[Type text]

DHCP/IP
Design an experiment to capture and analyze DHCP protocol (discovery, offer, request,
renew.... etc.).
1.

Investigate the IP layer of the above captures.

2.
Submit your findings about.
(a) Your design of the DHCP experiment method
(b) Interesting aspects of DHCP protocols
(c) Interesting aspects of IP
Solution:

DHCP Protocol:
DHCP stands for Dynamic Host Configuration Protocol and is used to automatically assign IP
configuration to hosts connecting to a network. The Dynamic Host Configuration Protocol
(DHCP) provides a framework for passing configuration information to hosts on a TCPIP
network. DHCP is based on the Bootstrap Protocol (BOOTP). A DHCP client makes a request to
a DHCP server that may or may not reside on the same subnet. The automatic distribution of IP
configuration information to hosts eases the administrative burden of maintaining IP networks. In
its simplest form, DHCP distributes the IP address, subnet mask and default gateway to a host,
but can include other configuration parameters such as name servers and NetBIOS configuration.
A DHCP client goes through six stages during the DHCP process. These stages are:

Initializing

Selecting

Requesting

Binding

Renewing

Rebinding

The DHCP client starts the DHCP process by issuing a DHCPDISCOVER message to its local
subnet on UDP port 67. Since the client does not know what subnet it belongs to, a general
broadcast is used (destination address 255.255.255.255). If the DHCP server is located on a

[Type text]

different subnet, a DHCP-relay agent must be used. The DHCP-relay agent can take several
forms. The ip-helper IOS command is used to set up a DHCP-relay agent on a Cisco router.
The DHCP-relay agent forwards the DHCPDISCOVER message to a subnet that contains a
DHCP server. Once the DHCP server receives the DHCPDISCOVER message, it replies with a
DHCPOFFER message. The DHCPOFFER message contains the IP configuration information
for the client. THE DHCPOFFER message is sent as a broadcast on UDP port 68. The client will
know that the DHCPOFFER message is intended for it because the client's MAC address is
included in the message.If the client is on a different subnet than the server, the message is sent
unicast to the DHCP-relay agent on UDP port 67. The DHCP-relay agent broadcasts the
DHCPOFFER on the client's subnet on UDP port 68.
After the client receives the DHCPOFFER, it sends a DHCPREQUEST message to the server.
The DHCPREQUEST message informs the server that it accepts the parameters offered in the
DHCPOFFER message. The DHCPREQUEST is a broadcast message, but it includes the MAC
address of the server, so that other DHCP servers on the network will know which server is
serving the client.
The DHCP server will send a DHCPACK message to the client to acknowledge the
DHCPREQUEST. The DHCPACK message contains all the configuration information that was
requested by the client. After the client receives the DHCPACK, it binds the IP address and is
ready to communicate on the network. If the server is unable to provide the requested
configuration, it sends a DHCPNACK message to the client. The client will resend the
DHCPREQUEST message. If the DHCPREQUEST message does not return a DHCPACK after
four attempts, the client will start the DHCP process from the beginning and send a new
DHCPDISCOVER message.

[Type text]

In the DHCP Experiment we perform the following steps as shown below in order to obtain IP
address for the client dynamically.
1. Enter the command ipconfig/release in the command prompt to make the current host
IP address becomes 0.0.0.0 as shown in the figure given below. Ipconfig executable is in
C:\windows\system32. (Refer to fig 2)
2. Start the Wireshark capture to capture the DHCP packets and filter BOOTP message as
DHCP is an implementation of BOOTP. (Refer to fig 4)
3. After the wire shark capture is enabled enter the command ipconfig/renew. This
instruct allows the host to acquire a new IP address from the network configuration file.
As shown in the figure below the host IP address obtained is 10.0.0.36.(Refer to fig 3)
4. Once the ipconfig/renew command has been terminated, enter the same command
again.
5. Again enter the same command ipconfig/renew to release the previous allocated IP
address assigned to the computer.
6. Finally enter the ipconfig /renew to again
7. Disconnect the PC from the network and connect again.
8. Stop the wire shark capture.

Figure 1: Command for IP configuration release

[Type text]

Figure 2: Command for IP Configuration renew

Figure 3: Wire shark capture for DHCP message

[Type text]

DHCP messages that are used in the process are explained briefly. DHCP communication
messages between client and server is also shown below:

Figure 4: DHCP transaction between client and server

1. DHCPDISCOVER
It is a DHCP message that marks the beginning of a DHCP interaction between client and server.
This message is sent by a client (host or device connected to a network) that is connected to a
local subnet. Its a broadcast message that uses 255.255.255.255 as destination IP address while
the source IP address is 0.0.0.0
2. DHCPOFFER
It is DHCP message that is sent in response to DHCPDISCOVER by a DHCP server to DHCP
client. This message contains the network configuration settings for the client that sent the
DHCPDISCOVER message.
3. DHCPREQUEST
This DHCP message is sent in response to DHCPOFFER indicating that the client has accepted
the network configuration sent in DHCPOFFER message from the server.
4. DHCPACK
This message is sent by the DHCP server in response to DHCPREQUEST received from the
client. This message marks the end of the process that started with DHCPDISCOVER. The

[Type text]

DHCPACK message is nothing but an acknowledgement by the DHCP server that authorizes the
DHCP client to start using the network configuration it received from the DHCP server earlier.

Interesting Aspects of DHCP

The client may offer a suggested IP address in its DHCPDISCOVER message.

Even though the client has the IP address of the selected Server in the DHCP offer
message, it broadcasts the DHCP request message so that server can understand that
client is effectively declining the offers.
On lease renewal, client has valid IP address from DHCP server, but the lease about to
expire.
1. Client holing its lease, sends DHCP request message addressed to the specific
server.
2. Server send DHCP NAK or DHCP ACK addressed the client. If the server send
DHCP NAK, client must obtain a new IP address using DHCP discover. Lease time in my
wire shark was found to be 7 days.
If the system is rebooted but with valid lease still existing on the current IP address.
1. Client broadcasts DHCP request with requested IP address as shown in figure
below.

[Type text]

2. Server sends DHCP NAK or DHCP ACK. If DHCP NAK is received, client must
obtain a new IP address again using DHCP DISCOVER message.
Initially when we release the IP address and we first contact the DHCP server the source
IP address will be set to 0.0.0.0. It will send out a DHCP discover message over the
broadcast address of 255.255.255.255. When the DHCP server sees this message it will
send a DHCP unicast message to the source with the IP address it is going to assign. The
DHCP offer message basically consists of the IP address.

Figure 5: Wire Shark capture of DHCP communication.

Interesting Aspects of IP

Client sends DHCP DISCOVER packet and the destination address in the IP section is
seen as 255.255.255.255 and source address as 0.0.0.0.
DHCP server offers DHCP OFFER packet. DHCP identifies the packet as an offer and
the destination address for the DHCP OFFER packer is the broad cast address
255.255255.255.

[Type text]

Client sends DHCP request message once the DHCP OFFER message is received. In the
IP section of the capture below, the Source address of the client is still 0.0.0.0 and the
Destination for the packet is still 255.255.255.255. The client retains 0.0.0.0 because the
client hasn't received verification from the server that it's okay to start using the address
offered. The Destination is still broadcast, because more than one DHCP server may have
responded and may be holding a reservation for an Offer made to the client. This lets
those other DHCP servers know they can release their offered addresses and return them
to their available pools.
The DHCP server responds to the DHCPREQUEST with a DHCPACK, thus completing
the initialization cycle. The Source address is the DHCP server IP address, and the
Destination address is still 255.255.255.255. The YIADDR field contains the client's
address.
Initially when we release the IP address and we first contact the DHCP server the source
IP address will be set to 0.0.0.0. It will send out a DHCP discover message over the
broadcast address of 255.255.255.255. When the DHCP server sees this message it will
send a DHCP unicast message to the source with the IP address it is going to assign. The
highlighted parts below indicate the same.
DHCP leases out IP addresses for particular periods of time. It does not assign addresses
permanently to a host. Every time a lease period runs out a host has to contact the server
again to get a ip address.) DHCP release message is as shown below. It assigns IP address
of 0.0.0.0 and the message type will be RELEASE.

Fig: DHCP Release message

[Type text]

Fig: DHCP Offer Message

Fig: DHCP Discover Message