Lab 4: DHCP - Hsanokklis/2023-2024-Tech-journal GitHub Wiki

image

Objectives

Install and configure Linux DHCP service on dhcp01.hannelore.local

SSH from AD01 --> DHCP01

image

Disable IE Enhanced Security Configuration

  • Go to Server manager
  • Go to local servers
  • make turn off IE Enhanced Security Config

image

image

Chrome and Edge are not installed on the ad01 server, so if I wanted to download chrome I would have to get internet explorer set up which is in the program files for the C drive.

image

SSH to dhcp01 from ad01

image

Install DHCP services

Use the yum update manager to install DHCP with you elevated user

image

Succesfully installed the DHCP package

image

Configuring DHCP Services

**execute command sudo -i

image

  • open the dhcp config files in vim with command **vi /etc/dhcp/dhcpd.conf

image

once in vim, press "i" to go to insert mode to be able to type

image

VIM helpful commands!

https://www.computerhope.com/unix/uvi.htm

https://www.cyberciti.biz/faq/how-do-i-save-changes-in-vim/

  • vi filename or vim vim filename

Goes into the file

  • h --> left

  • j --> down

  • k --> up

  • l --> right

  • Esc

Cancel any command you've started typing

  • Return

complete certain commands and execute them

  • Delete

interrupts anything that the editor has been doing and brings you back to the default state of the editor

  • :w

will write the contents to save them

  • :q

This will quit vi

  • i

will allow you to start typing in vi

** Copy word for word the command below into Vim**

image

The copied commands

image

  • Press esc and then use :w to write the commands

image

  • cat the file to make sure it actually saved the configurations

image

Start DHCP Services

image

Understanding the systemd command

https://www.linux.com/training-tutorials/understanding-and-using-systemd/

  • systemctl is how you stop, stop and status services

Start DHCP

  • systemctl start dhcpd

image

Check the DHCP status

the dhcpD means it’s a Daemon, which is Linux speak for Service https://en.wikipedia.org/wiki/Daemon_(computing)

  • Use command systemctl status dhcpd

image

Enabling the service to start at boot

image

  • command systemctl enable dhcpd

image

Configuring the Firewall to allow incoming DHCP requests

The default configuration on CentOS is to enable the firewall and allow both ICMP and SSH requests in. The DHCP server will not work until we enable the firewall. We will be using firewalld and the firewall-cmd utility to make this happen. The “firewall-cmd --list-all” option shows the default firewall that allows dhcpv6-client (not to be confused with dhcp server) and ssh. We will add the dhcp service (as opposed to its ports).

  • Command firewall-cmd --list-all

image

The --permanent flag is important. If you fail to add this, the next time you reboot, your changes will be lost. Make sure you reload the firewall to invoke the change. List all the rules and make sure your dhcp service has been added.

image

  • firewall-cmd --add-service=dhcp --permanent

image

  • firewall-cmd --reload

image

  • firewall-cmd --list-all (you should see that there is an additional dhcp in the services section

image

Windows 10 DHCP Client

As a privileged user, you will now re-configure networking on WKS01 to use dynamic addressing rather than static addresses

You can run any linux command on windows powershell

  • Go to Ethernet0 and to IPv4 settings
  • Select "Obtain an IP address automatically" for both sections

image

Deliverable 1: Take a snapshot of the results of ipconfig /all. Note the DHCP server of 10.0.5.3 should be there, your IP address should be the first IP address in the scope you set earlier. Your domain name, netmask and gateway should also be set correctly.

image

Deliverable 2. Log back into dhcp01 and find the DHCP log associated with wks01's request for DHCP information. Take a snapshot similar to the one below. The IP address, the workstation name, the layer 2 address should all match between deliverables 1 and 2.

image

image

Wireshark

Run a capture session against WKS01's Ethernet0 adapter.

As an administrative power user (-adm), release the current DHCP release and then renew it on WKS01. Your objective: Capture the four DHCP messages between client and server.

  • release your current DHCP release using the following command ipconfig /release

  • renew your configuration with ipconfig /renew

image

  • ipconfig to see all the addresses

image

Deliverable 3. Provide a screenshot that shows the 4 Key DHCP Messages.

image

Deliverable 4. Figure out how to change the default lease time given to dhcp clients to 1 hour with a max lease time of four hours. Provide a screenshot displaying the new configuration, along with the shot confirming the change.

The red marks the default lease time

image

Reconfigured conf file with new lease set

image

image

Source used: https://linuxhint.com/dhcp_server_centos8/

TROUBLESHOOTING: I had to do the command systemctl restart dhcp to get the lease times to actually apply. Then I had to go to my workstation and do ipconfig /release and ipconfig /renew to actually get the lease times to show up

Deliverable 5. Tech Journal Entry - Explore 3 other items related to DHCP, and dig into their related Wireshark captured packets.

The DORA process

DHCP is used to get an IP address for the client from the server. DHCP does this with packet exchanges. This process is called the DORA process.

  • DHCP Discover
  • DHCP Offer
  • DHCP Request
  • DHCP ACCEPT

Here is an example of the DORA process in wireshark

image

DHCP Renewal Process

Once the DHCP lease is up the client will need to renew the lease. To do this the client has to send 2 DHCP frame to get the new IP address.

  • DHCP Request

This will be the same as a normal DHCP request packet but the client IP address will have the clients current IP. The client can just renew its current address so it doesn't need to be assigned another one.

  • DHCP ACK

This packet is an acknowledgement of the DHCP request

Source used: https://linuxhint.com/explain-dhcp-using-wireshark/

DHCP(BOOTP) Statistics

This information field gives information of the DHCP packets in your capture.

image

  • ACK --> shows acknowledged requests send to the DHCP server
  • Active Lease Query --> Requests on lease for a limited time period and expires after timeout
  • Bulk Lease Query --> shows requests on lease for IP addresses that have been provided with an IP address for a certain time period in bulk
  • Decline --> declined requests
  • Discover --> Discover nearby configuration device to send request for IP address
  • Force Renew --> Used when a temp IP is about to expire but the session is still active.
  • Inform --> info about success, failure, timeout time etc.
  • Lease Active --> shows active requests acknowledged by the server
  • Lease Query Done --> shows queries that are completed
  • Lease Query Status --> shows status of queries like done, unknown, unassigned etc.
  • Lease Unassigned --> shows unassigned queries
  • Lease Unknown --> queries that do not reach the server
  • Lease Query -->lists queries that interact with DHCP server
  • NAK --> Negative Acknowledgement, shows queries that are not acknowledged
  • Offer --> response to the discover query for providing IP addresses
  • Release --> the temporary Ips are released once they are no longer needed in a session
  • Request --> used to make a request for a temporary IP address
  • TLS --> Transport Layer Security, used in encrypting data sent over the internet.

Source used: https://www.geeksforgeeks.org/dhcp-bootp-statistics-in-wireshark/