This chapter will illustrate the DHCP process using the network protocol analyzer Wireshark.
- In Wireshark, navigate to . The Wireshark:
Capture Interfaces screen, click to select the Intel
(R) Ethernet Connection 1219-LM option and click Start.
- The Capturing from Ethernet (Wireshark) screen
appears. Scroll down until DHCP protocol
process Discover Offer Request Acknowledgment (DORA) is shown.
- DHCP Discover—the DHCP client broadcasts a DHCPDISCOVER message on the network subnet using the destination address 255.255.255.255 and source address 0.0.0.0 from source port 68 to destination port 67. From the Ethernet portion, we see that the Source (src) 54:e1:ad:07:0d:87 (this is the PC shown in the topology) and destination (Dst) broadcast (ff:ff:ff:ff: ff:ff:ff:ff).
- DHCP Offer—the DHCP server responds with a lease offer of a reserved IP address to the client by sending a DHCPOFFER message from source port 67 to destination port 68. From the Ethernet portion, we see Src: Is5Commu_90:5f:81, Dst: broadcast (ff:ff:ff:ff: ff:ff:ff:ff). From the IPv4 section, Src: 12.0.0.100, dst: 255.255.255.255
- DHCP Request—the DHCP client broadcasts the DHCPREQUEST message (meaning that it accepts the proposed network configuration) using the destination address 255.255.255.255 and source address 0.0.0.0 from source port 68 to destination port 67. From the Ethernet portion, we see Src: 54:e1:ad:07:0d:87, Dst: broadcast (ff:ff:ff:ff: ff:ff:ff:ff)
- DHCP Ack (Acknowledgment)—the DHCP server sends the DHCPACK message with the requested configuration information and lease duration inside from source port 67 to destination port 68. The protocol expects the DHCP client to configure its network interface with these negotiated parameters. From the Ethernet portion, we see Src: Is5Commu_90:5f:81, Dst: broadcast (ff:ff:ff:ff: ff:ff:ff:ff). From the IPv4 section, Src: 12.0.0.100, Dst: 255.255.255.255
- In Wireshark, navigate to . The Ethernet
- Graph Analysis screen appears showing a chart with
the DHCP process flow.
