Huge thanks to our Platinum Members Endace and LiveAction,
and our Silver Member Veeam, for supporting the Wireshark Foundation and project.
Wireshark logo

Wireshark-users: Re: [Wireshark-users] DHCP option 66

Date Prev · Date Next · Thread Prev · Thread Next
Date Index · Thread Index · Other Months · All Mailing Lists
From: Marco Zuppone <msz@xxxxxx>
Date: Sun, 20 May 2012 23:43:20 +0100
Hello,

from the packet seems really that the option 66 is not there.
I'm not a super-expert of dhcp options but I had a look to rfc2132.
There is stated that:
  This option is used to identify a TFTP server when the 'sname' field
  in the DHCP header has been used for DHCP options.

So maybe you'd try to ''play'' with option 52 as well:
This option is used to indicate that the DHCP 'sname' or 'file'
  fields are being overloaded by using them to carry DHCP options. A
  DHCP server inserts this option if the returned parameters will
  exceed the usual space allotted for options.

  If this option is present, the client interprets the specified
  additional fields after it concludes interpretation of the standard
  option fields.

  The code for this option is 52, and its length is 1.  Legal values
  for this option are:

          Value   Meaning
          -----   --------
            1     the 'file' field is used to hold options
            2     the 'sname' field is used to hold options
            3     both fields are used to hold options

My guess is that your DHCP server implementation does not give out the option 66 if the 52 is not set (my guess is set value 2 to option 52).
Try & finger crossed :-)
Regards,
Marco - StockTrader
On 19 May 2012, at 00:22, Noam Birnbaum wrote:

> We are trying to configure a client's DHCP server to provide Option 66 (TFTP server address) as part of its lease acknowledgements.  We've configured and troubleshooted the DHCP server to do so, but Option 66 simply does not show up in packet captures of the DHCP transaction.  
> 
> We've tried swapping out the client router with a completely different make/model, thinking perhaps the original router's DHCP server had a bug, but the new router's DHCP acknowledgements also don't have any trace of Option 66.
> 
> Below is a text export of the acknowledgement frame from the new DHCP server to the client.  Am I looking in the wrong spot for Option 66?
> 
> 
> ****
> 
> No.     Time        Source                Destination           Protocol Length Info                                                            src port dst port
>    122 6.783709    192.168.29.1          255.255.255.255       DHCP     320    DHCP ACK      - Transaction ID 0x31838ff0                       67       68
> 
> Frame 122: 320 bytes on wire (2560 bits), 320 bytes captured (2560 bits)
>    Arrival Time: May 18, 2012 15:52:26.966006000 PDT
>    Epoch Time: 1337381546.966006000 seconds
>    [Time delta from previous captured frame: 0.000295000 seconds]
>    [Time delta from previous displayed frame: 0.000295000 seconds]
>    [Time since reference or first frame: 6.783709000 seconds]
>    Frame Number: 122
>    Frame Length: 320 bytes (2560 bits)
>    Capture Length: 320 bytes (2560 bits)
>    [Frame is marked: False]
>    [Frame is ignored: False]
>    [Protocols in frame: eth:ip:udp:bootp]
>    [Coloring Rule Name: UDP]
>    [Coloring Rule String: udp]
> Ethernet II, Src: Sonicwal_ae:fb:9c (00:17:c5:ae:fb:9c), Dst: Broadcast (ff:ff:ff:ff:ff:ff)
>    Destination: Broadcast (ff:ff:ff:ff:ff:ff)
>        Address: Broadcast (ff:ff:ff:ff:ff:ff)
>        .... ...1 .... .... .... .... = IG bit: Group address (multicast/broadcast)
>        .... ..1. .... .... .... .... = LG bit: Locally administered address (this is NOT the factory default)
>    Source: Sonicwal_ae:fb:9c (00:17:c5:ae:fb:9c)
>        Address: Sonicwal_ae:fb:9c (00:17:c5:ae:fb:9c)
>        .... ...0 .... .... .... .... = IG bit: Individual address (unicast)
>        .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
>    Type: IP (0x0800)
> Internet Protocol Version 4, Src: 192.168.29.1 (192.168.29.1), Dst: 255.255.255.255 (255.255.255.255)
>    Version: 4
>    Header length: 20 bytes
>    Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport))
>        0000 00.. = Differentiated Services Codepoint: Default (0x00)
>        .... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00)
>    Total Length: 306
>    Identification: 0x0000 (0)
>    Flags: 0x02 (Don't Fragment)
>        0... .... = Reserved bit: Not set
>        .1.. .... = Don't fragment: Set
>        ..0. .... = More fragments: Not set
>    Fragment offset: 0
>    Time to live: 32
>    Protocol: UDP (17)
>    Header checksum: 0x7c12 [validation disabled]
>        [Good: False]
>        [Bad: False]
>    Source: 192.168.29.1 (192.168.29.1)
>    Destination: 255.255.255.255 (255.255.255.255)
> User Datagram Protocol, Src Port: 67 (67), Dst Port: 68 (68)
>    Source port: 67 (67)
>    Destination port: 68 (68)
>    Length: 286
>    Checksum: 0x3f24 [validation disabled]
>        [Good Checksum: False]
>        [Bad Checksum: False]
> Bootstrap Protocol
>    Message type: Boot Reply (2)
>    Hardware type: Ethernet
>    Hardware address length: 6
>    Hops: 0
>    Transaction ID: 0x31838ff0
>    Seconds elapsed: 0
>    Bootp flags: 0x0000 (Unicast)
>        0... .... .... .... = Broadcast flag: Unicast
>        .000 0000 0000 0000 = Reserved flags: 0x0000
>    Client IP address: 0.0.0.0 (0.0.0.0)
>    Your (client) IP address: 192.168.29.152 (192.168.29.152)
>    Next server IP address: 0.0.0.0 (0.0.0.0)
>    Relay agent IP address: 0.0.0.0 (0.0.0.0)
>    Client MAC address: Apple_8a:b2:e5 (c8:bc:c8:8a:b2:e5)
>    Client hardware address padding: 00000000000000000000
>    Server host name not given
>    Boot file name not given
>    Magic cookie: DHCP
>    Option: (t=53,l=1) DHCP Message Type = DHCP ACK
>        Option: (53) DHCP Message Type
>        Length: 1
>        Value: 05
>    Option: (t=54,l=4) DHCP Server Identifier = 192.168.29.1
>        Option: (54) DHCP Server Identifier
>        Length: 4
>        Value: c0a81d01
>    Option: (t=1,l=4) Subnet Mask = 255.255.255.0
>        Option: (1) Subnet Mask
>        Length: 4
>        Value: ffffff00
>    Option: (t=51,l=4) IP Address Lease Time = 1 day
>        Option: (51) IP Address Lease Time
>        Length: 4
>        Value: 00015180
>    Option: (t=3,l=4) Router = 192.168.29.1
>        Option: (3) Router
>        Length: 4
>        Value: c0a81d01
>    Option: (t=6,l=8) Domain Name Server
>        Option: (6) Domain Name Server
>        Length: 8
>        Value: 0808080804020202
>        IP Address: 8.8.8.8
>        IP Address: 4.2.2.2
>    End Option
> 
> 
> ___________________________________________________________________________
> Sent via:    Wireshark-users mailing list <wireshark-users@xxxxxxxxxxxxx>
> Archives:    http://www.wireshark.org/lists/wireshark-users
> Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
>             mailto:wireshark-users-request@xxxxxxxxxxxxx?subject=unsubscribe
Wireshark logo footer

© Wireshark Foundation · Privacy Policy

Facebook·Mastodon·Twitter·YouTube