DHCP - Dynamic Host Configuration Protocol
DHCP is a network management protocol that automatically assigns IP addresses and other communication parameters to devices connected to a network.
DHCP Header:
Ethertype: 0x0800 - next header is IPv4 but there is no IP header SRC MAC: own
DST MAC: b-cast MAC
IP Header: SRC IP: 0.0.0.0
DST IP: 255.255.255.255 - b-cast IP address
UDP HEader:
Src Port: 67/68
Dst Port 67/68>
DHCP Header:
Type: 1
Ethernet II
Destination: Broadcast (ff:ff:ff:ff:ff:ff) <<< it is sent to b-cast MAC
Source: Apple_b7:a6:ec (6c:7e:67:b7:a6:ec)
Type: IPv4 (0x0800)
Trailer: f0
Internet Protocol Version 4 <<< DHCPv4 uses UDP, we need IP header
0100 .... = Version: 4
.... 0101 = Header Length: 20 bytes (5)
Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT)
Total Length: 328
Identification: 0xb995 (47509)
Time to Live: 255
Protocol: UDP (17)
Header Checksum: 0x0110
Header checksum status: Unverified
Source Address: 0.0.0.0 <<< Src IP is 0.0.0.0 - it migth be a IP of the DHCP helper
Destination Address: 255.255.255.255 <<< Dst is b-cast IP or it might be DHCP server IP if DHCP helper is used
User Datagram Protocol <<< DHCPv4 uses UDP
Source Port: 68 <<< bootp client/ bootpc
Destination Port: 67 <<< bootp srver / bootps
Length: 308
Checksum: 0x4f16
Checksum Status: Unverified
Stream index: 0
Timestamps
Time since first frame: 0.000000000 seconds
Time since previous frame: 0.000000000 seconds
UDP payload (300 bytes)
Dynamic Host Configuration Protocol (Request)
Message type: Boot Request (1)
...
Brief diagram showing most common communication:
Discover
The DHCP client broadcasts a DHCPDISCOVER message on the network subnet using the destination address 255.255.255.255 (limited broadcast) or the specific subnet broadcast address (directed broadcast). A DHCP client may also request an IP address in the DHCPDISCOVER, which the server may take into account when selecting an address to offer.
Offer
When a DHCP server receives a DHCPDISCOVER message from a client, which is an IP address lease request, the DHCP server reserves an IP address for the client and makes a lease offer by sending a DHCPOFFER message to the client. This message contains the client’s client id (traditionally a MAC address), the IP address that the server is offering, the subnet mask, the lease duration, and the IP address of the DHCP server making the offer. The DHCP server may also take notice of the hardware-level MAC address in the underlying transport layer: according to current RFCs the transport layer MAC address may be used if no client ID is provided in the DHCP packet.
The DHCP server determines the configuration based on the client’s hardware address as specified in the CHADDR (client hardware address) field. In the following example the server (192.168.1.1) specifies the client’s IP address in the YIADDR (your IP address) field.
Request
In response to the DHCP offer, the client replies with a DHCPREQUEST message, broadcast to the server,[a] requesting the offered address. A client can receive DHCP offers from multiple servers, but it will accept only one DHCP offer. Before claiming an IP address, the client will broadcast an ARP request, in order to find if there is another host present in the network with the proposed IP address. If there is no reply, this address does not conflict with that of another host, so it is free to be used.
The client must send the server identification option in the DHCPREQUEST message, indicating the server whose offer the client has selected.[8]: Section 3.1, Item 3 When other DHCP servers receive this message, they withdraw any offers that they have made to the client and return their offered IP address to the pool of available addresses.
ACK
When the DHCP server receives the DHCPREQUEST message from the client, the configuration process enters its final phase. The acknowledgement phase involves sending a DHCPACK packet to the client. This packet includes the lease duration and any other configuration information that the client might have requested. At this point, the IP configuration process is completed.
The protocol expects the DHCP client to configure its network interface with the negotiated parameters.
After the client obtains an IP address, it should probe the newly received address[8]: sec. 2.2 (e.g. with ARP Address Resolution Protocol) to prevent address conflicts caused by overlapping address pools of DHCP servers. If this probe finds another computer using that address, the computer should send DHCPDECLINE, broadcast, to the server.