DHCP stands for dynamic host configuration protocol. It is used in a situation where clients are provided IP addresses dynamically by a DHCP Server in the network. The DHCP Server works on UDP port 67 and the client works on UDP port 68. The wireshark capture which is attached with the post, shows the DHCP packets which are exchanged between the client and the server for the purpose of obtaining an IP address.
Let’s do an analysis of the packets exchanged –
The packet analyzer is started on the network card of the client before the user has plugged in the network card to the port.
1. DHCP Discover message – The moment the user plugs in the network card to the port, the DHCP Discover packet is send from the client to the server. Observe that the source IP address is 0.0.0.0 because the client does not have an IP address. The destination IP address is broadcast – 255.255.255.255. The Source Port (UDP port) is 68 for the client and Destination Port (UDP) is 67 for the DHCP Server.
2. DHCP Offer – The DHCP Server would respond to the client on receipt of the DHCP Discover message by sending the DHCP Offer message with an IP address for the client.
3. DHCP-Request – The message is used for informing other DHCP Servers on the network that the client is about to use the IP address which is provided the DHCP Server. On receipt of this message, other DHCP Servers, if they had provided an IP address , can now put it back into the pool.
4. DHCP Ack – The message is used by the actual DHCP server which has provided the IP address to acknowledge the the request of the client.