proxyDHCP Issue
-
@Exig3nci Try setting the maximum packet size via TCPDump to exactly what the error says…
262144
Then after you do a capture with that setting and put the file in the /tftpboot directory, make sure you use binary mode to transfer via TFTP.
You might also try some older versions of WireShark https://www.wireshark.org/download/win32/all-versions/
-
@Wayne-Workman So I have an older version of WireShark (1.10.4) I’ve set tftp in binary mode:
tftp
tftp> binary
Ran this command:
sudo tcpdump -w issue.pcap -i eth0 -c 65535
But I still get the same issue, The packet limit error on WireShark is capped at 65535, but the command in Ubuntu still runs.
Am I doing this correct? I have to break the command with Ctrl+C to get it to stop and it still goes over by many bytes. -
@Wayne-Workman I’m also just trying to run WireShark on my VM nic cards from my Windows 7 machine, think that will work?
-
@Exig3nci said:
@Wayne-Workman I’m also just trying to run WireShark on my VM nic cards from my Windows 7 machine, think that will work?
At this point, it’s worth a shot for sure.
-
@Exig3nci I’ve been thinking, and I think it would be worth the time to try to transfer the pcap file via FTP instead of TFTP just to see if it makes a difference or not.
Can you please place the pcap file inside of your /images directory and then try to get the file following the instructions found here: https://wiki.fogproject.org/wiki/index.php/Troubleshoot_FTP
-
@Wayne-Workman Yeah, still no luck.
Although I got another error message PXE-E32.
What does your tftp-hpa file look like? -
@Exig3nci There is an example here: https://wiki.fogproject.org/wiki/index.php/Troubleshoot_TFTP#Ubuntu:
-
@Wayne-Workman I’ve been following the website you forwarded to me, but I keep getting the 425 error with ftp.
I can exchange files via tftp just fine. I’m able to connect to ftp://ipaddress as well.
I’ve changed both the tftp conf file, the ftp conf file, changed permissions, and firewall is turned off, but I still get the same error.
Any advice? -
None of this is making any sense anymore.
Please check to see if options 066 and 067 are already set on your switches that handle DHCP.
Please check for IP conflicts with your FOG server.
-
@Exig3nci Also,
Please load a Linux Live CD and try DHCPDump. I just found it through some searching and I think that this is exactly what you need to troubleshoot your issue.
http://www.cyberciti.biz/faq/linux-unix-dhcpdump-monitor-dhcp-traffic/
I found this in the WiKi, might be worth looking over… https://wiki.fogproject.org/wiki/index.php/Not_passing_PXE,_or_ProxyDHCP...NO_PROBLEM_Cisco#Original_Issue
-
@Wayne-Workman So I got the issue.pcap file to work. It was a matter of putting
tftp -i 10.10.8.155 get issue.pcap instead of
tftp 10.10.8.155 get issue.pcap (Aiii yaaaa )
I’m not seeing any tftp protocols in the wireshark GUI, I’m assuming that it means my tftp config file isn’t setup properly. -
@Wayne-Workman Also, I was able to get the undionly.0 file through tftp on my windows 7 machine.
-
@Exig3nci said:
@Wayne-Workman So I got the issue.pcap file to work. It was a matter of putting
tftp -i 10.10.8.155 get issue.pcap instead of
tftp 10.10.8.155 get issue.pcap (Aiii yaaaa )
I’m not seeing any tftp protocols in the wireshark GUI, I’m assuming that it means my tftp config file isn’t setup properly.Use the filter found here:
https://wiki.fogproject.org/wiki/index.php/TCPDumpAlso, begin the TCPDump RIGHT BEFORE you turn on the target machine, and end the dump RIGHT AFTER you see the error.
Then examine the pcap file.
-
@Wayne-Workman I’m only getting one piece of info when filtering the mac address:
Am I doing something wrong? -
@Exig3nci Can you try filtering using the target host’s MAC address using this method please?
eth.dst == 00:0C:CC:76:4E:07 || eth.src == 00:0C:CC:76:4E:07
Please replace the MAC with the target host’s MAC.
-
@Wayne-Workman Ah, attention to detail… sorry about that.
I’m assuming I have to look at the first one.
I’m not too sure how to read the packets. -
@Exig3nci Do you only get three packets?? Are you getting this pcap file from the FOG server itself?
-
@Wayne-Workman Yes.
I’m running tcpdump on the Ubuntu vm, getting the file to my host machine through tftp, then opening it in Wireshark, -
@Exig3nci said:
@Wayne-Workman Yes.
I’m running tcpdump on the Ubuntu vm, getting the file to my host machine through tftp, then opening it in Wireshark,If you’re only getting three packets from TCPDump for the entire time that you’re attempting to network boot the target host, then you have a network communications issue with your VM and the target host.
Perhaps it’s a VM configuration, or a switch configuration, a DHCP Helper address configuration, or a DHCP configuration. But something is very wrong somewhere.
You should be seeing TONs of traffic, you should be seeing hundreds of packets.
To further troubleshoot this using TCPDump, we need to see what the target host is doing. For this, you will require a network hub (not a switch, a hub).
Place the hub between the target host and whatever network device it connects to. Then attach a laptop or something to the hub and boot a Live Linux CD on that computer and run TCPDump as you have before. Because the hub replicates all packets to all ports, the extra computer on the hub will be able to see all traffic coming and going to the target host.
If you use a graphical Live Linux distribution, you can even install wireshark directly on it and open the PCAP files right there or alternatively transfer them using a flash drive to a PC with wireshark on it.
Doing this will allow us to see what the client is receiving from DHCP and what - if anything - from dnsmasq.