DHCP - Nifalnasar/Fundamentals-of-Network GitHub Wiki

  1. Perform the following steps to capture the DHCP traffic. a) Begin by opening the Windows Command Prompt application. Type “ipconfig /release”.

b) Start up the Wireshark packet sniffer.

c) Now go back to the Windows Command Prompt and enter “ipconfig /renew”.

d) Wait until the “ipconfig /renew” has terminated. Then enter the same command “ipconfig /renew” again.

e) When the second “ipconfig /renew” terminates, enter the command “ipconfig/release” to release the previously-allocated IP address to your computer.

f) Finally, enter “ipconfig /renew” to again be allocated an IP address for your computer.

g) Stop Wireshark packet capture

  1. Open the captured traffic file and given pcap file “dhcp” in Wireshark to answer the following questions.

a) Are DHCP messages sent over UDP or TCP?

DHCP messages send over UDP

b) Draw a timing datagram illustrating the sequence of the first four-packet Discover/Offer/Request/ACK DHCP exchange between the client and server.For each packet, indicated the source and destination port numbers.

c) What is the link-layer (e.g., Ethernet) address of your host?

d) What values in the DHCP discover message differentiate this message from the DHCP request message?

e) What is the value of the Transaction-ID in each of the first four (Discover/Offer/Request/ACK) DHCP messages? What are the values of the Transaction-ID in the second set (Request/ACK) set of DHCP messages? What is the purpose of the Transaction-ID field?

Purpose: The transaction ID is different so that the host can differentiate between different requests made by the user. They help avoid duplicate conversions.

f) A host uses DHCP to obtain an IP address, among other things. But a host’s IP address is not confirmed until the end of the four-message exchange! If the IP address is not set until the end of the four-message exchange, then what values are used in the IP datagrams in the four-message exchange? For each of the four DHCP messages (Discover/Offer/Request/ACK DHCP), indicate the source and destination IP addresses that are carried in the encapsulating IP datagram.

g) What is the IP address of your DHCP server?

10.11.139.91

h) What IP address is the DHCP server offering to your host in the DHCP Offer message? Indicate which DHCP message contains the offered DHCP address.

i) In the example screenshot in this assignment, there is no relay agent between the host and the DHCP server. What values in the trace indicate the absence of a relay agent? Is there a relay agent in your experiment? If so what is the IP address of the agent?

There is no relay agent in our experiment, the value that relay agent indicates is 0.0.0.0

The DHCP relay agent is any TCP/IP host which is used to forward requests and replies between the DHCP server and client when the server is present on a different network.

j) Explain the purpose of the router and subnet mask lines in the DHCP offer message.

The subnet mask line tells the client which subnet mask to use. The router line indicates where the client should send messages by default.

k) In the DHCP trace file, the DHCP server offers a specific IP address to the client. In the client’s response to the first server OFFER message, does the client accept this IP address? Where in the client’s RESPONSE is the client’s requested address?

The client accepts the IP address given in the offer message within the request message. After being offered the IP address 192.168.1.101 in the offer message, my client sent back a message further requesting that specific IP address.

l) Explain the purpose of the lease time. How long is the lease time in your experiment?

The purpose of lease time is to tell the client how long they can use the specific IP address assigned by the server before they will have to be assigned a new one."!The lease time in my experiment is 86400 seconds or 1 day

m) What is the purpose of the DHCP release message? Does the DHCP server issue an acknowledgment of receipt of the client’s DHCP request? What would happen if the client’s DHCP release message is lost?

The purpose of the release message is to release the IP address back to the server. "!There is no verification that the release message has been received by the server."! If the message is lost, the client releases the IP address, but the server will not reassign that address until the clients lease on the address expires.

n) Clear the DHCP filter from your Wireshark window. Were any ARP packets sent or received during the DHCP packet-exchange period? If so, explain the purpose of those ARP packets

Yes, ARP packets are sent during the DGCP packet-exchange period.

To obtain a specific MAC address when an IP address is known, by broadcasting an ARP request message to all devices on a particular Ethernet network To use the gathered information to create a viewable table of IP address to MAC address mappings