DHCP_WIRESHARK_COURSE.md

---
tags:
  - project
  - course
  - dhcp
  - wireshark
  - networking
  - cml
status: complete
---

# Packet Inspector: DHCP Deep Dive with Wireshark

> **From zero packet capture experience to confidently dissecting DHCP messages, relay chains, and option fields in production.**

[← ISP Backbone Lab](https://vulcan.apophisnetworking.net/jramos/isp-backbone-lab) | [Security Lab →](../Home%20Lab/Security%20Lab/Security%20Lab.md)

---

## Module Map

| # | Module | Duration | What You'll Do |
|---|--------|----------|---------------|
| 1 | [Wireshark Fundamentals](modules/01-wireshark-fundamentals.md) | 2 hrs | Install, capture, navigate the UI, basic filters |
| 2 | [DHCP Message Flow (DORA)](modules/02-dhcp-message-flow.md) | 2 hrs | Watch a full DHCP exchange, decode each message |
| 3 | [DHCP Options Deep Dive](modules/03-dhcp-options.md) | 3 hrs | Decode Options 1, 3, 6, 43, 51, 53, 55, 60, 82, 150 |
| 4 | [DHCP Relay](modules/04-dhcp-relay.md) | 2 hrs | Configure ip helper-address, inspect relayed packets |
| 5 | [Advanced Wireshark Filters & Analysis](modules/05-advanced-wireshark.md) | 2 hrs | Display filters, coloring rules, IO graphs, tshark CLI |
| 6 | [DHCP Troubleshooting Scenarios](modules/06-troubleshooting.md) | 3 hrs | 5 broken scenarios — find and fix using Wireshark |
| 7 | [DHCPv6 & Dual-Stack](modules/07-dhcpv6.md) | 2 hrs | SARR exchange, stateful vs SLAAC, RA flags |
| 8 | [DHCP Security](modules/08-dhcp-security.md) | 2 hrs | Snooping, starvation attacks, rogue server detection |

**Total: ~18 hours** (3 weekends at 6 hrs/day, or spread across evenings)

---

## Prerequisites

- CML installed and accessible (16+ GB RAM recommended)
- Basic CLI comfort (Cisco IOS conf t, show commands)
- Basic understanding of VLANs and IP subnetting
- No Wireshark experience required — Module 1 starts from scratch
- No DHCP server experience required — we build it step by step

---

## Course Files

All modules and diagrams are maintained in:
- **Obsidian**: `Projects/DHCP Wireshark Course/`
- **Gitea**: `jramos/dhcp-wireshark-course` (modules/, diagrams/)
Add course outline, gitignore, and update wireshark fundamentals module Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> 2026-03-01 16:25:11 -07:00			`---`
			`tags:`
			`- project`
			`- course`
			`- dhcp`
			`- wireshark`
			`- networking`
			`- cml`
			`status: complete`
			`---`

			`# Packet Inspector: DHCP Deep Dive with Wireshark`

			`> From zero packet capture experience to confidently dissecting DHCP messages, relay chains, and option fields in production.`

			`[← ISP Backbone Lab](https://vulcan.apophisnetworking.net/jramos/isp-backbone-lab) \| [Security Lab →](../Home%20Lab/Security%20Lab/Security%20Lab.md)`

			`---`

			`## Module Map`

			`\| # \| Module \| Duration \| What You'll Do \|`
			`\|---\|--------\|----------\|---------------\|`
			`\| 1 \| [Wireshark Fundamentals](modules/01-wireshark-fundamentals.md) \| 2 hrs \| Install, capture, navigate the UI, basic filters \|`
			`\| 2 \| [DHCP Message Flow (DORA)](modules/02-dhcp-message-flow.md) \| 2 hrs \| Watch a full DHCP exchange, decode each message \|`
			`\| 3 \| [DHCP Options Deep Dive](modules/03-dhcp-options.md) \| 3 hrs \| Decode Options 1, 3, 6, 43, 51, 53, 55, 60, 82, 150 \|`
			`\| 4 \| [DHCP Relay](modules/04-dhcp-relay.md) \| 2 hrs \| Configure ip helper-address, inspect relayed packets \|`
			`\| 5 \| [Advanced Wireshark Filters & Analysis](modules/05-advanced-wireshark.md) \| 2 hrs \| Display filters, coloring rules, IO graphs, tshark CLI \|`
			`\| 6 \| [DHCP Troubleshooting Scenarios](modules/06-troubleshooting.md) \| 3 hrs \| 5 broken scenarios — find and fix using Wireshark \|`
			`\| 7 \| [DHCPv6 & Dual-Stack](modules/07-dhcpv6.md) \| 2 hrs \| SARR exchange, stateful vs SLAAC, RA flags \|`
			`\| 8 \| [DHCP Security](modules/08-dhcp-security.md) \| 2 hrs \| Snooping, starvation attacks, rogue server detection \|`

			`Total: ~18 hours (3 weekends at 6 hrs/day, or spread across evenings)`

			`---`

			`## Prerequisites`

			`- CML installed and accessible (16+ GB RAM recommended)`
			`- Basic CLI comfort (Cisco IOS conf t, show commands)`
			`- Basic understanding of VLANs and IP subnetting`
			`- No Wireshark experience required — Module 1 starts from scratch`
			`- No DHCP server experience required — we build it step by step`

			`---`

			`## Course Files`

			`All modules and diagrams are maintained in:`
			- Obsidian: `Projects/DHCP Wireshark Course/`
			- Gitea: `jramos/dhcp-wireshark-course` (modules/, diagrams/)