Re: Sniffing a DHCP Boot

KEY@tgv.com Wed, 10 April 1996 13:22 UTC

Date: Wed, 10 Apr 1996 09:21:16 -0400
Message-Id: <829142218.638131.KEY@TGV.COM>
Errors-To: droms@bucknell.edu
Reply-To: dhcp-v4@bucknell.edu
Originator: dhcp-v4@bucknell.edu
Precedence: bulk
Sender: ietf-archive-request@IETF.CNRI.Reston.VA.US
From: KEY@tgv.com
To: Multiple recipients of list <dhcp-v4@bucknell.edu>
Subject: Re: Sniffing a DHCP Boot

> We are testing DHCP as served by Windows NT, and just to NT clients
> right now.  My Network General Sniffer did not see DHCP, so I asked 
> their support group if DHCP is decoded.  The answer was, "We don't
> think so."

The version of the sniffer software I've been using doesn't understand
DHCP and gets very confused cracking the options field.  They botched
doing TLV decoding on unknown options in general.  But in NG's defense,
I am using a fairly old version and the current version may be fixed.

> In the trace file, which is taken from the client end, 
> I see BOOTP packets, then an ARP for the IP address of the client
> workstation, from the client workstation.

This would make sense, as DHCP uses the BOOTP port (and packet format).
That ARP is the client doing a last sanity check to see if anyone else
is  (improperly) using the IP address the server assigned to the client
before using the address.

-------
Ken Key    (key@tgv.com)  |  cisco Systems, Inc.   | (Formerly TGV, Inc.)  
+1 (408) 457-5200 (voice) |  101 Cooper St.        | We are Borg of cisco.
+1 (408) 457-5208 (fax)   |  Santa Cruz, CA  95060 | Prepare to be assimilated.

Sniffing a DHCP Boot Bill Fox
Re: Sniffing a DHCP Boot KEY
Re: Sniffing a DHCP Boot Evan Wetstone
Re: Sniffing a DHCP Boot Evan Wetstone
Re: Sniffing a DHCP Boot Greg E Hersh
Re: Sniffing a DHCP Boot Michael J. Lewis