Wireshark DHCP

Introduction

In this lab, we’ll explore aspects of the DHCP protocol

Before attacking this lab, you’re encouraged to review the DHCP material in section 4.3.3 of the text.

You will need these this file: DHCP.pcapng

Instructions

On Windows, the ipconfig command can be used to release and renew IP adresses and thus generate DHCP messages to pick up with wireshark. To release your ip address and renew to get an ip address again, you should be able to do this:

ipconfig \release
ipconfig \renew

On Linux, you need to first find the name of your network interface using ifconfig --all command, and then the dhclient. To release your ip address and renew to get an ip address again, you should be able to do this:

sudo dhclient -v -r <interface>
sudo dhclient -v <interface>

Try this out, and if you succeeds, you can use your own capture. To filter in wireshark, you can use the filter bootp

In DHCP.pcapng file, there are DHCP packages from a session I did on my laptop you can use, if the above fails.

Tasks

You should answer the following questions:

  1. Are DHCP messages sent over UDP or TCP?

  2. Draw a timing datagram illustrating the sequence of the four-packet Discover/Offer/Request/ACK DHCP exchange between the client and server. For each packet, indicated the source and destination port numbers.

  3. What is the link-layer (e.g., Ethernet) address of your host?

  4. What values in the DHCP discover message differentiate this message from the DHCP request message?

  5. What is the value of the Transaction-ID in each of the four (Discover/Offer/Request/ACK) DHCP messages? What are the values of the Transaction-ID in the second set (Request/ACK) set of DHCP messages? What is the purpose of the Transaction-ID field?

  6. A host uses DHCP to obtain an IP address, among other things. But a host’s IP address is not confirmed until the end of the four-message exchange! If the IP address is not set until the end of the four-message exchange, then what values are used in the IP datagrams in the four-message exchange? For each of the four DHCP messages (Discover/Offer/Request/ACK DHCP), indicate the source and destination IP addresses that are carried in the encapsulating IP datagram.

  7. What is the IP address of the DHCP server?

  8. What IP address is the DHCP server offering to your host in the DHCP Offer message? Indicate which DHCP message contains the offered DHCP address.

  9. Explain the purpose of the router and subnet mask lines in the DHCP offer message.

  10. Explain the purpose of the lease time. How long is the lease time in your experiment?

  11. What is the purpose of the DHCP release message? Does the DHCP server issue an acknowledgment of receipt of the client’s DHCP request? What would happen if the client’s DHCP release message is lost?