This tool captures and forwards a subset of DHCP (specifically DHCPREQUEST and DHCPACK) and/or DNS traffic from a Windows x64 DHCP server to a destination IP and port.
Alternatively, for DHCP IP Helpers can be configured on each switch of an infrastructure to forward broadcast only packets. Those contain all types of DHCP packets but less to none DHCPACK which confirms lease ownership.
DHCP traffic is useful to PacketFence to link MAC adresses and IP addresses, while also helping Fingerbank's fingerprinting process. Again, the only useful packets to PacketFence are DHCPREQUEST and DHCPACK.
In short, if PacketFence-Forwarder can be deployed centrally, it should be done. In that case, only useful packets are captured and forwarded from the source, which reduces configuration, transport, processing and storage costs of useless packets, while removing the need to process them to actually neglect them at the destination host.
This tool captures and forwards DHCP (DHCPREQUEST and DHCPACK, specifically) and/or DNS traffic from a Windows DHCP server to PacketFence.
DHCPREQUEST and DHCPACK packets are the ones being the most important for PacketFence to link MAC to IP addresses and switch location and help Fingerbank to fingerprint the operating system running on the device.
This fingerprinting and localisation process helps a lot in determining violation triggers condition.
With the help of PacketFence-Forwarder, those DHCP packets can be obtained directly and easily from the source.
Alternatively, IP helpers can be configured on each switch to forward DHCP traffic to PacketFence, but only broadcast packets can be captured by them, which is less precise. Deploying PacketFence-Forwarder is simple and centralized.
PacketFence-forwarder is based on gopacket and depends upon WinPCAP to select the requested packets through a BPF, which is really fast. Captured traffic is then forwarded to a configured host and port.
A default BPF is produced by the configuration generator. That filter can be manually modified in the configuration file by the user.
PacketFence-Forwarder requires a Packetfence-Forwarder.toml file to be present in it's working directory (installation directory). Packetfence-Forwarder.toml is generated from packetfence-forwarder-config-generator.exe at installation time, but can be run from the installation directory anytime.
Does:
Note: Do not select a wireless device, it will not work.
The PacketFence-Forwarder service needs to be restarted:
The installer will:
You will need:
To generate the installer, you will also need NSIS
In a shell, create a "src" directory (that is a GOLANG requirement) that you want to be the root of your GO projects, (eg: c:\Users\Test\go\src\ ) and download the sources through previously installed git:
git clone https://github.com/inverse-inc/packetfence-dhcp-forwarder.git
packetfence-forwarder-config-generator:
packetfence-forwarder:
packetfence-forwarder-installer:
Files are installed under "C:\Program Files (x86)\DHCP Forwarder".
Once you have the sources and the tools for native compilations under c:\go\src\
In a terminal, do the following:
cd c:\Users\Test\go\src\packetfence-dhcp-forwarder/installer
build.bat
You now have the compiled binaries required to generate the installer.
To create the installer, you need to download and install the following: NSIS
Download dependency
Place yourself in the root of the git downloaded directory:
cd c:\Users\Test\go\src\packetfence-packetfence-forwarder\installer
Compile packetfence-forwarder.exe and packetfence-forwarder-config-generator.exe and create the installer.
build.bat
You now have an installer under "c:\go\src\packetfence-packetfence-forwarder\installer\PacketFence-Forwarder-Installer.exe"
We officially support only x64 Windows servers.
The Event logs should help a lot in finding the cause of why the service not starting. Have you changed your networking card since installation? Disconnected a cable disconnected? Had the server sleep and resumed from suspend?
Alternatively, you can stop the service from Windows Service Manager and debug from the command line. Launch an adminstrative command line and place yourself under "C:\Program Files (x86)\DHCP Forwarder"
To get access to the service manager:
services.msc
To get access to event logs:
eventvwr.msc
The following commands should help:
The service is executed with default System account. Edit accordingly.
Note: The configured interface needs to be connected. If you need to change the interface or destination information, you should execute packetfence-forwarder-config-generator.exe from a command line in its program files folder to regenerate a clean configuration.
Installer: