proxyDHCP Issue
-
@Exig3nci Also,
Please load a Linux Live CD and try DHCPDump. I just found it through some searching and I think that this is exactly what you need to troubleshoot your issue.
http://www.cyberciti.biz/faq/linux-unix-dhcpdump-monitor-dhcp-traffic/
I found this in the WiKi, might be worth looking over… https://wiki.fogproject.org/wiki/index.php/Not_passing_PXE,_or_ProxyDHCP...NO_PROBLEM_Cisco#Original_Issue
-
@Wayne-Workman So I got the issue.pcap file to work. It was a matter of putting
tftp -i 10.10.8.155 get issue.pcap instead of
tftp 10.10.8.155 get issue.pcap (Aiii yaaaa )
I’m not seeing any tftp protocols in the wireshark GUI, I’m assuming that it means my tftp config file isn’t setup properly. -
@Wayne-Workman Also, I was able to get the undionly.0 file through tftp on my windows 7 machine.
-
@Exig3nci said:
@Wayne-Workman So I got the issue.pcap file to work. It was a matter of putting
tftp -i 10.10.8.155 get issue.pcap instead of
tftp 10.10.8.155 get issue.pcap (Aiii yaaaa )
I’m not seeing any tftp protocols in the wireshark GUI, I’m assuming that it means my tftp config file isn’t setup properly.Use the filter found here:
https://wiki.fogproject.org/wiki/index.php/TCPDumpAlso, begin the TCPDump RIGHT BEFORE you turn on the target machine, and end the dump RIGHT AFTER you see the error.
Then examine the pcap file.
-
@Wayne-Workman I’m only getting one piece of info when filtering the mac address:
Am I doing something wrong? -
@Exig3nci Can you try filtering using the target host’s MAC address using this method please?
eth.dst == 00:0C:CC:76:4E:07 || eth.src == 00:0C:CC:76:4E:07
Please replace the MAC with the target host’s MAC.
-
@Wayne-Workman Ah, attention to detail… sorry about that.
I’m assuming I have to look at the first one.
I’m not too sure how to read the packets. -
@Exig3nci Do you only get three packets?? Are you getting this pcap file from the FOG server itself?
-
@Wayne-Workman Yes.
I’m running tcpdump on the Ubuntu vm, getting the file to my host machine through tftp, then opening it in Wireshark, -
@Exig3nci said:
@Wayne-Workman Yes.
I’m running tcpdump on the Ubuntu vm, getting the file to my host machine through tftp, then opening it in Wireshark,If you’re only getting three packets from TCPDump for the entire time that you’re attempting to network boot the target host, then you have a network communications issue with your VM and the target host.
Perhaps it’s a VM configuration, or a switch configuration, a DHCP Helper address configuration, or a DHCP configuration. But something is very wrong somewhere.
You should be seeing TONs of traffic, you should be seeing hundreds of packets.
To further troubleshoot this using TCPDump, we need to see what the target host is doing. For this, you will require a network hub (not a switch, a hub).
Place the hub between the target host and whatever network device it connects to. Then attach a laptop or something to the hub and boot a Live Linux CD on that computer and run TCPDump as you have before. Because the hub replicates all packets to all ports, the extra computer on the hub will be able to see all traffic coming and going to the target host.
If you use a graphical Live Linux distribution, you can even install wireshark directly on it and open the PCAP files right there or alternatively transfer them using a flash drive to a PC with wireshark on it.
Doing this will allow us to see what the client is receiving from DHCP and what - if anything - from dnsmasq.