tcpdump抓包分析vlan和dhcp协议
-- mode: Org; org-download-image-dir: "~/org/notes/images/tcpdump_vlan"; --
tcpdump抓vlan
root@albert:~# tcpdump -i eth0 -nn -v -e vlan 10 # 抓vlan包: tcpdump -i eth0 ether proto 0x8100
vlan [vlan_id] 如果数据包为IEEE802.1Q VLAN 数据包, 则与此对应的条件表达式为真. (nt: IEEE802.1Q VLAN, 即IEEE802.1Q 虚拟网络协议, 此协议用于不同网络的之间的互联). 如果[vlan_id] 被指定, 则只有数据包含有指定的虚拟网络id(vlan_id), 则与此对应的条件表达式为真. 要注意的是, 对于VLAN数据包, 在表达式中遇到的第一个vlan关键字会改变表达式中接下来关键字所对应数据包中数据的 开始位置(即解码偏移). 在VLAN网络体系中过滤数据包时, vlan [vlan_id]表达式可以被多次使用. 关键字vlan每出现一次都会增加 4字节过滤偏移(nt: 过滤偏移, 可理解为上面的解码偏移).
例如: vlan 100 && vlan 200 表示: 过滤封装在VLAN100中的VLAN200网络上的数据包 再例如: vlan && vlan 300 && ip 表示: 过滤封装在VLAN300 网络中的IPv4数据包, 而VLAN300网络又被更外层的VLAN封装
tcpdump抓dhcp
使用tcpdump抓取DHCP包tcpdump -i eth0 -s 0 -c 4 'udp and port 67 and port 68' -w dhcp.pcap4
tcpdump -i eth0 'udp and port 67 and port 68' -nn -v
居然抓到了mate9连ac68u的包
tcpdump: listening on eth0, link-type EN10MB (Ethernet), capture size 262144 bytes
20:46:13.567389 IP (tos 0x10, ttl 64, id 0, offset 0, flags [DF], proto UDP (17), length 350)
0.0.0.0.68 > 255.255.255.255.67: BOOTP/DHCP, Request from 04:4f:4c:d9:b8:c8, length 322, xid 0x116da911, Flags [none]
Client-Ethernet-Address 04:4f:4c:d9:b8:c8
Vendor-rfc1048 Extensions
Magic Cookie 0x63825363
DHCP-Message Option 53, length 1: Request
Client-ID Option 61, length 7: ether 04:4f:4c:d9:b8:c8
Requested-IP Option 50, length 4: 192.168.1.170
MSZ Option 57, length 2: 1500
Vendor-Class Option 60, length 18: "HUAWEI:android:MHA"
Hostname Option 12, length 25: "HUAWEI_Mate_9-3ca1553cfc3"
Parameter-Request Option 55, length 10:
Subnet-Mask, Default-Gateway, Domain-Name-Server, Domain-Name
MTU, BR, Lease-Time, RN
RB, Vendor-Option
检查mate9无法dhcp获取地址的问题,我应该抓vlan20的包,而不是vlan10的
tcpdump -i eth0 -nn -v -e vlan 10 and port not 22 and host not 192.168.1.63 and port not 80 and udp
tcpdump -i eth0 -nn -v -e vlan 20
在kvm中的openwrt上看见的log,为什么是到了vlan10呢? 应该是vlan20才对啊 Sun Aug 11 21:25:15 2019 daemon.warn dnsmasq-dhcp[1771]: no address range available for DHCP request via eth1 Sun Aug 11 21:25:15 2019 daemon.warn dnsmasq-dhcp[1771]: no address range available for DHCP request via eth1 Sun Aug 11 21:27:25 2019 daemon.warn dnsmasq-dhcp[1771]: no address range available for DHCP request via eth1 Sun Aug 11 21:27:25 2019 daemon.warn dnsmasq-dhcp[1771]: no address range available for DHCP request via eth1
root@albert:~# tcpdump -i eth0 -nn -v -e udp and port 67 and port 68
tcpdump: listening on eth0, link-type EN10MB (Ethernet), capture size 262144 bytes
21:27:25.829838 04:4f:4c:d9:b8:c8 > ff:ff:ff:ff:ff:ff, ethertype 802.1Q (0x8100), length 368: vlan 10, p 0, ethertype IPv4, (tos 0x10, ttl 64, id 0, offset 0, flags [DF], proto UDP (17), length 350)
0.0.0.0.68 > 255.255.255.255.67: BOOTP/DHCP, Request from 04:4f:4c:d9:b8:c8, length 322, xid 0x13d545f, Flags [none]
Client-Ethernet-Address 04:4f:4c:d9:b8:c8
Vendor-rfc1048 Extensions
Magic Cookie 0x63825363
DHCP-Message Option 53, length 1: Request
Client-ID Option 61, length 7: ether 04:4f:4c:d9:b8:c8
Requested-IP Option 50, length 4: 192.168.1.170
MSZ Option 57, length 2: 1500
Vendor-Class Option 60, length 18: "HUAWEI:android:MHA"
Hostname Option 12, length 25: "HUAWEI_Mate_9-3ca1553cfc3"
Parameter-Request Option 55, length 10:
Subnet-Mask, Default-Gateway, Domain-Name-Server, Domain-Name
MTU, BR, Lease-Time, RN
RB, Vendor-Option
https://blog.csdn.net/liangdsing/article/details/62881132 openwrt之dhcp客户端是如何设置端口ip地址的 其实是wan口用dhcp时,wan口是如何获取ip地址的。
tplink 703n连到ar750s上去后ok了,从eth0 br-lan上获取到了192.168.9.x的ip
Sun Aug 11 21:47:15 2019 daemon.info dnsmasq-dhcp[1771]: DHCPDISCOVER(br-lan) 5c:63:bf:d8:e1:de Sun Aug 11 21:47:15 2019 daemon.info dnsmasq-dhcp[1771]: DHCPOFFER(br-lan) 192.168.9.225 5c:63:bf:d8:e1:de Sun Aug 11 21:47:15 2019 daemon.info dnsmasq-dhcp[1771]: DHCPDISCOVER(br-lan) 5c:63:bf:d8:e1:de Sun Aug 11 21:47:15 2019 daemon.info dnsmasq-dhcp[1771]: DHCPOFFER(br-lan) 192.168.9.225 5c:63:bf:d8:e1:de Sun Aug 11 21:47:15 2019 daemon.info dnsmasq-dhcp[1771]: DHCPREQUEST(br-lan) 192.168.9.225 5c:63:bf:d8:e1:de Sun Aug 11 21:47:15 2019 daemon.info dnsmasq-dhcp[1771]: DHCPACK(br-lan) 192.168.9.225 5c:63:bf:d8:e1:de
无线局域网适配器 WLAN:
连接特定的 DNS 后缀 . . . . . . . : lan 本地链接 IPv6 地址. . . . . . . . : fe80::3d99:34d7:48cb:9dc1%13 IPv4 地址 . . . . . . . . . . . . : 192.168.3.101 子网掩码 . . . . . . . . . . . . : 255.255.255.0 默认网关. . . . . . . . . . . . . : 192.168.3.1
root@OpenWrt:~# ip route default via 192.168.9.1 dev eth0 src 192.168.9.225 192.168.3.0/24 dev br-lan src 192.168.3.1 192.168.9.0/24 dev eth0 src 192.168.9.225 192.168.9.1 dev eth0 src 192.168.9.225 root@OpenWrt:~# ping 192.168.9.1 PING 192.168.9.1 (192.168.9.1): 56 data bytes 64 bytes from 192.168.9.1: seq=0 ttl=64 time=1.366 ms 64 bytes from 192.168.9.1: seq=1 ttl=64 time=1.461 ms ^C --- 192.168.9.1 ping statistics --- 2 packets transmitted, 2 packets received, 0% packet loss round-trip min/avg/max = 1.366/1.413/1.461 ms root@OpenWrt:~# ping www.baidu.com PING www.baidu.com (61.135.169.121): 56 data bytes ^C --- www.baidu.com ping statistics --- 7 packets transmitted, 0 packets received, 100% packet loss root@OpenWrt:~# traceroute www.baidu.com traceroute to www.baidu.com (61.135.169.125), 30 hops max, 38 byte packets 1 192.168.9.1 (192.168.9.1) 1.170 ms 0.971 ms 0.546 ms 2 192.168.9.1 (192.168.9.1) 0.547 ms 0.750 ms * root@OpenWrt:~# traceroute 192.168.1.1 traceroute to 192.168.1.1 (192.168.1.1), 30 hops max, 38 byte packets 1 192.168.9.1 (192.168.9.1) 1.566 ms 1.107 ms 0.851 ms 2 192.168.9.1 (192.168.9.1) 0.876 ms 0.636 ms 0.599 ms root@OpenWrt:~# ping www.sina.com PING www.sina.com (60.215.128.247): 56 data bytes ^C --- www.sina.com ping statistics --- 2 packets transmitted, 0 packets received, 100% packet loss root@OpenWrt:~# ip a 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN qlen 1 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo valid_lft forever preferred_lft forever inet6 ::1/128 scope host valid_lft forever preferred_lft forever 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP qlen 1000 link/ether 5c:63:bf:d8:e1:de brd ff:ff:ff:ff:ff:ff inet 192.168.9.225/24 brd 192.168.9.255 scope global eth0 valid_lft forever preferred_lft forever inet6 fe80::5e63:bfff:fed8:e1de/64 scope link valid_lft forever preferred_lft forever 4: br-lan: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP qlen 1000 link/ether 5c:63:bf:d8:e1:de brd ff:ff:ff:ff:ff:ff inet 192.168.3.1/24 brd 192.168.3.255 scope global br-lan valid_lft forever preferred_lft forever inet6 fe80::5e63:bfff:fed8:e1de/64 scope link valid_lft forever preferred_lft forever 5: wlan0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master br-lan state UP qlen 1000 link/ether 5c:63:bf:d8:e1:de brd ff:ff:ff:ff:ff:ff inet6 fe80::5e63:bfff:fed8:e1de/64 scope link valid_lft forever preferred_lft forever root@OpenWrt:~# ip rule 0: from all lookup local 32766: from all lookup main 32767: from all lookup default root@OpenWrt:~# ip route default via 192.168.9.1 dev eth0 src 192.168.9.225 192.168.3.0/24 dev br-lan src 192.168.3.1 192.168.9.0/24 dev eth0 src 192.168.9.225 192.168.9.1 dev eth0 src 192.168.9.225 root@OpenWrt:~# ping 192.168.9.2 PING 192.168.9.2 (192.168.9.2): 56 data bytes 64 bytes from 192.168.9.2: seq=0 ttl=64 time=0.801 ms ^C --- 192.168.9.2 ping statistics --- 1 packets transmitted, 1 packets received, 0% packet loss round-trip min/avg/max = 0.801/0.801/0.801 ms root@OpenWrt:~# ping 192.168.1.1 PING 192.168.1.1 (192.168.1.1): 56 data bytes ^C --- 192.168.1.1 ping statistics --- 2 packets transmitted, 0 packets received, 100% packet loss root@OpenWrt:~# traceroute 192.168.1.1 traceroute to 192.168.1.1 (192.168.1.1), 30 hops max, 38 byte packets 1 192.168.9.1 (192.168.9.1) 1.698 ms 1.292 ms 1.223 ms 2 192.168.9.1 (192.168.9.1) 0.869 ms 1.197 ms 0.655 ms root@OpenWrt:~# traceroute 192.168.4.1 traceroute to 192.168.4.1 (192.168.4.1), 30 hops max, 38 byte packets 1 192.168.9.1 (192.168.9.1) 1.537 ms 0.902 ms 0.688 ms 2 192.168.9.1 (192.168.9.1) 1.037 ms 0.628 ms 0.831 ms
hp笔记本连接到广联 AR750s
无线局域网适配器 WLAN:
连接特定的 DNS 后缀 . . . . . . . : 本地链接 IPv6 地址. . . . . . . . : fe80::3d99:34d7:48cb:9dc1%13 IPv4 地址 . . . . . . . . . . . . : 192.168.1.173 子网掩码 . . . . . . . . . . . . : 255.255.255.0 默认网关. . . . . . . . . . . . . : 192.168.1.1
dhclient
- 释放ip命令
- dhclient eth1 -r -v
- 获取ip命令
- dhclient eth1 -v dhclient lo -v # loopback接口是没法获取dhcp ip的
[已解决]OpenWrt的DHCP如何指定客户端获得的网关地址?
https://www.right.com.cn/forum/forum.php?mod=viewthread&tid=355909
以网关地址为192.168.1.1为例:
网络-接口-编辑(Lan)-DHCP服务器-高级设置-DHCP选项:增加一条:
3,192.168.1.1
复制代码
或者直接修改 /etc/config/DHCP 文件,在
config dhcp 'lan'
复制代码 后增加一行:
list dhcp_option '3,192.168.1.1'
这里开始 virsh install安装openwrt x64.img
[sudo] password for albert: WARNING No operating system detected, VM performance may suffer. Specify an OS with --os-variant for optimal results. Starting install... Domain creation completed. You can restart your domain by running: virsh --connect qemu:///system start openwrt albert@albert:~/openwrt$ albert@albert:~/openwrt$ sudo virsh list Id Name State ---------------------------------------------------- albert@albert:~/openwrt$ sudo virsh start openwrt Domain openwrt started albert@albert:~/openwrt$ albert@albert:~/openwrt$ sudo virsh list Id Name State ---------------------------------------------------- 2 openwrt running albert@albert:~/openwrt$ sudo virt-manager virsh list --all
ip addr add 192.168.10.1/24 dev eth0
kvm bridge vlan
https://www.cnblogs.com/wanglm/articles/5766701.html
关闭Linux bridge的防火墙 添加下面几个参数到 文件 /etc/sysctl.conf中
kvm
