Ayúdenme a comprender el siguiente tráfico DHCP. He puesto mis comentarios debajo de cada paquete:
15:49:52.968450 d8:0b:9a:15:27:ec > ff:ff:ff:ff:ff:ff, ethertype IPv4 (0x0800), length 590: (tos 0x0, ttl 64, id 0, offset 0, flags [none], proto UDP (17), length 576)
0.0.0.0.68 > 255.255.255.255.67: [udp sum ok] BOOTP/DHCP, Request from d8:0b:9a:15:27:ec, length 548, xid 0x993a7913, secs 1, Flags [none] (0x0000)
Client-Ethernet-Address d8:0b:9a:15:27:ec
Vendor-rfc1048 Extensions
Magic Cookie 0x63825363
DHCP-Message Option 53, length 1: Discover
MSZ Option 57, length 2: 576
Parameter-Request Option 55, length 7:
Default-Gateway, Subnet-Mask, Option 252, NTP
Domain-Name, Domain-Name-Server, Hostname
Client-ID Option 61, length 7: ether d8:0b:9a:15:27:ec
Hostname Option 12, length 16: "client-D7EB"
El cliente está descubriendo...
15:49:52.969227 bc:cf:4f:47:e5:14 > d8:0b:9a:15:27:ec, ethertype IPv4 (0x0800), length 62: (tos 0x0, ttl 64, id 41683, offset 0, flags [DF], proto ICMP (1), length 48)
192.168.128.1 > 192.168.128.75: ICMP echo request, id 40432, seq 0, length 28
El servidor envió un PING (¿por qué? ¿Para saber si el cliente está respondiendo en esta IP?)
15:49:53.000717 bc:cf:4f:47:e5:14 > d8:0b:9a:15:27:ec, ethertype IPv4 (0x0800), length 342: (tos 0x10, ttl 16, id 0, offset 0, flags [none], proto UDP (17), length 328)
192.168.128.1.67 > 192.168.128.75.68: [udp sum ok] BOOTP/DHCP, Reply, length 300, xid 0x993a7913, secs 1, Flags [none] (0x0000)
Your-IP 192.168.128.75
Client-Ethernet-Address d8:0b:9a:15:27:ec
Vendor-rfc1048 Extensions
Magic Cookie 0x63825363
DHCP-Message Option 53, length 1: Offer
Server-ID Option 54, length 4: 192.168.128.1
Lease-Time Option 51, length 4: 7200
Default-Gateway Option 3, length 4: 192.168.128.1
Subnet-Mask Option 1, length 4: 255.255.248.0
Domain-Name Option 15, length 10: "xxxx.local"
Domain-Name-Server Option 6, length 4: 192.168.128.1
El servidor envió una oferta de DHCP.
15:49:53.056204 d8:0b:9a:15:27:ec > 33:33:00:00:00:02, ethertype IPv6 (0x86dd), length 62: (hlim 255, next-header ICMPv6 (58) payload length: 8) :: > ff02::2: [icmp6 sum ok] ICMP6, router solicitation, length 8
No estoy seguro de qué se trata el paquete anterior.
15:49:53.106969 d8:0b:9a:15:27:ec > bc:cf:4f:47:e5:14, ethertype IPv4 (0x0800), length 62: (tos 0x0, ttl 64, id 54777, offset 0, flags [none], proto ICMP (1), length 48)
192.168.128.75 > 192.168.128.1: ICMP echo reply, id 40432, seq 0, length 28
El cliente respondió al PING de antes.
15:49:53.136929 d8:0b:9a:15:27:ec > ff:ff:ff:ff:ff:ff, ethertype IPv4 (0x0800), length 590: (tos 0x0, ttl 64, id 0, offset 0, flags [none], proto UDP (17), length 576)
0.0.0.0.68 > 255.255.255.255.67: [udp sum ok] BOOTP/DHCP, Request from d8:0b:9a:15:27:ec, length 548, xid 0x993a7913, secs 1, Flags [none] (0x0000)
Client-Ethernet-Address d8:0b:9a:15:27:ec
Vendor-rfc1048 Extensions
Magic Cookie 0x63825363
DHCP-Message Option 53, length 1: Request
Requested-IP Option 50, length 4: 192.168.128.75
Server-ID Option 54, length 4: 192.168.128.1
MSZ Option 57, length 2: 576
Parameter-Request Option 55, length 7:
Default-Gateway, Subnet-Mask, Option 252, NTP
Domain-Name, Domain-Name-Server, Hostname
Client-ID Option 61, length 7: ether d8:0b:9a:15:27:ec
Hostname Option 12, length 16: "client-D7EB"
15:49:53.138312 bc:cf:4f:47:e5:14 > d8:0b:9a:15:27:ec, ethertype IPv4 (0x0800), length 342: (tos 0x10, ttl 16, id 0, offset 0, flags [none], proto UDP (17), length 328)
192.168.128.1.67 > 192.168.128.75.68: [udp sum ok] BOOTP/DHCP, Reply, length 300, xid 0x993a7913, secs 1, Flags [none] (0x0000)
Your-IP 192.168.128.75
Client-Ethernet-Address d8:0b:9a:15:27:ec
Vendor-rfc1048 Extensions
Magic Cookie 0x63825363
DHCP-Message Option 53, length 1: ACK
Server-ID Option 54, length 4: 192.168.128.1
Lease-Time Option 51, length 4: 7200
Default-Gateway Option 3, length 4: 192.168.128.1
Subnet-Mask Option 1, length 4: 255.255.248.0
Domain-Name Option 15, length 10: "xxxx.local"
Domain-Name-Server Option 6, length 4: 192.168.128.1
El cliente solicitó la IP 192.168.128.75 y el servidor lo reconoció.
15:49:53.176504 d8:0b:9a:15:27:ec > bc:cf:4f:47:e5:14, ethertype IPv4 (0x0800), length 370: (tos 0xd0, ttl 64, id 54799, offset 0, flags [none], proto ICMP (1), length 356)
192.168.128.75 > 192.168.128.1: ICMP 192.168.128.75 udp port 68 unreachable, length 336
(tos 0x10, ttl 16, id 0, offset 0, flags [none], proto UDP (17), length 328)
Ahora el cliente envió una respuesta ICMP de puerto inalcanzable, ¿por qué? ¿Y a qué paquete es esta la respuesta?
192.168.128.1.67 > 192.168.128.75.68: [udp sum ok] BOOTP/DHCP, Reply, length 300, xid 0x993a7913, secs 1, Flags [none] (0x0000)
Your-IP 192.168.128.75
Client-Ethernet-Address d8:0b:9a:15:27:ec
Vendor-rfc1048 Extensions
Magic Cookie 0x63825363
DHCP-Message Option 53, length 1: ACK
Server-ID Option 54, length 4: 192.168.128.1
Lease-Time Option 51, length 4: 7200
Default-Gateway Option 3, length 4: 192.168.128.1
Subnet-Mask Option 1, length 4: 255.255.248.0
Domain-Name Option 15, length 10: "xxxx.local"
Domain-Name-Server Option 6, length 4: 192.168.128.1
El servidor está enviando el ACK nuevamente... y de aquí en adelante todo se repite una y otra vez.
¿Cuál es la razón para esto?