DHCP packets with wireshark - RigPig/NET-330 GitHub Wiki

• Note the full DHCP exchange via the figure below

We observe 6 packets. The first being ipconfig /release, the release of my current DHCP lease. This is picked up by the configured DHCP server with an address of 216.93.150.162.

The second packet, a DHCP discover, is my device broadcast to anyone who will listen, so I can be directed to a DHCP server and be given an IP.

The third packet, a DHCP offer, is the DHCP server giving me an IP. The source is from an interface very close to my default gateway, just 3 addresses off. The destination is me, the client. We can see further in the screenshot below the offered subnet masks and that I was also offered DNS servers.

The fourth packet is my client formally asked for the IP info the server sent in the offer packet. Note the source is 0.0.0.0 because I haven't technically completed the DHCP exchange yet.

The last packet, DHCP ACK, is from another interface very close to my default gateway. It originates from the DHCP server, though, and is the server accepting my request for the lease it sent me in the offer.

-Note the source address being within the same network as my default gateway, but that IP itself is unreachable by me after the exchange.