Question about DHCP Operation
aderon
Member Posts: 404 ■■■■□□□□□□
in CCNA & CCENT
I've been messing around with Wireshark lately and I noticed something that I can't quite figure out. In the DHCP Offer the DHCP server has set a destination IP address of 191.158.0.3 before the client has even accepted that as its IP address. In the next step, the client even sends back its response from source IP of 0.0.0.0 indicating that it hasn't applied the address yet. So how did the packet get to the client in the DHCP Offer?
I attached a screenshot of my wireshark capture. Just looking for some clarification! Thanks!
http://i.imgur.com/sHBnsIc.png
I attached a screenshot of my wireshark capture. Just looking for some clarification! Thanks!
http://i.imgur.com/sHBnsIc.png
2019 Certification/Degree Goals: AWS CSA Renewal (In Progress), M.S. Cybersecurity (In Progress), CCNA R&S Renewal (Not Started)
Comments
-
vasyvasy Member Posts: 68 ■■■□□□□□□□I think the DHCP server responds with the "proposed" IP address of 191.158.0.3 in its DHCP Offer packet
Most of the communication between the DHCP server and DHCP client is at layer 2, you might want to look for more info at the Wireshark in layer 2
More info on the whole DHCP process here -
quickman007 Member Posts: 195DHCP is a layer 7 protocol, from my understanding, so it has to be encapsulated in a layer 3 packet. If the DHCP server is on another subnet it needs the layer 3 information.
-
showint Member Posts: 68 ■■□□□□□□□□This kind of behaviour of DHCP is defined in RFC 2131
Normally, DHCP servers and BOOTP relay agents attempt to deliver DHCPOFFER, DHCPACK and DHCPNAK messages directly to the client using unicast delivery. The IP destination address (in the IP header) is set to the DHCP 'yiaddr' address and the link-layer destination address is set to the DHCP 'chaddr' address. Unfortunately, some client implementations are unable to receive such unicast IP datagrams until the implementation has been configured with a valid IP address (leading to a deadlock in which the client's IP address cannot be delivered until the client has been configured with an IP address).
So in the DHCP discover there is a flag called the broadcast bit that the client uses to tell the server how he would like the offer to be: broadcast if it is on or unicast if it is off but the server makes the final decision based on its capability.
Cisco routers when acting as dhcp clients have this broadcast bit turned off by default and so the dhcp offer from a Cisco router is unicasted.
RFC 2131 - Dynamic Host Configuration Protocol
https://learningnetwork.cisco.com/thread/32255
P.S. Thanks to you, I learned something new. -
aderon Member Posts: 404 ■■■■□□□□□□That's actually really interesting. Thanks for the clarification.2019 Certification/Degree Goals: AWS CSA Renewal (In Progress), M.S. Cybersecurity (In Progress), CCNA R&S Renewal (Not Started)