Code: Alles auswählen
root@hoas:/var# tcpdump -i ens3 udp port 67 and port 68 -vvv
tcpdump: listening on ens3, link-type EN10MB (Ethernet), snapshot length 262144 bytes
10:15:56.974704 IP (tos 0x0, ttl 64, id 40661, offset 0, flags [DF], proto UDP (17), length 328)
192.168.9.13.bootpc > 192.168.9.254.bootps: [bad udp cksum 0x95a1 -> 0x3be5!] BOOTP/DHCP, Request from 52:54:00:37:1b:3b (oui Unknown), length 300, xid 0xe8ffe55e, Flags [none] (0x0000)
Client-IP 192.168.9.13
Client-Ethernet-Address 52:54:00:37:1b:3b (oui Unknown)
Vendor-rfc1048 Extensions
Magic Cookie 0x63825363
DHCP-Message (53), length 1: Release
Server-ID (54), length 4: 192.168.9.254
Hostname (12), length 4: "hoas"
Client-ID (61), length 19: hardware-type 255, 00:37:1b:3b:00:01:00:01:2c:25:d2:87:52:54:00:37:1b:3b
END (255), length 0
PAD (0), length 0, occurs 23
10:15:57.231880 IP (tos 0x10, ttl 128, id 0, offset 0, flags [none], proto UDP (17), length 328)
0.0.0.0.bootpc > 255.255.255.255.bootps: [udp sum ok] BOOTP/DHCP, Request from 52:54:00:37:1b:3b (oui Unknown), length 300, xid 0xfa84506e, Flags [none] (0x0000)
Client-Ethernet-Address 52:54:00:37:1b:3b (oui Unknown)
Vendor-rfc1048 Extensions
Magic Cookie 0x63825363
DHCP-Message (53), length 1: Discover
Requested-IP (50), length 4: 192.168.9.13
Hostname (12), length 4: "hoas"
Parameter-Request (55), length 13:
Subnet-Mask (1), BR (28), Time-Zone (2), Default-Gateway (3)
Domain-Name (15), Domain-Name-Server (6), Unknown (119), Hostname (12)
Netbios-Name-Server (44), Netbios-Scope (47), MTU (26), Classless-Static-Route (121)
NTP (42)
Client-ID (61), length 19: hardware-type 255, 00:37:1b:3b:00:01:00:01:2c:25:d2:87:52:54:00:37:1b:3b
END (255), length 0
PAD (0), length 0, occurs 8
10:15:57.232530 IP (tos 0x10, ttl 128, id 0, offset 0, flags [none], proto UDP (17), length 366)
192.168.9.254.bootps > 192.168.9.13.bootpc: [udp sum ok] BOOTP/DHCP, Reply, length 338, xid 0xfa84506e, Flags [none] (0x0000)
Your-IP 192.168.9.13
Client-Ethernet-Address 52:54:00:37:1b:3b (oui Unknown)
Vendor-rfc1048 Extensions
Magic Cookie 0x63825363
DHCP-Message (53), length 1: Offer
Server-ID (54), length 4: 192.168.9.254
Lease-Time (51), length 4: 7200
Subnet-Mask (1), length 4: 255.255.255.0
Default-Gateway (3), length 4: 192.168.9.254
Domain-Name (15), length 8: "domain.de"
Domain-Name-Server (6), length 8: 192.168.9.254,dns2.domain.de
Unknown (119), length 32: 90926693,1650590308,1694503777,1802858613,1852535925,1919971937,2020176685,1851965446
Hostname (12), length 4: "hoas"
NTP (42), length 8: dns2.domain.de,192.168.9.254
END (255), length 0
10:15:57.232677 IP (tos 0x10, ttl 128, id 0, offset 0, flags [none], proto UDP (17), length 328)
0.0.0.0.bootpc > 255.255.255.255.bootps: [udp sum ok] BOOTP/DHCP, Request from 52:54:00:37:1b:3b (oui Unknown), length 300, xid 0xfa84506e, Flags [none] (0x0000)
Client-Ethernet-Address 52:54:00:37:1b:3b (oui Unknown)
Vendor-rfc1048 Extensions
Magic Cookie 0x63825363
DHCP-Message (53), length 1: Request
Server-ID (54), length 4: 192.168.9.254
Requested-IP (50), length 4: 192.168.9.13
Hostname (12), length 4: "hoas"
Parameter-Request (55), length 13:
Subnet-Mask (1), BR (28), Time-Zone (2), Default-Gateway (3)
Domain-Name (15), Domain-Name-Server (6), Unknown (119), Hostname (12)
Netbios-Name-Server (44), Netbios-Scope (47), MTU (26), Classless-Static-Route (121)
NTP (42)
Client-ID (61), length 19: hardware-type 255, 00:37:1b:3b:00:01:00:01:2c:25:d2:87:52:54:00:37:1b:3b
END (255), length 0
PAD (0), length 0, occurs 2
10:15:57.233063 IP (tos 0x10, ttl 128, id 0, offset 0, flags [none], proto UDP (17), length 366)
192.168.9.254.bootps > 192.168.9.13.bootpc: [udp sum ok] BOOTP/DHCP, Reply, length 338, xid 0xfa84506e, Flags [none] (0x0000)
Your-IP 192.168.9.13
Client-Ethernet-Address 52:54:00:37:1b:3b (oui Unknown)
Vendor-rfc1048 Extensions
Magic Cookie 0x63825363
DHCP-Message (53), length 1: ACK
Server-ID (54), length 4: 192.168.9.254
Lease-Time (51), length 4: 7200
Subnet-Mask (1), length 4: 255.255.255.0
Default-Gateway (3), length 4: 192.168.9.254
Domain-Name (15), length 8: "domain.de"
Domain-Name-Server (6), length 8: 192.168.9.254,dns2.domain.de
Unknown (119), length 32: 90926693,1650590308,1694503777,1802858613,1852535925,1919971937,2020176685,1851965446
Hostname (12), length 4: "hoas"
NTP (42), length 8: dns2.domain.de,192.168.9.254
END (255), length 0
Das einzige, was mir auffällt ist, dass er nur eine IP auflöst (die zu dns2.domain.de), die andere aber auf der IP belässt und nicht auflöst. Starte ich tcpdump mit "-n", sind beide als IP gelistet. Ist also eher ein tcpdump-Problem.
Und hier noch die Ausgabe von nmap, auch hier werden die DNS-Server übermittelt: