DHCP principles and packet formats

Dynamic Host Configuration Protocol (DHCP) is a protocol designed by IETF to achieve automatic IP configuration, it can automatically assign IP addresses, subnet masks, default gateways, DNS Server IP addresses, and other TCP/IP parameters to the client. Understanding the DHCP process can help us eliminate problems related to the DHCP service. DHCP is an application based on the UDP layer (that is to say, only UDP packets can be viewed during the Snort detection process). DHCP uses UDP to carry packets, and UDP is encapsulated and sent in IP packets. Let's take a look at the DHCP packet format.

 

OP: if the client sends a packet to the server, set it to 1 and reverse to 2;

Htype: hardware type. The value of Ethernet is 1;

Hlen: hardware length. The Ethernet value is 6;

Hops: if the data packet needs to be transmitted through the router, add 1 to each station. If the data packet is in the same network, it is 0;

Transaction ID: Transaction ID, which is a random number used to match requests and messages between the customer and the server;

Seconds: the time specified by the user. It refers to the time after the address is obtained and updated;

Flags: from 0 to 15 bits, when the leftmost 1bit is 1, the server sends packets to the client in broadcast mode, and the rest are not used yet;

Ciaddr: user IP address;

Yiaddr: the customer's IP address;

Siaddr: IP Address used in the bootstrap process;

Giaddr: IP address of the forwarding proxy (GATEWAY;

Chaddr: The hardware address of the client;

Sname: name of an optional server, ending with 0x00;

File: the Startup File Name;

Options:, vendor ID, optional parameter field

Next we will mainly talk about the process in which the client obtains an IP address from the dhcpserver. The IP address is in the initial status, select status, Request status, bind status, re-obtain status, and re-bind status. Let's take a look at the picture below.

 

 

1. When the host is started, DHCP is in the INI state. In order to obtain the IP address, the DHCP Client initializes the TCP/IP and sends a dhcpdiscover broadcast packet to the network through UDP port 67, requesting the lease IP address. The Source IP address in the broadcast package is 0.0.0.0, and the target IP address is 255.255.255.255. The package also contains the client's MAC address and computer name. All local dhcpservers will receive this message, set the destination port in the data packet to the bootp67 port. DHCP is in the select state.

2. A select host receives dhcpoffer packets from the dhcpserver. Each packet contains the information configured for the client and the lease IP Address Provided by the server for the client, generally, the host receives zero or multiple offer packets (generally, the host responds to the first offer packet) and negotiates with the server. Therefore, the host sends a dhcpquest packet, and enter the Request status.

3. The dhcpserver sends an ACK confirmation message to the client, and the DHCP acquisition process ends. The host enters the BIND stable state.

4. If the host does not need an IP address or requires a new IP address, the host sends a dhcprelease message to the dhcpserver, and the host is in the initial state again.

5. generally, the IP address of the server to the client has a lease period, and the length of time is not long. The DHCP host has three timers. When the selected IP address is half 50%, the host sends a dhcprequest message requesting the lease to enter the renew status, the server DHCP server sends an ACK message in response to this message, and DHCP enters the bond status again.

6. if the dhcpserver does not respond to the request from the host, when the lease period reaches 87.5%, the host will re-Send the dhcprequest message to request renewal, and the host enters the rebind status. If the dhcpserver is unhappy at this time (the IP address is insufficient) the host will re-enter the initial status and re-apply for an IP address following the steps 1-4. If you receive the ACK boss's confirmation that the lease renewal is successful, it means that we can continue to use this IP address. No response. Our host only needs to wait until our IP address rental period is exhausted and re-enter the initial status to re-obtain it.

Message Type:

1) dhcpdiscover (0x01), the first packet from the client starting the DHCP Process

2) dhcpoffer (0x02), which is the server's response to the dhcpdiscover Packet

3) dhcprequest (0x03). This packet is the response to the server's dhcpoffer packet when the client starts DHCP, or the packet sent when the client renews the IP address lease period.

4) DHCPDECLINE (0x04): When the client finds that the IP address assigned to it by the server is unavailable, if the IP address conflict occurs, this message is sent, notifying the server that the IP address is prohibited.

5) dhcpack (0x05): the server confirms the Response Message of the client's dhcprequest message. After receiving the message, the client obtains the IP address and related configuration information.

6) dhcpnak (0x06): the server rejects the response to the client's dhcprequest packet. After the client receives the packet, it generally restarts the new DHCP process.

7) dhcprelease (0x07), the client actively releases the IP address packet assigned to it by the server. After receiving the packet, the server can reclaim the IP address, can be assigned to other clients.

8) in dhcpinform (0x08), the client has obtained an IP address and sent the packet to obtain other network configuration information from the DHCP server, such as the Route IP address, such as dns ip, which is rarely used.

For example, after ipconfig/release is run, the PC sends a packet to release the IP address. The DHCP message type is 7, which actively releases the packet from the IP address assigned by the server, after the server receives the packet, it can reclaim the IP address and allocate it to other clients.

If a client has not obtained an IP address from the DHCP server or the IP address it has obtained has expired, it takes four steps to obtain an IP address.