DHCP
In the early days of networking, when a device wanted to communicate over a network, it needed to be assigned an address by hand. As network s grew, this manual process quickly became cumbersome. To solve this problem, Bootstrap Protocol (BOOTP) was created to automatically assign addresses to network-connected devices. BOOTP was later replaced with the more sophisticated Dynamic Host Configuration Protocol (DHCP).
DHCP is an application layer protocol responsible for allowing a device to automatically obtain an IP address (and addresses of other important network assets, such as DNS servers and routers). Most DHCP servers today also provide other parameters to clients, such as the addresses of the default gateway and DNS servers in use on the network.
The DHCP Packet Structure
DHCP packets can carry quite a lot of information to a client. The following fields are present with a DHCP packet:
OpCode: Indicates whether the packet is a DHCP request or a DHCP reply
Hardware Type: The type of hardware address (10 MB Ethernet, IEEE 802, ATM, and so on)
Hardware Length: The length of the hardware address
Hops: Used by relay agents to assist in finding a DHCP server
Transaction ID: A random number used to pair requests with responses
Seconds Elapsed: Seconds since the client first requested an address from the DHCP server
Flags: The types of traffic the DHCP client can accept (unicast, broadcast, and so on)
Client IP Address: The client's IP address (derived from the Your IP Address field)
Your IP Address: The IP address offered by the DHCP server (ultimately becomes the Client IP Address field value)
Server IP Address: The DHCP server's IP address
Gateway IP Address: The IP address of the network's default gateway
Client Hardware Address: The client's MAC address
Server Host Name: The server's host name (optional)
Boot File: A boot file for use by DHCP (optional)
Options: Used to expand the structure of the DHCP packet to give it more features
The DHCP Renewal Process
The primary goal of DHCP is to assign addresses to clients during the renewal process. The renewal process takes place between a single client and a DHCP server. The DHCP renewal process is often referred to as the DORA process because it uses four types of DHCP packets: discover, offer, request, and acknowledgement.
The Discover Packet
The first packet is sent from 0.0.0.0 on some port, say Port 68, to 255.255.255.255 on say Port 67. The client uses 0.0.0.0 because it does not yet have an IP address. The packet is sent to 255.255.255.255 because this is the network-independent broadcast address, thus ensuring that this packet will be sent out to every device on the network. Because the device does not know the address of a DHCP server, this first packet is sent in an attempt to find a DHCP server that will listen.
DHCP relies on UDP as its transport layer protocol. DHCP is very concerned with the speed at which a client receives the information it is requesting. DHCP has its own built-in reliability measures, which means UDP is a perfect fit.
This packet is a request. This packet has:
DHCP Message Type: Option type 53. It is a DHCP discover packet.
Client Identifier: This provides additional information about the client requesting an IP address.
Requested IP Address: This supplies the IP address the client would like to receive (typically its previously used IP address).
Parameter Request List: This lists the different configuration items (IP addresses of other important network devices) the client would like to receive from the DHCP server.
The Offer Packet
A packet travels from the server 192.168.0.1, containing the IP address 192.168.0.10 . The client does not actually have the 192.168.0.10 address yet, so the server will first attempt to communicate with the client using its hardware address, as provided by ARP. If communication is not possible, it will simply broadcast the offer to communicate.
The offer packet is sent by the DHCP server in order to offer its services to the client. It does so by supplying information about itself and the addressing it wants to provide the client. It shows up in the Your (client) IP Address field. The server offers the following additional information, along with the client's IP address:
Once the client receives an offer from the DHCP server, it should accept it with a DHCP request packet.
The third packet in this capture still comes from IP address 0.0.0.0 because we have not yet completed the process of obtaining an IP address. The packet now knows the DHCP server it is communicating with.
This packet is a DHCP Request. The requested IP address is no longer blank, and the DHCP Server Identifier field also contains an address.
The Acknowledgement Packet
The DHCP server send the requested IP addresses to the client in an acknowledgement packet and records that information in its database.
The client now has an IP address and can use it to begin communicating on the network.
In the early days of networking, when a device wanted to communicate over a network, it needed to be assigned an address by hand. As network s grew, this manual process quickly became cumbersome. To solve this problem, Bootstrap Protocol (BOOTP) was created to automatically assign addresses to network-connected devices. BOOTP was later replaced with the more sophisticated Dynamic Host Configuration Protocol (DHCP).
DHCP is an application layer protocol responsible for allowing a device to automatically obtain an IP address (and addresses of other important network assets, such as DNS servers and routers). Most DHCP servers today also provide other parameters to clients, such as the addresses of the default gateway and DNS servers in use on the network.
The DHCP Packet Structure
DHCP packets can carry quite a lot of information to a client. The following fields are present with a DHCP packet:
OpCode: Indicates whether the packet is a DHCP request or a DHCP reply
Hardware Type: The type of hardware address (10 MB Ethernet, IEEE 802, ATM, and so on)
Hardware Length: The length of the hardware address
Hops: Used by relay agents to assist in finding a DHCP server
Transaction ID: A random number used to pair requests with responses
Seconds Elapsed: Seconds since the client first requested an address from the DHCP server
Flags: The types of traffic the DHCP client can accept (unicast, broadcast, and so on)
Client IP Address: The client's IP address (derived from the Your IP Address field)
Your IP Address: The IP address offered by the DHCP server (ultimately becomes the Client IP Address field value)
Server IP Address: The DHCP server's IP address
Gateway IP Address: The IP address of the network's default gateway
Client Hardware Address: The client's MAC address
Server Host Name: The server's host name (optional)
Boot File: A boot file for use by DHCP (optional)
Options: Used to expand the structure of the DHCP packet to give it more features
The DHCP Renewal Process
The primary goal of DHCP is to assign addresses to clients during the renewal process. The renewal process takes place between a single client and a DHCP server. The DHCP renewal process is often referred to as the DORA process because it uses four types of DHCP packets: discover, offer, request, and acknowledgement.
The Discover Packet
The first packet is sent from 0.0.0.0 on some port, say Port 68, to 255.255.255.255 on say Port 67. The client uses 0.0.0.0 because it does not yet have an IP address. The packet is sent to 255.255.255.255 because this is the network-independent broadcast address, thus ensuring that this packet will be sent out to every device on the network. Because the device does not know the address of a DHCP server, this first packet is sent in an attempt to find a DHCP server that will listen.
DHCP relies on UDP as its transport layer protocol. DHCP is very concerned with the speed at which a client receives the information it is requesting. DHCP has its own built-in reliability measures, which means UDP is a perfect fit.
This packet is a request. This packet has:
DHCP Message Type: Option type 53. It is a DHCP discover packet.
Client Identifier: This provides additional information about the client requesting an IP address.
Requested IP Address: This supplies the IP address the client would like to receive (typically its previously used IP address).
Parameter Request List: This lists the different configuration items (IP addresses of other important network devices) the client would like to receive from the DHCP server.
The Offer Packet
A packet travels from the server 192.168.0.1, containing the IP address 192.168.0.10 . The client does not actually have the 192.168.0.10 address yet, so the server will first attempt to communicate with the client using its hardware address, as provided by ARP. If communication is not possible, it will simply broadcast the offer to communicate.
The offer packet is sent by the DHCP server in order to offer its services to the client. It does so by supplying information about itself and the addressing it wants to provide the client. It shows up in the Your (client) IP Address field. The server offers the following additional information, along with the client's IP address:
- A subnet mask of 255.255.255.0
- A renewal time of 30 minutes
- A rebinding time value of 48 hours
- An IP address lease time of one hour
- A DHCP server identifier of 192.168.0.1
Once the client receives an offer from the DHCP server, it should accept it with a DHCP request packet.
The third packet in this capture still comes from IP address 0.0.0.0 because we have not yet completed the process of obtaining an IP address. The packet now knows the DHCP server it is communicating with.
This packet is a DHCP Request. The requested IP address is no longer blank, and the DHCP Server Identifier field also contains an address.
The Acknowledgement Packet
The DHCP server send the requested IP addresses to the client in an acknowledgement packet and records that information in its database.
The client now has an IP address and can use it to begin communicating on the network.
No comments:
Post a Comment