proxyDHCP Issue
-
https://ask.wireshark.org/questions/8931/capture-file-appears-to-be-damaged-or-corrupt
Maybe the issue is tftp defaulting to ASCII? Can you try transfering it with WinSCP?
Or try using binary mode?
tftp -i x.x.x.x get issue.pcap
From: https://technet.microsoft.com/en-us/library/Ff698993.aspx?f=255&MSPPError=-2147217396
-
@cml I tested that this works in Win 7 and have updated the “Troubleshoot TFTP” article to reflect binary only.
-
@Wayne-Workman thanks for the updated
@cml I’ve followed that step, but I still get the same issue. -
@Exig3nci Try setting the maximum packet size via TCPDump to exactly what the error says…
262144
Then after you do a capture with that setting and put the file in the /tftpboot directory, make sure you use binary mode to transfer via TFTP.
You might also try some older versions of WireShark https://www.wireshark.org/download/win32/all-versions/
-
@Wayne-Workman So I have an older version of WireShark (1.10.4) I’ve set tftp in binary mode:
tftp
tftp> binary
Ran this command:
sudo tcpdump -w issue.pcap -i eth0 -c 65535
But I still get the same issue, The packet limit error on WireShark is capped at 65535, but the command in Ubuntu still runs.
Am I doing this correct? I have to break the command with Ctrl+C to get it to stop and it still goes over by many bytes. -
@Wayne-Workman I’m also just trying to run WireShark on my VM nic cards from my Windows 7 machine, think that will work?
-
@Exig3nci said:
@Wayne-Workman I’m also just trying to run WireShark on my VM nic cards from my Windows 7 machine, think that will work?
At this point, it’s worth a shot for sure.
-
@Exig3nci I’ve been thinking, and I think it would be worth the time to try to transfer the pcap file via FTP instead of TFTP just to see if it makes a difference or not.
Can you please place the pcap file inside of your /images directory and then try to get the file following the instructions found here: https://wiki.fogproject.org/wiki/index.php/Troubleshoot_FTP
-
@Wayne-Workman Yeah, still no luck.
Although I got another error message PXE-E32.
What does your tftp-hpa file look like? -
@Exig3nci There is an example here: https://wiki.fogproject.org/wiki/index.php/Troubleshoot_TFTP#Ubuntu:
-
@Wayne-Workman I’ve been following the website you forwarded to me, but I keep getting the 425 error with ftp.
I can exchange files via tftp just fine. I’m able to connect to ftp://ipaddress as well.
I’ve changed both the tftp conf file, the ftp conf file, changed permissions, and firewall is turned off, but I still get the same error.
Any advice? -
None of this is making any sense anymore.
Please check to see if options 066 and 067 are already set on your switches that handle DHCP.
Please check for IP conflicts with your FOG server.
-
@Exig3nci Also,
Please load a Linux Live CD and try DHCPDump. I just found it through some searching and I think that this is exactly what you need to troubleshoot your issue.
http://www.cyberciti.biz/faq/linux-unix-dhcpdump-monitor-dhcp-traffic/
I found this in the WiKi, might be worth looking over… https://wiki.fogproject.org/wiki/index.php/Not_passing_PXE,_or_ProxyDHCP...NO_PROBLEM_Cisco#Original_Issue
-
@Wayne-Workman So I got the issue.pcap file to work. It was a matter of putting
tftp -i 10.10.8.155 get issue.pcap instead of
tftp 10.10.8.155 get issue.pcap (Aiii yaaaa )
I’m not seeing any tftp protocols in the wireshark GUI, I’m assuming that it means my tftp config file isn’t setup properly. -
@Wayne-Workman Also, I was able to get the undionly.0 file through tftp on my windows 7 machine.
-
@Exig3nci said:
@Wayne-Workman So I got the issue.pcap file to work. It was a matter of putting
tftp -i 10.10.8.155 get issue.pcap instead of
tftp 10.10.8.155 get issue.pcap (Aiii yaaaa )
I’m not seeing any tftp protocols in the wireshark GUI, I’m assuming that it means my tftp config file isn’t setup properly.Use the filter found here:
https://wiki.fogproject.org/wiki/index.php/TCPDumpAlso, begin the TCPDump RIGHT BEFORE you turn on the target machine, and end the dump RIGHT AFTER you see the error.
Then examine the pcap file.
-
@Wayne-Workman I’m only getting one piece of info when filtering the mac address:
Am I doing something wrong? -
@Exig3nci Can you try filtering using the target host’s MAC address using this method please?
eth.dst == 00:0C:CC:76:4E:07 || eth.src == 00:0C:CC:76:4E:07
Please replace the MAC with the target host’s MAC.
-
@Wayne-Workman Ah, attention to detail… sorry about that.
I’m assuming I have to look at the first one.
I’m not too sure how to read the packets. -
@Exig3nci Do you only get three packets?? Are you getting this pcap file from the FOG server itself?