source: 00:02:6f:35:29:b9 (SenaoInt_35:29:b9)
234c234
<     Checksum: 0x39ba (correct)
---
 >     Checksum: 0xf8c9 (correct)
249c249
<     Client hardware address: 00:50:70:44:e7:6b
---
 >     Client hardware address: 00:02:6f:35:29:b9
274c274
< 0000  ff ff ff ff ff ff 00 50 70 44 e7 6b 08 00 45 10   .......PpD.k..E.
---
 > 0000  ff ff ff ff ff ff 00 02 6f 35 29 b9 08 00 45 10   ........o5)...E.
276c276
< 0020  ff ff 00 44 00 43 02 2c 39 ba 01 01 06 00 e7 44   ...D.C.,9......D
---
 > 0020  ff ff 00 44 00 43 02 2c f8 c9 01 01 06 00 e7 44   ...D.C.,.......D
278c278
< 0040  00 00 00 00 00 00 00 50 70 44 e7 6b 00 00 00 00   .......PpD.k....
---
 > 0040  00 00 00 00 00 00 00 02 6f 35 29 b9 00 00 00 00   ........o5).....
311,312d310
<
<
Now for the "offer" packet received by the client...
(Grr the sent one wasnt logged)
No.     Time        Source                Destination           Protocol 
Info
     452 8.468054    192.168.0.1           192.168.0.4           DHCP 
   DHCP Offer    - Transaction ID 0xe6448fbb
Frame 452 (342 bytes on wire, 342 bytes captured)
     Arrival Time: Apr 23, 2005 04:57:18.207455000
     Time delta from previous packet: 0.006739000 seconds
     Time since reference or first frame: 8.468054000 seconds
     Frame Number: 452
     Packet Length: 342 bytes
     Capture Length: 342 bytes
Ethernet II, Src: 00:0f:ea:38:13:87, Dst: 00:50:70:44:e7:6b
     Destination: 00:50:70:44:e7:6b (Chaintec_44:e7:6b)
     Source: 00:0f:ea:38:13:87 (Giga-Byt_38:13:87)
     Type: IP (0x0800)
Internet Protocol, Src Addr: 192.168.0.1 (192.168.0.1), Dst Addr: 
192.168.0.4 (192.168.0.4)
     Version: 4
     Header length: 20 bytes
     Differentiated Services Field: 0x10 (DSCP 0x04: Unknown DSCP; ECN: 
0x00)
         0001 00.. = Differentiated Services Codepoint: Unknown (0x04)
         .... ..0. = ECN-Capable Transport (ECT): 0
         .... ...0 = ECN-CE: 0
     Total Length: 328
     Identification: 0x0000 (0)
     Flags: 0x00
         0... = Reserved bit: Not set
         .0.. = Don't fragment: Not set
         ..0. = More fragments: Not set
     Fragment offset: 0
     Time to live: 16
     Protocol: UDP (0x11)
     Header checksum: 0x2840 (correct)
     Source: 192.168.0.1 (192.168.0.1)
     Destination: 192.168.0.4 (192.168.0.4)
User Datagram Protocol, Src Port: bootps (67), Dst Port: bootpc (68)
     Source port: bootps (67)
     Destination port: bootpc (68)
     Length: 308
     Checksum: 0x9ea6 (correct)
Bootstrap Protocol
     Message type: Boot Reply (2)
     Hardware type: Ethernet
     Hardware address length: 6
     Hops: 0
     Transaction ID: 0xe6448fbb
     Seconds elapsed: 0
     Bootp flags: 0x0000 (Unicast)
         0... .... .... .... = Broadcast flag: Unicast
         .000 0000 0000 0000 = Reserved flags: 0x0000
     Client IP address: 0.0.0.0 (0.0.0.0)
     Your (client) IP address: 192.168.0.4 (192.168.0.4)
     Next server IP address: 192.168.0.1 (192.168.0.1)
     Relay agent IP address: 0.0.0.0 (0.0.0.0)
     Client hardware address: 00:50:70:44:e7:6b
     Server host name not given
     Boot file name not given
     Magic cookie: (OK)
     Option 53: DHCP Message Type = DHCP Offer
     Option 54: Server Identifier = 192.168.0.1
     Option 51: IP Address Lease Time = 2 hours
     Option 1: Subnet Mask = 255.255.255.0
     Option 3: Router = 192.168.0.1
     Option 6: Domain Name Server = 192.168.0.1
     Option 15: Domain Name = "wish.org.za"
     Option 12: Host Name = "perfect"
     End Option
     Padding
Now lets move on to the "request" packet....
This is the complete packet sent
No.     Time        Source                Destination           Protocol 
Info
     453 8.468172    0.0.0.0               255.255.255.255       DHCP 
   DHCP Request  - Transaction ID 0xe7448fbb
Frame 453 (590 bytes on wire, 590 bytes captured)
     Arrival Time: Apr 23, 2005 04:57:18.207573000
     Time delta from previous packet: 0.000118000 seconds
     Time since reference or first frame: 8.468172000 seconds
     Frame Number: 453
     Packet Length: 590 bytes
     Capture Length: 590 bytes
Ethernet II, Src: 00:50:70:44:e7:6b, Dst: ff:ff:ff:ff:ff:ff
     Destination: ff:ff:ff:ff:ff:ff (Broadcast)
     Source: 00:50:70:44:e7:6b (Chaintec_44:e7:6b)
     Type: IP (0x0800)
Internet Protocol, Src Addr: 0.0.0.0 (0.0.0.0), Dst Addr: 
255.255.255.255 (255.255.255.255)
     Version: 4
     Header length: 20 bytes
     Differentiated Services Field: 0x10 (DSCP 0x04: Unknown DSCP; ECN: 
0x00)
         0001 00.. = Differentiated Services Codepoint: Unknown (0x04)
         .... ..0. = ECN-Capable Transport (ECT): 0
         .... ...0 = ECN-CE: 0
     Total Length: 576
     Identification: 0x0000 (0)
     Flags: 0x00
         0... = Reserved bit: Not set
         .0.. = Don't fragment: Not set
         ..0. = More fragments: Not set
     Fragment offset: 0
     Time to live: 16
     Protocol: UDP (0x11)
     Header checksum: 0xa89e (correct)
     Source: 0.0.0.0 (0.0.0.0)
     Destination: 255.255.255.255 (255.255.255.255)
User Datagram Protocol, Src Port: bootpc (68), Dst Port: bootps (67)
     Source port: bootpc (68)
     Destination port: bootps (67)
     Length: 556
     Checksum: 0x39ba (correct)
Bootstrap Protocol
     Message type: Boot Request (1)
     Hardware type: Ethernet
     Hardware address length: 6
     Hops: 0
     Transaction ID: 0xe7448fbb
     Seconds elapsed: 0
     Bootp flags: 0x0000 (Unicast)
         0... .... .... .... = Broadcast flag: Unicast
         .000 0000 0000 0000 = Reserved flags: 0x0000
     Client IP address: 0.0.0.0 (0.0.0.0)
     Your (client) IP address: 0.0.0.0 (0.0.0.0)
     Next server IP address: 0.0.0.0 (0.0.0.0)
     Relay agent IP address: 0.0.0.0 (0.0.0.0)
     Client hardware address: 00:50:70:44:e7:6b
     Server host name not given
     Boot file name not given
     Magic cookie: (OK)
     Option 53: DHCP Message Type = DHCP Request
     Option 57: Maximum DHCP Message Size = 548
     Option 55: Parameter Request List
         1 = Subnet Mask
         3 = Router
         6 = Domain Name Server
         15 = Domain Name
         28 = Broadcast Address
         12 = Host Name
         7 = Log Server
         9 = LPR Server
         42 = Network Time Protocol Servers
         48 = X Window System Font Server
         49 = X Window System Display Manager
     Option 12: Host Name = "Knoppix"
     Option 51: IP Address Lease Time = 12 hours
     Option 54: Server Identifier = 192.168.0.1
     Option 50: Requested IP Address = 192.168.0.4
     End Option
     Padding
0000  ff ff ff ff ff ff 00 50 70 44 e7 6b 08 00 45 10   .......PpD.k..E.
0010  02 40 00 00 00 00 10 11 a8 9e 00 00 00 00 ff ff   .@..............
0020  ff ff 00 44 00 43 02 2c 39 ba 01 01 06 00 e7 44   ...D.C.,9......D
0030  8f bb 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
0040  00 00 00 00 00 00 00 50 70 44 e7 6b 00 00 00 00   .......PpD.k....
0050  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
0060  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
0070  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
0080  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
0090  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
00a0  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
00b0  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
00c0  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
00d0  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
00e0  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
00f0  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
0100  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
0110  00 00 00 00 00 00 63 82 53 63 35 01 03 39 02 02   ......c.Sc5..9..
0120  24 37 0b 01 03 06 0f 1c 0c 07 09 2a 30 31 0c 08   $7.........*01..
0130  4b 6e 6f 70 70 69 78 00 33 04 00 00 a8 c0 36 04   Knoppix.3.....6.
0140  c0 a8 00 01 32 04 c0 a8 00 04 ff 00 00 00 00 00   ....2...........
0150  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
0160  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
0170  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
0180  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
0190  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
01a0  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
01b0  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
01c0  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
01d0  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
01e0  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
01f0  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
0200  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
0210  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
0220  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
0230  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
0240  00 00 00 00 00 00 00 00 00 00 00 00 00 00         ..............
The diff shows that only the 2 macs are changed, as per usual.
2c2
<       9 0.018200    0.0.0.0               255.255.255.255       DHCP 
    DHCP Request  - Transaction ID 0xe7448fbb
---
 >     453 8.468172    0.0.0.0               255.255.255.255       DHCP 
     DHCP Request  - Transaction ID 0xe7448fbb
4,8c4,8
< Frame 9 (590 bytes on wire, 590 bytes captured)
<     Arrival Time: Apr 22, 2005 22:58:23.164786000
<     Time delta from previous packet: 0.010836000 seconds
<     Time since reference or first frame: 0.018200000 seconds
<     Frame Number: 9
---
 > Frame 453 (590 bytes on wire, 590 bytes captured)
 >     Arrival Time: Apr 23, 2005 04:57:18.207573000
 >     Time delta from previous packet: 0.000118000 seconds
 >     Time since reference or first frame: 8.468172000 seconds
 >     Frame Number: 453
11c11
< Ethernet II, Src: 00:02:6f:35:29:b9, Dst: ff:ff:ff:ff:ff:ff
---
 > Ethernet II, Src: 00:50:70:44:e7:6b, Dst: ff:ff:ff:ff:ff:ff
13c13
<     Source: 00:02:6f:35:29:b9 (SenaoInt_35:29:b9)
---
 >     Source: 00:50:70:44:e7:6b (Chaintec_44:e7:6b)
38c38
<     Checksum: 0xf8c9 (correct)
---
 >     Checksum: 0x39ba (correct)
53c53
<     Client hardware address: 00:02:6f:35:29:b9
---
 >     Client hardware address: 00:50:70:44:e7:6b
78c78
< 0000  ff ff ff ff ff ff 00 02 6f 35 29 b9 08 00 45 10   ........o5)...E.
---
 > 0000  ff ff ff ff ff ff 00 50 70 44 e7 6b 08 00 45 10   .......PpD.k..E.
80c80
< 0020  ff ff 00 44 00 43 02 2c f8 c9 01 01 06 00 e7 44   ...D.C.,.......D
---
 > 0020  ff ff 00 44 00 43 02 2c 39 ba 01 01 06 00 e7 44   ...D.C.,9......D
82c82
< 0040  00 00 00 00 00 00 00 02 6f 35 29 b9 00 00 00 00   ........o5).....
---
 > 0040  00 00 00 00 00 00 00 50 70 44 e7 6b 00 00 00 00   .......PpD.k....
Well, clearly the DHCP server sees both machines as the same, and offer 
the IP it was told to offer that client.
Wel, Guess I'll have to use that other ID method...
Another thing...
Would this explain why DNS won't work when I manually assign an IP.
Um almost sure it worked when I disabled the fix ip to this mac, and 
used dhcp...

• Next message: prg: "Re: multihomed linux box IP packets sent on wrong subnet"
• Previous message: Matt Fuerst: "Issues with NAI uvscan?"
• In reply to: Coenraad Loubser: "Re: Classic DHCP over bridge problem"
• Next in thread: Horst Knobloch: "Re: Packet cap diff... for classic dhcp over winxp s/w bridge prob."
• Reply: Horst Knobloch: "Re: Packet cap diff... for classic dhcp over winxp s/w bridge prob."
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Relevant Pages Re: DHCP handles Naks one one vlan differently ... If the problem is on the network with the DHCP server, ... Frame 156 ... Your (client) IP address: 0.0.0.0 ... (comp.dcom.sys.cisco) Re: Regarding dhcp client problem ... I have captured the packet information from the device. ... win2k dhcp server sends ... But the dhcp client in the device is not receiving the offer at ... User Datagram Protocol, Src Port: bootpc, Dst Port: bootps ... (comp.arch.embedded) Re: DHCP serving more than one subnet (longish) ... >>destination address is all ones (which means it is a broadcast packet). ... > Responses from the server however rely on the ethernet address only since ... DHCP works over media other than ethernet. ... the case if the request is relayed through a router]. ... (comp.os.vms) RE: DHCP Event ID 1053 ... encountered another Server on this network with IP Address, 192.168.70.1, ... This can occur if the BOOTP relay agent forwards the DHCP Offer frame from ... Frame 1 (Discover frame forwarded from the BOOTP relay agent to the DHCP ... (microsoft.public.win2000.networking) Re: PXE and DHCP ... > Description of PXE Interaction Among PXE Client, DHCP, and RIS Server> ... > When the machine boots using PXE, the boot ROM gets an IP address using> DHCP. ... It's then sending out a modified DHCP Discover packet with its GUID. ... > The BINL service on a RIS server listens for these special DHCP Discover> packets and responds with a DHCP Offer packet that includes a copy of the> client's GUID, ... (microsoft.public.windows.server.networking)

• Security
• UNIX
• Linux
• Coding
• Usenet

• Mailing-Lists
• Newsgroups
• About
• Privacy
• Search
• Imprint