Let's talk about the DHCP protocol

  [[375124]]

01Introduction to DHCP Protocol

DHCP (Dynamic Host Configuration Protocol), Dynamic Host Configuration Protocol, is an application layer protocol. For details, please refer to the article "TCP/IP Four-Layer Model". When we set the client host IP address to dynamic acquisition mode, the DHCP server will assign an IP to the client according to the DHCP protocol, so that the client can use this IP to access the Internet.

Several concepts of DHCP:

DHCPClient: A client that requests an IP address through the DHCP protocol. DHCP client is an interface-level concept. If a host has multiple Ethernet interfaces, each interface on the host can be configured as a DHCP client. Each Vlan interface on a switch can also be configured as a DHCP client.

DHCPServer: DHCP server, responsible for providing IP addresses to DHCP clients and managing the allocated IP addresses.

DHCPRelay: DHCP repeater, which forwards DHCP messages when a DHCP client applies for an IP address across network segments.

DHCPSecurity: DHCP security feature, which implements the management function of the legal user IP address table.

DHCPSnooping: DHCP snooping, recording the user information that applies for an IP address through a Layer 2 device.

02How DHCP works

DHCP uses the UDP protocol and uses two port numbers: 67 (DHCP server) and 68 (DHCP client). Port 546 is used for DHCPv6 Client, not for DHCPv4, and is for DHCP failover services. The message sent by the DHCP client to the DHCP server is called a DHCP request message, and the message sent by the DHCP server to the DHCP client is called a DHCP reply message.

The DHCP interaction process is divided into 4 steps

first step

The client initiates a DHCP Discover packet in the LAN in order to find a DHCP Server that can provide it with an IP address.

Step 2

After receiving the Discover packet, the available DHCPServer responds to the Client by sending a DHCPOffer packet, intending to tell the Client that it can provide an IP address.

Step 3

After receiving the Offer packet, the Client sends a DHCPRequest packet to request an IP address.

Step 4

DHCPServer sends an ACK packet to confirm the information.

03Wireshark packet capture analysis

To capture DHCP packets, you must first ensure that there is an available DHCP server, and then set the host IP address acquisition method to automatic acquisition. In our test environment, the laptop is set to DHCP mode and the router has DHCP service enabled. Since the laptop wants to use DHCP to obtain an IP address when it is turned on, it is impossible to quickly open the wireshark software to capture packets when it is turned on. We use the following command to disconnect the host's network connection first, and then reconnect to the network.

 ipconfig /release
 ipconfig /renew

In cmd, you can use ipconfig/? to view the meaning of each parameter:

Command details:

(1)ipconfig /release

Disconnect the current network connection, the host IP becomes 0.0.0.0, the host is disconnected from the network and cannot access the network.

(2)ipconfig /renew

Update the adapter information and request to connect to the network. After this command is completed, the host will obtain an available IP and connect to the network again.

The captured data packets are as follows. Note the use of dhcp filtering conditions.

Wireshark capture file

Link: https://pan.baidu.com/s/1RzvISOkzkVoWOzJDRi5NwQ

Extraction code: lpg9

(Tip: The official account does not support external links, please copy the link to the browser to download)

The four steps of DHCP can be clearly seen.

DHCP Discover Packet

In the Discover phase, it can be seen that the client sends a broadcast copy. For MAC address broadcast, please refer to "802.3 Ethernet Frame" and for IP address broadcast, please refer to "IP Protocol Detailed Explanation". The figure below also shows that DHCP is based on the UDP protocol and uses two port numbers, 67 (DHCP server) and 68 (DHCP client). This has been mentioned above and confirmed in the packet capture file. The DHCP message format is based on the BOOTP message format. The specific message format of DHCP is not the focus of this article. This article will not explain in detail the meaning of each byte in the DHCP message.

DHCP Offer Packet

When the DHCP server receives a DHCPDiscover packet, it responds to the client with a DHCPOfferr packet. In this datagram, the client obtains the most important IP address information. In addition, the server also sends information such as subnet mask, router, DNS, domain name, IP address lease period, etc.

The DHCP server still uses the broadcast address as the destination address because the client requesting IP allocation does not have its own IP at this time, and there may be multiple clients using 0.0.0.0 as the source IP to send IP allocation requests to the DHCP server. DHCP cannot use 0.0.0.0 as the destination IP address, so it still uses the broadcast method to tell the requesting clients that this is a usable DHCP server.

DHCP Request Packet

After the Client receives the DHCPOffer packet (if there are multiple available DHCP servers, it may receive multiple DHCPOffer packets), it confirms that there is a DHCP server that can interact with it, so the Client sends a Request packet to request an IP allocation.

At this time, the source IP and destination IP are still 0.0.0.0 and 255.255.255.255.

DHCP ACK Packet

The server responds to the DHCP request with a DHCPACK packet.

DHCP Disadvantages

DHCP can allocate IP addresses very well, but the DHCP protocol has some disadvantages, such as:

1. The DHCP protocol does not support address allocation across network segments

2. The DHCP protocol cannot obtain the IP address of a non-DHCP client, which may cause address conflicts if the address pool is not set properly.

Based on the above defects, we need to set up the IP address pool reasonably and reserve some IP addresses for servers that require fixed IP addresses.

This article is reprinted from the WeChat public account "Zhixiao Programming", which can be followed through the following QR code. To reprint this article, please contact Zhixiao Programming public account.