Ferramentas do usuário

Ferramentas do site


infra-estrutura:linux:monitoramento_dhcp

Monitorar servidores DHCP rodando em sistema operacional Linux

Nem muitos conhecem mas o dhcp para Linux tem ferramentas para monitoramento do próprio dhcp, sem mais delongas ja vou mostrar a primeira.

DHCP-LEASE-LIST

Exibe a listagem de equipamento que pegaram ip do servidor dhcp. Nem muito sabem mas este comando esta na pasta contrib dos fontes do software dhcp para Linux. Abaixo segue um exemplo

root@agamenon:~# /home/freewaynet/dhcp-4.4.1/contrib/dhcp-lease-list.pl
To get manufacturer names please download http://standards.ieee.org/regauth/oui/oui.txt to /usr/local/etc/oui.txt
Reading leases from /var/lib/dhcp/dhcpd.leases
MAC                IP              hostname       valid until         manufacturer        
===============================================================================================
00:0c:29:81:60:38  192.168.1.122   ariel          2018-07-04 14:22:25 -NA-                
00:15:65:8f:af:d4  192.168.1.136   SIP-T21P       2018-07-04 14:21:56 -NA-                
00:b3:62:b9:77:1f  192.168.1.84    iPhonedCarolin 2018-07-04 15:47:08 -NA-                
20:47:47:fc:f5:ea  192.168.1.95    isadora        2018-07-04 14:22:43 -NA-                
7c:8b:ca:00:96:aa  192.168.1.139   projetos       2018-07-04 14:22:17 -NA-                
84:38:38:ff:4a:b2  192.168.1.90    android-52f133 2018-07-04 14:22:05 -NA-                
84:7b:eb:fc:9f:dd  192.168.1.149   comercial1     2018-07-04 14:21:41 -NA-                
84:ef:18:56:77:46  192.168.1.131   arthu-linux    2018-07-04 14:21:06 -NA-                
b0:6e:bf:72:36:05  192.168.1.126   -NA-           2018-07-04 14:22:36 -NA-                
ec:a8:6b:bf:c1:14  192.168.1.124   financeiro     2018-07-04 14:22:58 -NA-                
f0:c1:f1:a5:f9:fd  192.168.1.73    iPhone-Gilbert 2018-07-04 15:01:16 -NA-                
f8:da:0c:ff:8c:3b  192.168.1.98    comercial      2018-07-04 14:21:28 -NA-                
fc:ec:da:16:57:aa  192.168.1.91    Freeway        2018-07-04 14:22:56 -NA-                
root@agamenon:~#

Para obter a lista dos fabricantes o próprio comando dá a dica baixe o arquivo oui.txt e colocar no caminho /usr/local/etc/

root@agamenon:~# /home/freewaynet/dhcp-4.4.1/contrib/dhcp-lease-list.pl
Reading leases from /var/lib/dhcp/dhcpd.leases
MAC                IP              hostname       valid until         manufacturer        
===============================================================================================
00:0c:29:81:60:38  192.168.1.122   ariel          2018-07-04 14:27:35 VMware, Inc.        
00:15:65:8f:af:d4  192.168.1.136   SIP-T21P       2018-07-04 14:28:42 XIAMEN YEALINK NETWORK TECHNOLOGY CO.,LTD
00:b3:62:b9:77:1f  192.168.1.84    iPhonedCarolin 2018-07-04 15:47:08 Apple, Inc.         
20:47:47:fc:f5:ea  192.168.1.95    isadora        2018-07-04 14:27:17 Dell Inc.           
7c:8b:ca:00:96:aa  192.168.1.139   projetos       2018-07-04 14:29:03 TP-LINK TECHNOLOGIES CO.,LTD.
84:38:38:ff:4a:b2  192.168.1.90    android-52f133 2018-07-04 14:28:29 SAMSUNG ELECTRO-MECHANICS(THAILAND)
84:7b:eb:fc:9f:dd  192.168.1.149   comercial1     2018-07-04 14:28:36 Dell Inc.           
84:ef:18:56:77:46  192.168.1.131   arthu-linux    2018-07-04 14:26:27 Intel Corporate     
b0:6e:bf:72:36:05  192.168.1.126   -NA-           2018-07-04 14:27:36 ASUSTek COMPUTER INC.
ec:a8:6b:bf:c1:14  192.168.1.124   financeiro     2018-07-04 14:27:58 Elitegroup Computer Systems Co.,Ltd.
f0:c1:f1:a5:f9:fd  192.168.1.73    iPhone-Gilbert 2018-07-04 15:01:16 Apple, Inc.         
f8:da:0c:ff:8c:3b  192.168.1.98    comercial      2018-07-04 14:27:48 Hon Hai Precision Ind. Co.,Ltd.
fc:ec:da:16:57:aa  192.168.1.91    Freeway        2018-07-04 14:27:56 Ubiquiti Networks Inc.
root@agamenon:~# 

DHCPDUMP

O aplicativo dhcpdump e um software que coleta os pacotes com destino a serviço DHCP e faz a exibição(dump) do contéudo dos pacotes segue abaixo um exemplo retirada da pagina do manual do dhcpdump.

# dhcpdump -i eth0 -h ^00:c0:4f

O comando acima mostrara apenas os pacotes do equipamento que esta fazendo requisicao dhcp com endereço MAC de inicio igual a 00:c0:4f note que a opção utiliza expressão regular, isto e muito util. Quando eu menciono requisição estou querendo dizer tanto o pacote de pedido quanto de resposta.

Abaixo segue um pedido e uma resposta é bem intuitivo.

---------------------------------------------------------------------------
 
  TIME: 2018-07-04 10:37:05.510
    IP: 0.0.0.0 (e8:40:40:e7:ed:21) > 192.168.1.252 (0:c:29:cb:52:99)
    OP: 1 (BOOTPREQUEST)
 HTYPE: 1 (Ethernet)
  HLEN: 6
  HOPS: 0
   XID: 8ada1645
  SECS: 140
 FLAGS: 0
CIADDR: 0.0.0.0
YIADDR: 0.0.0.0
SIADDR: 0.0.0.0
GIADDR: 0.0.0.0
CHADDR: 20:47:47:fc:f5:ea:00:00:00:00:00:00:00:00:00:00
 SNAME: .
 FNAME: .
OPTION:  53 (  1) DHCP message type         1 (DHCPDISCOVER)
OPTION:  12 (  7) Host name                 isadora
OPTION:  55 ( 13) Parameter Request List      1 (Subnet mask)
                                             28 (Broadcast address)
                                              2 (Time offset)
                                              3 (Routers)
                                             15 (Domainname)
                                              6 (DNS server)
                                            119 (Domain Search)
                                             12 (Host name)
                                             44 (NetBIOS name server)
                                             47 (NetBIOS scope)
                                             26 (Interface MTU)
                                            121 (Classless Static Route)
                                             42 (NTP servers)
 
---------------------------------------------------------------------------
 
  TIME: 2018-07-04 10:37:05.510
    IP: 192.168.1.252 (0:c:29:cb:52:99) > 192.168.1.95 (20:47:47:fc:f5:ea)
    OP: 2 (BOOTPREPLY)
 HTYPE: 1 (Ethernet)
  HLEN: 6
  HOPS: 0
   XID: 8ada1645
  SECS: 140
 FLAGS: 0
CIADDR: 0.0.0.0
YIADDR: 192.168.1.95
SIADDR: 192.168.1.252
GIADDR: 0.0.0.0
CHADDR: 20:47:47:fc:f5:ea:00:00:00:00:00:00:00:00:00:00
 SNAME: .
 FNAME: .
OPTION:  53 (  1) DHCP message type         2 (DHCPOFFER)
OPTION:  54 (  4) Server identifier         192.168.1.252
OPTION:  51 (  4) IP address leasetime      600 (10m)
OPTION:   1 (  4) Subnet mask               255.255.255.0
OPTION:  28 (  4) Broadcast address         192.168.1.255
OPTION:   3 (  4) Routers                   192.168.1.1
OPTION:  15 ( 15) Domainname                freewaynet.corp
OPTION:   6 ( 12) DNS server                192.168.1.252,179.124.8.33,8.8.8.8
---------------------------------------------------------------------------

DHCPING

Envia um pacote com “DHCP request” para o servidor DHCP para verificar se ele esta online e rodando. Este comando permite ao administrador verificar se o servidor dhcp remoto esta em funcionamento.

# dhcping -c <endereço ip do host monitorado> -s <servidor DHCP> -h <endereço MAC monitorado>
# dhcping -c 192.168.1.95 -s 192.168.1.15 -h aa:bb:cc:dd:ee:ff
  • 192.168.1.95: endereço ip do host monitorado
  • 192.168.1.15: servidor DHCP
  • aa:bb:cc:dd:ee:ff: endereço MAC monitorado

Olhando nos logs do servidor /var/log/syslog

Jul  4 11:02:15 silverbolt dhcpd[4795]: DHCPREQUEST for 192.168.1.95 from aa:bb:cc:dd:ee:ff via ens160: unknown lease 192.168.1.95.
Jul  4 11:02:17 silverbolt dhcpd[4795]: DHCPDISCOVER from aa:bb:cc:dd:ee:ff (isadora) via ens160
Jul  4 11:02:17 silverbolt dhcpd[4795]: DHCPOFFER on 192.168.1.152 to aa:bb:cc:dd:ee:ff (isadora) via ens160

Podemos varrer a rede a procura de um servidor DHCP. Para varrer toda a rede a procura de servidores DHCP utilize o comando.

root@isadora:~# dhcping -s 255.255.255.255 -r -v
Got answer from: 192.168.1.15
received from 192.168.1.15, expected from 255.255.255.255
Got answer from: 192.168.1.252
received from 192.168.1.252, expected from 255.255.255.255
no answer
root@isadora:~# 

Note que 2 servidores retornaram 192.168.1.15 e 192.168.1.252. Se não existisse nenhum servidor a resposta seria.

root@isadora:~# dhcping -s 255.255.255.255 -r -v
no answer

NMAP

Existe uma script default do nmap que permite monitorar o dhcp server

root@isadora:~# nmap --script broadcast-dhcp-discover
 
Starting Nmap 6.40 ( http://nmap.org ) at 2018-07-04 11:04 AMT
Pre-scan script results:
| broadcast-dhcp-discover: 
|   IP Offered: 192.168.1.154
|   DHCP Message Type: DHCPOFFER
|   Server Identifier: 192.168.1.15
|   IP Address Lease Time: 0 days, 0:05:00
|   Subnet Mask: 255.255.255.0
|   Router: 192.168.1.1
|   Domain Name Server: 192.168.1.252, 192.168.1.15, 179.124.8.33, 8.8.8.8
|   Domain Name: freewaynet.corp
|   Broadcast Address: 192.168.1.255
|_  NetBIOS Node Type: 2
WARNING: No targets were specified, so 0 hosts scanned.
Nmap done: 0 IP addresses (0 hosts up) scanned in 0.50 seconds
root@isadora:~# 

Utilizando a opção -e <nome da interface>

root@isadora:~# nmap --script broadcast-dhcp-discover -e eth0
 
Starting Nmap 6.40 ( http://nmap.org ) at 2018-07-04 11:06 AMT
Pre-scan script results:
| broadcast-dhcp-discover: 
|   IP Offered: 192.168.1.154
|   DHCP Message Type: DHCPOFFER
|   Server Identifier: 192.168.1.15
|   IP Address Lease Time: 0 days, 0:05:00
|   Subnet Mask: 255.255.255.0
|   Router: 192.168.1.1
|   Domain Name Server: 192.168.1.252, 192.168.1.15, 179.124.8.33, 8.8.8.8
|   Domain Name: freewaynet.corp
|   Broadcast Address: 192.168.1.255
|_  NetBIOS Node Type: 2
WARNING: No targets were specified, so 0 hosts scanned.
Nmap done: 0 IP addresses (0 hosts up) scanned in 0.27 seconds
root@isadora:~# 

Para usuários Windows

Para usuarios Windows existe o dhcptest nunca utilizei apenas ouvi falar e pesquisei o mesmo como não utilizo Windows vou ficar devendo mas caso alguém quiser testar e colocar ai segue abaixo o link o nome do comando dhcptest

https://github.com/CyberShadow/dhcptest

Discussão

Insira seu comentário. Sintaxe wiki é permitida:
 
infra-estrutura/linux/monitoramento_dhcp.txt · Última modificação: 2018/07/19 11:47 por ricardobarbosams