<img height="1" width="1" style="display:none;" alt="" src="https://px.ads.linkedin.com/collect/?pid=2975524&amp;fmt=gif">
BLOG

[Video] How To Determine DHCP Option 60 Value Using Wireshark

April 11, 2017

There are an increasing number of network attached devices, and trying to keep them organized gets to be challenging. Since different devices might require different IP configuration settings and statically configuring them isn’t realistic.

There are several approaches to deal with this.

One of the most popular is to create a VLAN just for those devices, the most common example is the typical voice VLAN where your VoIP sets are in its own VLAN, with its own DHCP scope and possible a specific quality of service configuration.

How to Capture DHCP and Determine Option 60

Presently there are all sorts of devices that you might want to define its own DHCP range, examples would be printers, webcams, various tablets or access points. I’ve also worked on a few issues where the vendor changed the DHCP Vendor Class Identifier (VCI) with a firmware upgrade, so this is a good technique to learn.

While working with a client, this topic came up and we needed to determine the device’s DHCP Vendor Class Identifier (VCI) or option 60. For those of you familiar with option 60, this paper will not cover the specific mechanics of this protocol, other related options (like 43) but to simply help you identify what value 60 your device is using.

The key here is to capture the device’s DHCP Discover packet. In most cases this will be a broadcast packet, so as long as you are in the same broadcast domain, or VLAN or subnet, you should be able to capture the packet.

In this video, I demonstrate how to capture DHCP and determine what the option 60 is.

Want to read more articles like this? Then subscribe to Garland’s blog and get my feed.

Learn the Best Practices for Building a Network Visibility Fabric DOWNLOAD NOW

See Everything. Secure Everything.

Contact us now to secure and optimized your network operations
Contact Us

Heartbeats Packets Inside the Bypass TAP

If the inline security tool goes off-line, the TAP will bypass the tool and automatically keep the link flowing. The Bypass TAP does this by sending heartbeat packets to the inline security tool. As long as the inline security tool is on-line, the heartbeat packets will be returned to the TAP, and the link traffic will continue to flow through the inline security tool.

If the heartbeat packets are not returned to the TAP (indicating that the inline security tool has gone off-line), the TAP will automatically 'bypass' the inline security tool and keep the link traffic flowing. The TAP also removes the heartbeat packets before sending the network traffic back onto the critical link.

While the TAP is in bypass mode, it continues to send heartbeat packets out to the inline security tool so that once the tool is back on-line, it will begin returning the heartbeat packets back to the TAP indicating that the tool is ready to go back to work. The TAP will then direct the network traffic back through the inline security tool along with the heartbeat packets placing the tool back inline.

Some of you may have noticed a flaw in the logic behind this solution!  You say, “What if the TAP should fail because it is also in-line? Then the link will also fail!” The TAP would now be considered a point of failure. That is a good catch – but in our blog on Bypass vs. Failsafe, I explained that if a TAP were to fail or lose power, it must provide failsafe protection to the link it is attached to. So our network TAP will go into Failsafe mode keeping the link flowing.

Glossary

  1. Single point of failure: a risk to an IT network if one part of the system brings down a larger part of the entire system.

  2. Heartbeat packet: a soft detection technology that monitors the health of inline appliances. Read the heartbeat packet blog here.

  3. Critical link: the connection between two or more network devices or appliances that if the connection fails then the network is disrupted.

NETWORK MANAGEMENT | THE 101 SERIES