Question about DHCP Operation

I've been messing around with Wireshark lately and I noticed something that I can't quite figure out. In the DHCP Offer the DHCP server has set a destination IP address of 191.158.0.3 before the client has even accepted that as its IP address. In the next step, the client even sends back its response from source IP of 0.0.0.0 indicating that it hasn't applied the address yet. So how did the packet get to the client in the DHCP Offer?

I attached a screenshot of my wireshark capture. Just looking for some clarification! Thanks!

http://i.imgur.com/sHBnsIc.png

Find more posts tagged with

Comments

vasyvasy

I think the DHCP server responds with the "proposed" IP address of 191.158.0.3 in its DHCP Offer packet
Most of the communication between the DHCP server and DHCP client is at layer 2, you might want to look for more info at the Wireshark in layer 2

More info on the whole DHCP process here

quickman007

DHCP is a layer 7 protocol, from my understanding, so it has to be encapsulated in a layer 3 packet. If the DHCP server is on another subnet it needs the layer 3 information.

showint

This kind of behaviour of DHCP is defined in RFC 2131

Normally, DHCP servers and BOOTP relay agents attempt to deliver DHCPOFFER, DHCPACK and DHCPNAK messages directly to the client using unicast delivery. The IP destination address (in the IP header) is set to the DHCP 'yiaddr' address and the link-layer destination address is set to the DHCP 'chaddr' address. Unfortunately, some client implementations are unable to receive such unicast IP datagrams until the implementation has been configured with a valid IP address (leading to a deadlock in which the client's IP address cannot be delivered until the client has been configured with an IP address).

So in the DHCP discover there is a flag called the broadcast bit that the client uses to tell the server how he would like the offer to be: broadcast if it is on or unicast if it is off but the server makes the final decision based on its capability.
Cisco routers when acting as dhcp clients have this broadcast bit turned off by default and so the dhcp offer from a Cisco router is unicasted.

RFC 2131 - Dynamic Host Configuration Protocol

https://learningnetwork.cisco.com/thread/32255

P.S. Thanks to you, I learned something new.

aderon

That's actually really interesting. Thanks for the clarification.

showint

aderon, glad I could help.