IP addresses can be configured statically or dynamically. Normally we configure static IP addresses on network devices like routers, switches, firewalls and servers while we dynamically assign IP addresses to computers, laptops, tablets, smartphones etc. The dynamic method uses DHCP (Dynamic Host Configuration Protocol) and in this short lesson I want to show you how it works.
Let’s take a look at the following picture:
On the left side we have a computer without IP address. On the right side there’s a DHCP server configured with static IP address 192.168.1.254. This DHCP server will supply an IP address to our computer, this is how it works:
The computer will send a DHCP discover message. This is a broadcast because it doesn’t have an IP address and it doesn’t know if there is a DHCP server on the network. Of course in our scenario we do have a DHCP server so it will respond to this broadcast as following:
The DHCP server will respond with a DHCP offer message which contains an IP address for the computer (we have to configure the DHCP server to define which IP addresses we want to give). If we want we can also assign a default gateway and DNS server(s) to the computer. The computer will respond to this information:
The computer will send a DHCP Request in response to the DHCP offer message, asking nicely if it’s OK to use the information that it has received. Our DHCP server will respond to this as following:
The DHCP server will respond with a DHCP ACK message to tell the computer it’s OK to use this information. Now you have an idea what DHCP is like, let’s take a closer look at the packages in wireshark:
Above you see the 4 DHCP packets in wireshark. If you want to capture this yourself you need to filter on bootp messages since DHCP uses the bootstrap protocol. In the DHCP discover message you can see that the computer has no IP address (0.0.0.0) and is broadcasting this to IP address 255.255.255.255. The DHCP offer is from our DHCP server (192.168.1.254).
Above you see the DHCP discover message. First of all you see the source MAC address of the computer and the destination MAC address is FF:FF:FF:FF:FF:FF (broadcast). It doesn’t have an IP address (0.0.0.0). DHCP uses the bootstrap protocol and you can see the source port (68) and destination port (67). Now let’s take a closer look at the DHCP offer: