文档介绍：
Using WireShark for DHCP capture and DNS capture
09212821
09B04


The configuration of the WireShark
The WireShark interface in Linux is as above.
The capture is done in the lab, in an café house as well as in the dorm. The connection to cafe is wireless connection, in the lab the laptop is allocated to a public IP address and in dorm, where it is wired connection, the laptop is allocated to a private IP address, while the router’s IP is .
While with wired connection, the interface selected is eth0,with wireless connection, the interface selected is eth 2.
When capturing DHCP packet, the configuration of capture is as follows:
When capturing DNS message, the configuration is as follows:
The procedure of capture

Click on the third button to While capturing, click the third start capture. button to stop.


DHCP analysis
After input and in cmd ,
,
Release the link and rebuild the link using DHCP protocol.
The five messages that the Wireshark packed are release, discover, offer, request and ACK. It can be inferred from the picture above that the source port number is 68 and the destination port number is 67. And the destination is a DHCP server as well as a router. The server’s IP address is (which is a private IP address used by a router) and the host’s IP address is (which is also a private IP address).
Discover message
The client broadcasts messages on the physical to discover available DHCP servers. Network administrators can configure a local router to forward DHCP packets to a DHCP server from a different . This client-implementation creates a User Datagram Protocol (UDP) packet with the broadcast destination of or the specific broadcast address.
field
value
meaning
Message type
01
from host to server
Transaction ID
an integer
For client to match response
Client IP address

Only field if the client is BOUND,
REVEW, or REBIND, so it’s all 0.
Your IP addres