Dynamic Host Configuration Protocol (DHCP)
DHCP🔗
graph LR
pca(PC A) --- sw1(Switch 1) --- dhcp(DHCP Server)
subgraph " "
direction TB
pcb(PC B) --- sw2(Switch 2) --- r("Router (DHCP Relay Agent)")
end
r --- sw1DORA process: Discover, Offer, Request, Acknowledge
- Discover: generally broadcast from
0.0.0.0to255.255.255.255(no IP address yet, DHCP server unknown). There might be IP helpers or similar translating between different subnets, in which case the discover packet could be unicast as the helper knows the DHCP server. - Offer: can be declined
- Request: host accepts IP addresses
- Acknowledge (
ACK): can be NACK (not acknowledged) if there was a problem
After acknowledging the offer the machine will still check whether the IP address is already in use. The same might happen on the server. Some use ping, but since it’s being blocked by a lot of firewalls ARP is better and mostly used. ARP is generally too essential to be blocked.
Monitor DHCP process (see DHCP + DORA capture file)
1 2 | |
Windows showed ARP requests to detect whether the IP is already in use. My Linux machine only shows ARP Announcements, suggesting no duplicate IP detection is performed or it’s done in a different way. There are some (failed) ICMP packets, suggesting it might be using pings.
Example capture file from instructor: research network environment with problems
- Conversations/Endpoints shows
10.90.16.xaddresses, but also something private-looking172.x.x.x - filtering for DHCP shows offers from different servers
- turns out someone hooked up their own hardware (improperly connected) and the device started handing out IP addresses
IPv6🔗
- stateful and stateless servers
- stateful: DHCP server provides everything (Prefix/length, Host info, DNS server IP address)
- stateless: through NDP (Neighbour Discovery Protocol) e.g. router can communicate PC prefix/length, PC can self-generate Host info using EUI-64, additional info such as IP address DNS server from DHCP server