DHCP Broadcast - Notes

In my last post on DHCP, DHCP Offer and DHCP ACK were unicast frames.

DHCP Unicast Flag

In the Bootp Flags, the broadcast bit is set to 0(means unicast).  It means DHCP Client tells that it is expecting unicast responses from DHCP server.  So, the reply from DHCP server(DHCP Offer and DHCP ACK) will have Unicast MAC and IP Addresses. 

On a linux machine, this can be seen using command 'dhclient eth0'

Broadcast

There are cases when they will be broadcast.  From linux machine, we can use 'dhclient -B eth0' to request Broadcast responses.  Most of the times, DHCP starts from DHCP Offer, instead of Discovery.  So, by googling I found that we had to release the existing IP address for the transaction to happen from Discovery.  Like this

# dhclient -r  eth0
# dhclient -B  eth0

DHCP Broadcast

Observe that the Bootp flag here is '1'(means Broadcast flag set).  Client is asking the server to give broadcast responses.  Therefore, the DHCP Offer and ACK from the server has broadcast MAC and IP addresses.

DHCP Notes

Dynamic Host Configuration Protocol.  Server automatically gives IP address to those machine that request it.

• Message Exchanges (DORA), Discovery, Offer, Request, Acknowledgement.  
• UDP Protocol - port 68 (server) - port 67 (client)
• Wireshark decodes it as Bootp Protocol, because Bootp also uses same port numbers
• Transaction ID same for one transaction of DHCP packets

DHCP

DHCP Discovery

• DHCP Client ---> DHCP Server
• Source MAC is client's MAC.  Destinatation MAC is FF:FF:FF:FF:FF:FF 
• Source IP is 00:00:00:00 (it was not configured with any IP address yet)
• Destination IP is FF:FF:FF:FF (not sure which one is DHCP server)

DHCP Discovery

DHCP Offer

• DHCP Server ----> DHCP Client
• Source MAC and Destination MAC self-explanatory
• Source IP (Server)
• Destination IP(Client).  
• This packet is unicast, but client's IP address is not yet configured. Some cases, the packet will be broadcast.  This needs explanation and it will be done in the next tutorial with Scapy.
• 'Your (client) IP address' is the IP address given by server to client
• Rest of the fields are self-explanatory

DHCP Offer

DHCP Request

• DHCP Client ---> DHCP Server
• Source MAC is client's MAC.  Destinatation MAC is FF:FF:FF:FF:FF:FF 
• Source IP is 00:00:00:00 (it was not configured with any IP address yet)
• Destination IP is FF:FF:FF:FF 
• The reason why destination MAC and IP are broadcast, even though the client is aware about the server IP address is:  It helps other DHCP servers in the network to be aware that the client has already got hold of another DHCP server and it can reallocate the client-offered IP address to some other machine.
• Client requests the IP address to the server, and configures IP address on its interface

DHCP Request

DHCP Acknowledge

• DHCP Server ---> DHCP Client
• Client would have configured IP address by now, so Destination MAC and IP will be of Client's.
• All the properties will be the same that of DHCP Offered packet

DHCP Ack

DNS Notes

While browsing, we give the URL, 'www.xyz.com' something like that.  In internet, it is always converted into IP address for any further processing.  For conversion, we use DNS protocol, Domain Name System.

• Query & Response
• UDP protocol, 53 port

DNS Query

DNS Response

Observations

• Transaction ID is same for both Query and Response
• In flags, query is 0, response is 1
• Type: Record type.  A is mapping IPv4 address and DNS name.  MX is mapping IPv4 address and Mail Exchange server.
• Class: of a Record. belongs to 'IN' Internet name space.