Thursday, December 25, 2014

DHCP: No IP, to IP!

DHCP stands for Dynamic Host Configuration Protocol, used to assign an IP address to a machine connected to a network. DHCP uses ports 67 and 68 on top of UDP.

In this post we will see how a machine gets an IP Address.

Figure DHCP Client Communication Sequence

    Source     Dest        Source     Dest              Packet
   MAC addr   MAC addr    IP addr    IP addr           Description
   -----------------------------------------------------------------
   Client     Broadcast   0.0.0.0    255.255.255.255   DHCP Discover
   DHCPsrvr   Broadcast   DHCPsrvr   255.255.255.255   DHCP Offer
   Client     Broadcast   0.0.0.0    255.255.255.255   DHCP Request
   DHCPsrvr   Broadcast   DHCPsrvr   255.255.255.255   DHCP ACK


Source (Microsoft)
Broadcast MAC Address is ff:ff:ff:ff:ff:ff

Below 4 packets (Packet number 2 to 5) are mainly used for fetching an IP. Lets get into packet level details of communication.

Machine which is connected to the network sends a broadcast packet using 255.255.255.255 as destination address which is an IP Address lease request will be responded back by the DHCP Server as DHCP Offer message. A DHCP client migh also send it's previous IP Address part of the discover packet.
Figure DHCP Discover

DHCP server takes a non assigned IP address from the address pool and makes a lease offer to client.

Figure DHCP Offer

Figure DHCP Request

Figure DHCP ACK

In the above communication, we need to mainly observer the source and destination MAC addresses used.

Point to remember, bootp is the wireshark filter, not dhcp.

http://support.microsoft.com/KB/169289


Posted by at
Labels:

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)