\documentclass{ictlab}

\RCS $Revision: 1.0 $

\usepackage{verbatim,key,alltt,amstext,amsmath,answer2}
\usepackage[hang,bf,nooneline]{caption2}
\usepackage[pdfpagemode=None,pdfauthor={Nick Urbanik}]{hyperref}
%\renewcommand*{\subject}{Workshop Series}
\newcommand*{\labTitle}{%
  DHCP and \texttt{tcpdump}}
\providecommand*{\BGP}{\acro{BGP}\xspace}
\providecommand*{\IOS}{\acro{IOS}\xspace}
\providecommand*{\KDE}{\acro{KDE}\xspace}
\providecommand*{\VTI}{\acro{VTI}\xspace}

 
\begin{document}
\Large

\section{Background}
\label{sec:background}

The format of \DHCP packets was established with \RFC 951 for the
\emph{bootstrap protocol}, or \emph{bootp}.  \DHCP was made to be
backwardly compatible with the bootp protocol so that the
infrastructure of bootp relay agents on routers would not need to be
replaced.  The \DHCP extensions to bootp are bootp \emph{options}.
Table~\vref{tab:message-fields} shows the names of the fields in the
fixed-format part of a \DHCP message.

%% \begin{table}[htb]
%%   %\begin{tabularx}{0.6\linewidth}[t]{|C|}
%%   \begin{tabular}[t]{|p{6cm}|}
%%     \multicolumn{1}{lrlrlrlr}{0 & 7 & 8 & 15 & 16 & 23 & 24 & 31}\\
%%     \hrule%
%%     \multicolumn{1}{|c|c|c|c|}{op & htype & hlen & hops}\\
%%     \hrule%
%%     xid \\
%%     \hrule%
%%     \multicolumn{1}{|c|c|}{secs & flags}  \\
%%     \hrule%
%%      claddr   \\
%%     \hrule%
%%     siaddr \\
%%     \hrule%
%%     giaddr \\
%%     \hrule%
%%     chaddr (16 bytes) \\
%%     \hrule%
%%     sname (64 bytes) \\
%%     \hrule%
%%     file (128 bytes) \\
%%     \hrule%
%%     options (variable size) \\
%%     \hrule%
%%   \end{tabular}
%%   \caption{The fields in the fixed-format section of a \DHCP message.}
%%   \label{tab:dhcp-fixed-fields}
%% \end{table}

\begin{table}[htb]
  \large
  \begin{tabularx}{\linewidth}[t]{@{}>{\ttfamily}lY@{}}
    \toprule%
    \textnormal{\textbf{Field}} & \textbf{Description}\\
    \midrule%
    op & Message operation code: 1 in message from client, 2 in
    message from server\\
    htype & Link-layer address type from \RFC 1700.  For Ethernet,
    \texttt{htype} is 1.\\
    hlen & Link-layer address length, in bytes. (number of bytes in
    \texttt{chaddr} field)\\
    hops & Number of relay agents that have forwarded this message.\\
    xid & \emph{Transaction identifier}; used by clients to match responses
    from servers with previously transmitted requests. \\
    secs & Number of seconds since client began \DHCP transaction \\
    flags & Least significant bit is set to 1 to indicate messages to
    client must be broadcast \\
    ciaddr & Client's \IP address, set by client after reaches
    \texttt{BOUND} state (i.e., address is valid)\\
    yiaddr & Client's \IP address, set by server to inform client of
    its address (``your'' \IP addresss)\\
    siaddr & \IP address of the next server for the client to use
    (i.e., for the client to download an operating system kernel using
    \texttt{tftp}) \\
    giaddr & Relay agent (or ``gateway'') \IP address: relay agent
    fills this in with the address of the interface through which it
    received the \DHCP message\\
    chaddr & Client's link layer address (i.e., on our \LAN, the
    Ethernet address) \\
    sname & Name of the next server for client to use in the
    configuration process \\
    file & filename the client should request from the next server
    (i.e., an operating system kernel, or kickstart file)\\
    \bottomrule
  \end{tabularx}
  \caption{\DHCP Message fields}
  \label{tab:message-fields}
\end{table}

\section{\texttt{tcpdump} and DHCP}
\label{sec:tcpdump-dhcp}

The manual page for thge current version of \texttt{tcpdump} (version
3.7.1; an \RPM is available from our server) unfortunately does not
explain the detail of all the fields in the \DHCP protocol.  To
understand them all, it is necessary to look at the source.  Here is
my summary after reading \texttt{$\sim$/RPM/\allowbreak
  BUILD/\allowbreak tcpdump-3.7.1/\allowbreak
  tcpdump-3.7.1/\allowbreak print-bootp.c}.

\begin{figure}[htb]
  \centering%
  %\includegraphics[scale=0.5]{dhcp-client-state-diagram-cropped}
  \includegraphics[width=0.82\linewidth]{dhcp-client-state-diagram}
  \caption{A state diagram showing states of a \DHCP client.  Note
    that $T$ is the lease time, $T\mathit{1} = \frac{T}{2}$,
    $T\mathit{2} = \frac{7T}{8}$.  See also
    table~\vref{tab:dhcp-messages} from the \DHCP \RFC 2131
    (available in full at
    \texttt{/home\allowbreak/nfs\allowbreak/ietf\allowbreak
      /rcf\allowbreak/rfc2131\allowbreak.txt}), which sumarises
    \DHCP messages.}
  \label{fig:dhcp-client-state-diagram}
\end{figure}

\begin{table}[htb]
  \Large
  \begin{tabular}[t]{@{}>{\ttfamily}l>{\ttfamily}ll@{}}
    \toprule%
    \textnormal{\textbf{Field}} &
    \textnormal{\textbf{\texttt{printf()} format in \texttt{tcpdump}}} & \textbf{short desc.} \\
    \midrule%
    htype & " htype-\#\%d" & length of link-layer address \\
    hops & " hops:\%d" & number of relay agents  \\
    xid & " xid:0x\%x"  & transaction \ID \\
    secs & " secs:\%d" & seconds since sesssion started \\
    flags & " flags:0x\%x" & \LSb is broadcast flag \\
    ciaddr & " C:\%s" & Client's ip address  \\
    yiaddr & " Y:\%s" & `your' ip address (bootp client) \\
    siaddr & " S:\%s" & Server's ip address  \\
    giaddr & " G:\%s" & Gateway's ip address \\
    chaddr & " ether \%s" & Ethernet address \\
    sname & sname "\meta{servername}" & name of next server \\
    file & file "\meta{filename}" & file name to download \\
    & SM & Subnet mask \\
    & DG & Default gateway \\
    & TS & Time server \\
    & NS & Name servers \\
    & HN & Host name \\
    & DN & Domain name \\
    \bottomrule%
  \end{tabular}
  \caption{How tcpdump represents various \DHCP fields.}
  \label{tab:tcpdump-dhcp-manual}
\end{table}

\bigskip

  \begin{table}[htb]
    \begin{tabularx}{\linewidth}[t]{@{}>{\ttfamily}l@{\hspace{2ex}---\hspace{2ex}}X@{}}
\toprule%
\multicolumn{1}{@{}l}{\textbf{Message}} &         \textbf{Use}\\
\midrule%
   DHCPDISCOVER &  Client broadcast to locate available servers.\\
%
   DHCPOFFER    &  Server to client in response to \texttt{DHCPDISCOVER} with
                   offer of configuration parameters.\\
%
   DHCPREQUEST  &  Client message to servers either (a) requesting
                   offered parameters from one server and implicitly
                   declining offers from all others, (b) confirming
                   correctness of previously allocated address after,
                   e.g., system reboot, or (c) extending the lease on a
                   particular network address.\\
%
   DHCPACK      &  Server to client with configuration parameters,
                   including committed network address.\\
%
   DHCPNAK      &  Server to client indicating client's notion of network
                   address is incorrect (e.g., client has moved to new
                   subnet) or client's lease as expired\\
%
   DHCPDECLINE  &  Client to server indicating network address is already
                   in use.\\
%
   DHCPRELEASE  &  Client to server relinquishing network address and
                   cancelling remaining lease.\\
%
   DHCPINFORM   &  Client to server, asking only for local configuration
                   parameters; client already has externally configured
                   network address.\\
                   \bottomrule%
    \end{tabularx}
    \caption{DHCP Messages: this is ``table 2'' from \RFC 2131; the
      \RFC is available in full from \texttt{ictlab} at
      \texttt{/home\allowbreak
        /nfs\allowbreak
        /ietf\allowbreak/rcf\allowbreak/rfc2131\allowbreak.txt}.}
    \label{tab:dhcp-messages}
  \end{table}
\end{document}