A quick notes on how DHCP process works.
DHCP is one of the most important thing in a network infrastructure.
Why it is most important? Would you link to configure 30 or more computers with an static IP?
Or would you prefer, just plugging a network cable and that's it DHCP will do the rest.
If DHCP works as cool as that, why bother how it works on the background?
It's good to know how things works on the background, not just because you're preparing for some certification and you got to nail down that cert.
It still a very good thing to know how things are being done on the background.
Download Network Monitor Tools from Microsoft site on this link below:
http://www.microsoft.com/en-sg/download/details.aspx?id=4865
On start page of Network Monitor, click the Network Interface on which the packet will be sniff.
If the PC has only 1 NIC, it will be check by default. If PC has multiple NICs check the desired NIC.
Click on "New Capture", and a new window will open. Click on Start to capture data.
The file will be very big, so don't capture for a long time unless there's a good reason to do so.
This is just some quick notes, so I'm I will try to make it short and quick.
Of course, let's assume that there is a server or any hardware that has been setup as a DHCP server.
The first time a computer with no static IP configure or no IP at all join a network, it will try to DISCOVER for any DHCP server.
DHCP DISCOVER will be a Broadcast (in an IPV4 network, Broadcast address is 255.255.255.255)
All the nodes (all the computers) on the network will receive it, if a DHCP server is present or found on the network, the DHCP server will reply and send an "Offer" message to the node.
So the second step is:
DHCP OFFER and will reply to the node or computer requesting.
Since the DHCP server send a reply and a DHCP OFFER, the node will then reply back with a DHCP REQUEST.
Third process is:
DHCP REQUEST - the computer will send a reply back to the DHCP server with a request.
When the DHCP server receive the request, it will acknowledge the request and will reply with a DHCP ACK to the client. Thus, the client will be configured with whatever settings that has been preset on the DHCP server.
So Fourth process is:
DHCP ACK - the DHCP server acknowledges the request and reply back to the node with a DHCP sACK.
That completes the DHCP process. Or the DORA process. Discover Offer Request Acknowledge
That completes the DHCP process. Or the DORA process. Discover Offer Request Acknowledge
You can download a Packet Sniffer to monitor how 1's and 0's does it.
I have downloaded a Microsoft Network Monitoring Tool or you can download Wireshark or any tools that you prefer to sniff the packets.
Why need to monitor the packets when they said, it works like that?
Well, as odds say "To see is to believe".
Here's the screen shot I got from Network Monitor Tool.
From the screen shot above, the node 0.0.0.0 means that the client don't have an IP Address.
Notice that the all the Destination is 255.255.255.255, all in Broadcast address.
The 192.168.1.X.X is the DHCP Server.
The G077 is the name of the computer, that is already registered on the DHCP server.
Notice that the last DHCP reply of the DHCP server is not Broadcast anymore but it is sent directly (Unicast message) to the computer. It is because the process has been completed, and DHCP configuration has been completed.
Below is the detailed of the Packet Frames that takes place, I had omitted some of the details. This will be helpful for those who are preparing for certifications.
I had put to bold all those items that might be important for certification purposes.
Notice that, since the computer has no IP Address, it uses it's MAC Address to communicate with the server.
On the frame details below, the MAC Address is listed as Source Address and the Destination Address is FF-FF-FF-FF-FF-FF (equivalent to 255.255.255.255 in decimal).
Thus, we can conclude that when the computer send a DHCP Discover it happens at Layer 2 on the OSI model.
Thus, we can conclude that when the computer send a DHCP Discover it happens at Layer 2 on the OSI model.
And good things to take note that Client source is port 68 and the Server port is 67.
When things go wrong as they sometimes will, when DHCP is not working it is a good start to check those two ports 67 and 68.
Frame: Number = 61, Captured Frame Length = 362, MediaType = ETHERNET
- Ethernet: Etype = Internet IP (IPv4),DestinationAddress:[FF-FF-FF-FF-FF-FF],SourceAddress:[D8-59-75-3C-1B-1B]
- DestinationAddress: *BROADCAST [FF-FF-FF-FF-FF-FF]
Rsv: (111111..)
UL: (......1.) Locally Administered Address
SourceAddress: 0.0.0.0
DestinationAddress: 255.255.255.255
- Udp: SrcPort = BOOTP client(68), DstPort = BOOTP server(67), Length = 328
SrcPort: BOOTP client(68)
DstPort: BOOTP server(67)
TotalLength: 328 (0x148)
Checksum: 64493 (0xFBED)
UDPPayload: SourcePort = 68, DestinationPort = 67
- Dhcp: Request, MsgType = REQUEST, TransactionID = 0x2835DD54
OpCode: Request, 1(0x01)
Hardwaretype: Ethernet
HardwareAddressLength: 6 (0x6)
HopCount: 0 (0x0)
ClientID: Binary Large Object (6 Bytes)
- RequestedIPAddress: 192.168.1.13 - Type 50
Code: Requested IP Address, 50(0x32)
Length: 4 UINT8(s)
Basically, if you need to experiment how the whole DHCP works, on a laptop or any computer with WireShark or other network monitoring tools which has capability to capture packets; first thing is to turn off WiFi or disconnect the network cable; make sure there is no network connectivity or the computer is using the APIPA IP Address; then open WireShark to capture packets; after that turn-on WiFi or plugin the cable; make it last until there's network connectivity and unplug the cable or turn off the WiFi and turn off packet capturing.
In this way, you won't have a lot of data and it will be easy to keep track how the whole DHCP works on how the PC is able to get the IP Address and other settings to connect to the network.
In this method, if you are having trouble or experiencing computers receiving IP Addresses other than the current network settings; then chances are there is a rogue router offering IP Address to computers that is causing the computer to get a wrong IP Address.
Using the method above it will capture the rogue router, because the first part it will get the IP Address from the first DHCP; then the rogue DHCP device will offer another DHCP IP Address and for whatever reason the computer will use this rogue router IP Address causing the computer to loss network connectivity.
To easily capture the DORA process in WireShark, a network cable should be ready the other end should be connected to a working network and the other end is ready to be plugged in to a laptop or a desktop computer. On the computer run WireShark, plugin the network cable and after 3-5 seconds plugged out the network cable and stopped WireShark.
You will not have tons of data since it is only a few seconds but you will be able to see; that the first thing the computer does is to look for a device that is offering DHCP.
Cheers! Hope it helps!!! till next time...
================================
Free Android Apps:
Click links below to find out more:
Excel Keyboard guide:
Heaven's Dew Fall Prayer app for Android :
Catholic Rosary Guide for Android:
Comments
Post a Comment