jramos/dhcp-wireshark-course
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
328e6d4eccca473de3d81e4627b449e4e8e63090
dhcp-wireshark-course/DHCP_WIRESHARK_COURSE.md
jramos 363003ad6b Add course outline, gitignore, and update wireshark fundamentals module 
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-03-01 16:25:11 -07:00

52 lines
2.1 KiB
Markdown
Raw Blame History

---
tags:
- project
- course
- dhcp
- wireshark
- networking
- cml
status: complete
---
# Packet Inspector: DHCP Deep Dive with Wireshark
> **From zero packet capture experience to confidently dissecting DHCP messages, relay chains, and option fields in production.**
[← ISP Backbone Lab](https://vulcan.apophisnetworking.net/jramos/isp-backbone-lab) | [Security Lab →](../Home%20Lab/Security%20Lab/Security%20Lab.md)
---
## Module Map
| # | Module | Duration | What You'll Do |
|---|--------|----------|---------------|
| 1 | [Wireshark Fundamentals](modules/01-wireshark-fundamentals.md) | 2 hrs | Install, capture, navigate the UI, basic filters |
| 2 | [DHCP Message Flow (DORA)](modules/02-dhcp-message-flow.md) | 2 hrs | Watch a full DHCP exchange, decode each message |
| 3 | [DHCP Options Deep Dive](modules/03-dhcp-options.md) | 3 hrs | Decode Options 1, 3, 6, 43, 51, 53, 55, 60, 82, 150 |
| 4 | [DHCP Relay](modules/04-dhcp-relay.md) | 2 hrs | Configure ip helper-address, inspect relayed packets |
| 5 | [Advanced Wireshark Filters & Analysis](modules/05-advanced-wireshark.md) | 2 hrs | Display filters, coloring rules, IO graphs, tshark CLI |
| 6 | [DHCP Troubleshooting Scenarios](modules/06-troubleshooting.md) | 3 hrs | 5 broken scenarios — find and fix using Wireshark |
| 7 | [DHCPv6 & Dual-Stack](modules/07-dhcpv6.md) | 2 hrs | SARR exchange, stateful vs SLAAC, RA flags |
| 8 | [DHCP Security](modules/08-dhcp-security.md) | 2 hrs | Snooping, starvation attacks, rogue server detection |
**Total: ~18 hours** (3 weekends at 6 hrs/day, or spread across evenings)
---
## Prerequisites
- CML installed and accessible (16+ GB RAM recommended)
- Basic CLI comfort (Cisco IOS conf t, show commands)
- Basic understanding of VLANs and IP subnetting
- No Wireshark experience required — Module 1 starts from scratch
- No DHCP server experience required — we build it step by step
---
## Course Files
All modules and diagrams are maintained in:
- **Obsidian**: `Projects/DHCP Wireshark Course/`
- **Gitea**: `jramos/dhcp-wireshark-course` (modules/, diagrams/)
Reference in New Issue View Git Blame Copy Permalink