2.1 KiB
2.1 KiB
tags, status
| tags | status | ||||||
|---|---|---|---|---|---|---|---|
|
complete |
Packet Inspector: DHCP Deep Dive with Wireshark
From zero packet capture experience to confidently dissecting DHCP messages, relay chains, and option fields in production.
← ISP Backbone Lab | Security Lab →
Module Map
| # | Module | Duration | What You'll Do |
|---|---|---|---|
| 1 | Wireshark Fundamentals | 2 hrs | Install, capture, navigate the UI, basic filters |
| 2 | DHCP Message Flow (DORA) | 2 hrs | Watch a full DHCP exchange, decode each message |
| 3 | DHCP Options Deep Dive | 3 hrs | Decode Options 1, 3, 6, 43, 51, 53, 55, 60, 82, 150 |
| 4 | DHCP Relay | 2 hrs | Configure ip helper-address, inspect relayed packets |
| 5 | Advanced Wireshark Filters & Analysis | 2 hrs | Display filters, coloring rules, IO graphs, tshark CLI |
| 6 | DHCP Troubleshooting Scenarios | 3 hrs | 5 broken scenarios — find and fix using Wireshark |
| 7 | DHCPv6 & Dual-Stack | 2 hrs | SARR exchange, stateful vs SLAAC, RA flags |
| 8 | DHCP Security | 2 hrs | Snooping, starvation attacks, rogue server detection |
Total: ~18 hours (3 weekends at 6 hrs/day, or spread across evenings)
Prerequisites
- CML installed and accessible (16+ GB RAM recommended)
- Basic CLI comfort (Cisco IOS conf t, show commands)
- Basic understanding of VLANs and IP subnetting
- No Wireshark experience required — Module 1 starts from scratch
- No DHCP server experience required — we build it step by step
Course Files
All modules and diagrams are maintained in:
- Obsidian:
Projects/DHCP Wireshark Course/ - Gitea:
jramos/dhcp-wireshark-course(modules/, diagrams/)