Packets captured during dhcp ip address acquisition-Summary of L3 networks (II)

In the previous article, I mainly talked about the IP address test site in the knowledge point. I plan to talk about the test site for the packets captured during DHCP IP address acquisition. If you have any errors, please correct them.

DHCP is the application layer protocol, UDP is the transport layer protocol, IP is the network layer protocol, and Ethernet is the link layer protocol. Data needs to be encapsulated layer by layer during network transmission. The typical DHCP process is as follows:

1: the client sends the dhcp_discover packet to the server and requests an IP address.

2: The server returns the dhcp_offer packet to the client, specifying an IP address to be allocated.

3: the client sends a dhcp_request message to the server to request this IP address.

4: the IP address is pinged several times (usually three times) on the server. If no response is received, the IP address is idle and can be allocated to the client. Therefore, the server sends the dhcp_ack packet to the client, confirm that it can be allocated. If yes, the dhcp_nak packet is sent and the allocation is denied.

5: if the client receives dhcp_ack, it is responsible for sending a free ARP request to determine whether the IP address has been used. If the IP address is not used, bind it to the IP address allocated by the server. Otherwise, send the dhcp_decline message to the server and reject the allocation. And re-execute the first step.
If dhcp_nak is received, execute Step 1 again.

The client does not have an IP address before applying for an IP address. The dhcp_discover message is sent in broadcast format. The destination address in the IP address header is 255.255.255.255, and the source address is 0.0.0.0. The link layer destination address is the FF-FF-FF-FF-FF-FF, and the source address is your MAC address. After receiving the Discover packet from the client, the server sends the unicast dhcp_offer packet to the client based on the source MAC address.

Check the DHCP packets to be captured:

IP lease request message sent by the customer
The DHCP Client initializes TCP/IP and sends a dhcpdiscover broadcast packet to the network through UDP port 67 to request the lease IP address. The Source IP address in the broadcast package is 0.0.0.0, and the target IP address is 255.255.255.255. The package also contains the client's MAC address and computer name.

IP address lease in DHCP response provides packets
Any DHCP server that receives a dhcpdiscover broadcast packet and can provide an IP address will respond to a dhcpoffer broadcast packet to the client through UDP port 68, providing an IP address. The source IP address of the broadcast package is the DCHP Server IP address, and the target IP address is 255.255.255.255. The package also contains the provided IP address, subnet mask, and lease period.

Customer selects IP lease packets
After receiving the provision from more than one DHCP server, the client selects the first received dhcpoffer package and broadcasts a dhcprequest message package to the network, indicates that you have accepted an IP address provided by the DHCP server. The broadcast package contains the accepted IP address and the IP address of the server. All other DHCP servers cancel their provision so that the IP address can be provided to the next IP address lease request.

The DHCP server sends an IP lease confirmation message.
After receiving the dhcprequest broadcast, the DHCP server selected by the client returns a dhcpack message packet to the client, indicating that the client has been selected, add the legal lease and other configuration information of this IP address to the broadcast package and send it to the client.
Announcement message sent after successful configuration by the customer
When the client receives the dhcpack package, it uses the information in the broadcast package to configure its own TCP/IP, the lease process is complete, and the client can communicate in the network.
At this point, the DHCP service process for a customer to obtain an IP address is basically over. However, the IP address obtained by the customer generally uses a lease period, and the lease period needs to be updated before expiration. This process is completed by renting Update packets.

Customer IP address lease update message
(1) When the current lease period has passed 50%, the DHCP client directly sends a dhcprequest message packet to the DHCP server that provides the IP address. If the client receives the dhcpack message package responded by the server, the client updates its configuration based on the new lease period provided in the package and other updated TCP/IP parameters, IP address lease updated. If you do not receive a response from the server, the client continues to use the existing
IP address, because the current lease period still has 50%.
(2) If the update fails in the past 50% of the lease term, the client will re-provide the IP address DHCP contact to the client during the past 87.5% of the current lease term. If the contact is unsuccessful, the IP address lease process starts again.
(3) If the DHCP Client restarts, it will try to update the IP lease that it had when it was shut down last time. If the update fails, the client attempts to contact the Default Gateway listed in the current IP address lease. If the contact is successful and the lease has not expired, the client determines that it is still located on the same subnet (not removed) as it obtained the existing IP address for rent and continues to use the existing IP address. If you fail to contact the default gateway, the client considers that you have been moved to a different subnet and will start a new round of IP leasing.

After a DHCP client sends a dhcpdiscover broadcast packet for an IP lease request, it takes one second to wait for the DHCP server to respond. If no server response is received within one second, it broadcasts the broadcast package four times (separated by 2, 4, 8, and 16 seconds, plus 1 ~ A random length of 1000 milliseconds ). After four times, if you still fail to receive a response from the server, the DHCP client running Windows 2000 selects an IP address from the automatically retained private IP address 169.254.0.0/16 (apipa, DHCP clients running other operating systems cannot obtain IP addresses. The DHCP client continues the IP leasing process once every five minutes if it receives a response from a server.

For DHCP packets when obtaining IP addresses, simply sort out and explain some of the information from the network. If any error occurs, please point it out! Thank you!

Packets captured during dhcp ip address acquisition-Summary of L3 networks (II)