Question about DHCP Operation

aderonaderon CISSP, CCNA:S, CCNA:R&S, AWS:CSA Assoc, Sec+, Lin+, A+, Net+, Proj+Posts: 404Member ■■■■□□□□□□
I've been messing around with Wireshark lately and I noticed something that I can't quite figure out. In the DHCP Offer the DHCP server has set a destination IP address of 191.158.0.3 before the client has even accepted that as its IP address. In the next step, the client even sends back its response from source IP of 0.0.0.0 indicating that it hasn't applied the address yet. So how did the packet get to the client in the DHCP Offer?

I attached a screenshot of my wireshark capture. Just looking for some clarification! Thanks!


http://i.imgur.com/sHBnsIc.png
2019 Certification/Degree Goals: AWS CSA Renewal (In Progress), M.S. Cybersecurity (In Progress), CCNA R&S Renewal (Not Started)

Comments

  • vasyvasyvasyvasy Posts: 68Member ■■■□□□□□□□
    I think the DHCP server responds with the "proposed" IP address of 191.158.0.3 in its DHCP Offer packet
    Most of the communication between the DHCP server and DHCP client is at layer 2, you might want to look for more info at the Wireshark in layer 2

    More info on the whole DHCP process here
  • quickman007quickman007 Posts: 195Member
    DHCP is a layer 7 protocol, from my understanding, so it has to be encapsulated in a layer 3 packet. If the DHCP server is on another subnet it needs the layer 3 information.
  • showintshowint Posts: 68Member ■■□□□□□□□□
    This kind of behaviour of DHCP is defined in RFC 2131

    Normally
    , DHCP servers and BOOTP relay agents attempt to deliver DHCPOFFER, DHCPACK and DHCPNAK messages directly to the client using unicast delivery. The IP destination address (in the IP header) is set to the DHCP 'yiaddr' address and the link-layer destination address is set to the DHCP 'chaddr' address. Unfortunately, some client implementations are unable to receive such unicast IP datagrams until the implementation has been configured with a valid IP address (leading to a deadlock in which the client's IP address cannot be delivered until the client has been configured with an IP address).

    So in the DHCP discover there is a flag called the broadcast bit that the client uses to tell the server how he would like the offer to be: broadcast if it is on or unicast if it is off but the server makes the final decision based on its capability.
    Cisco routers when acting as dhcp clients have this broadcast bit turned off by default and so the dhcp offer from a Cisco router is unicasted.

    RFC 2131 - Dynamic Host Configuration Protocol

    https://learningnetwork.cisco.com/thread/32255


    P.S. Thanks to you, I learned something new.
  • aderonaderon CISSP, CCNA:S, CCNA:R&S, AWS:CSA Assoc, Sec+, Lin+, A+, Net+, Proj+ Posts: 404Member ■■■■□□□□□□
    That's actually really interesting. Thanks for the clarification.
    2019 Certification/Degree Goals: AWS CSA Renewal (In Progress), M.S. Cybersecurity (In Progress), CCNA R&S Renewal (Not Started)
  • showintshowint Posts: 68Member ■■□□□□□□□□
    aderon, glad I could help.
Sign In or Register to comment.