You are on page 1of 5

eSupport

Guiding you towards certification….

Contents

 DHCP Discover
 DHCP Offer
 DHCP Request
 DHCP Ack

eSupport
eSupport

DHCP: What’s actually happening?

You’ve set up you network to use TCP/IP and decide to implement a DHCP server.
What actually get’s transmitted across the wire and how much overhead does DHCP
place on your network? This document looks at the “conversation” between server
and client and the contents of the frames sent/received.

DHCP Discover

The first frame to be delivered is the client computer broadcasting a DHCP Discover
packet in an attempt to locate a DHCP server. The client has no knowledge of any
DHCP servers, so it must broadcast in order to find one. The details of the 14 byte base
DHCP Discover frame are:

• Size of 342 bytes for newer clients, 590 for older. Newer clients include Windows NT
3.51, NT 4.0, Windows 95, and Windows for Workgroups with TCP/IP-32 3.11b.
• Destination Hardware Address of FFFFFFFFFFFF, indicating an Ethernet broadcast.
• Type of packet is IP (0x800).

The details of the 20 byte IP portion of the frame are:

• Source Address is 0.0.0.0, indicating the client does not currently have an IP
address.
• Destination Address of 255.255.255.255, indicating a network broadcast.
• Protocol is UDP (User Datagram Protocol).

The details of the eight byte UDP portion of the frame are:

• Source Port is BOOTP Client (UDP port 68). DHCP is an extension of the BOOTP
protocol that is used to assign IP addresses to intermediate devices, such as
routers and bridges.
• Destination Port is BOOTP Server (UDP port 67).

The remainder of the frame (300 or 548 bytes) is the DHCP Discover portion. Its details
include:

• The majority of the remaining fields are either zeros, or blank, as the client has no
knowledge of any IP addresses or parameters.
• In the DHCP Option Field section, the Client Identifier lists the MAC address.
• The Host Name lists the computer name of the client computer.

These are added to the frame in the event that a DHCP Server may have a reserved
address for the client, which is identified by its MAC address. The host will broadcast up
to four DHCP Discover messages in an attempt to find a DHCP server. If, after four
attempts, a server cannot be located, the computer will cease trying, and attempt to
locate a DHCP server every five minutes until successful.

eSupport
DHCP Offer

Once a DHCP Server has received the Discover packet, and determined that it can
accommodate the client’s request, it responds with a DHCP Offer message.
The details of the base DHCP Offer frame are:

• Size of 342 bytes.


• Destination Hardware Address of FFFFFFFFFFFF, indicating an Ethernet broadcast.
• Type of packet is IP (0x800).

The details of the 20 byte IP portion of the frame are:

• Source Address is that of the DHCP server.


• Destination Address of 255.255.255.255, indicating a network broadcast, as the
client has not acquired an address yet.
• Protocol is UDP (User Datagram Protocol).

The details of the eight byte UDP portion of the frame are:

• Source Port is BOOTP Server (UDP port 67).


• Destination Port is BOOTP Client (UDP port 68).

The remainder of the frame, 300 bytes, is the DHCP Offer portion. Its details include:

• Your IP Address lists the IP address the DHCP server is offering to the client.
• In the DHCP Option Field section, the Subnet Mask lists the proposed subnet mask
parameter value.
• Lease renewal times are listed as Renewal Time Value and Rebinding Time Value.
• The IP Address Lease Time lists the duration of the lease, which defaults to three
days.
• Server Identifier lists the IP address of the DHCP server that made this offer.

DHCP Request

The client computer will select an offer, and respond back to the DHCP server with a
DHCP Request frame. The details of the 14 byte base DHCP Request frame are:

• Size matches the DHCP Discover frame, either 342 or 590 bytes.
• Destination Hardware Address of FFFFFFFFFFFF. A broadcast is used, even though
the client does know the address of the server, to let other DHCP servers know the
client has accepted an offer from a specific server.
• Type of packet is IP (0x800).

The details of the 20 byte IP portion of the frame are:

• Source Address is 0.0.0.0, indicating the client does not currently have an IP
address.
• Destination Address of 255.255.255.255, indicating a network broadcast. As with
the Ethernet header, the client initiates an IP broadcast to let all DHCP servers
learn that it has accepted an offer from a server.
• Protocol is UDP (User Datagram Protocol).

eSupport
The details of the eight byte UDP portion of the frame are:

• Source Port is BOOTP Client (UDP port 68).


• Destination Port is BOOTP Server (UDP port 67).

The remainder of the frame (300 or 548 bytes) is the DHCP Discover portion. Its details
include:

• The majority of the remaining fields are either zeros, or blank, as the client has no
knowledge of any IP addresses or parameters.
• In the DHCP Option Field section, the Client Identifier lists the MAC address.
• The Requested Address lists the IP address the DHCP server offered to the client.
• Server Identifier lists the IP address of the DHCP server that made the offer.
• The Host Name lists the computer name of the client computer.
• The Parameter Request List includes the DHCP Options that client computer
understands. Microsoft clients support the following options:
• 01 which is Subnet Mask.
• 03 which is Router address.
• 0F which is Domain Name.
• 06 which is DNS Server.
• 2C which is WINS/NBNS Server.
• 2E which is WINS/NBT Node Type.
• 2F which is NetBIOS Scope ID.

DHCP ACK

Once a DHCP server has received the client’s Request, it responds with a DHCP ACK
message. The details of the base DHCP ACK frame are:

• Size of 342 bytes.


• Destination Hardware Address of FFFFFFFFFFFF, indicating an Ethernet broadcast.
• Type of packet is IP (0x800).

The details of the 20 byte IP portion of the frame are:

• Source Address is that of the DHCP server.


• Destination Address of 255.255.255.255, indicating a network broadcast, as the
client has not acquired an address yet.
• Protocol is UDP (User Datagram Protocol).

The details of the eight byte UDP portion of the frame are:

• Source Port is BOOTP Server (UDP port 67).


• Destination Port is BOOTP Client (UDP port 68).

The remainder of the frame, 300 bytes, is the DHCP Offer portion. Its details include:

• Your IP Address lists the IP address the DHCP server is offering to the client.
• In the DHCP Option Field section, Lease renewal times are listed as Renewal Time
Value and Rebinding Time Value.
• The IP Address Lease Time lists the duration of the lease, which defaults to three
days.
eSupport
• Server Identifier lists the IP address of the DHCP server that made this offer.
• The Subnet Mask lists the proposed subnet mask parameter value.
• Any configured options that the client requested in the Request frame are listed,
such as Router, NetBIOS Name Service and NetBIOS Node Type.

At this point, the client completes initialisation of TCP/IP with the new address. This
entire process only takes about one-quarter of a second.

Extras

Couple of great tools out there for TCP/IP. Check the tools section of the site and try
http://www.webattack.com for a great list of TCP and other network tools. One to give
a whirl is NeoTrace an advance Traceroute utility. If you’ve never run a traceroute to
Microsoft, or even if you have this utilities GUI map interface is a lot of fun. Has
integrated ping and whois functionality and is great for checking on mail spammers as
is Blighty designs Sam Spade utility available from their web site at
http://www.blighty.com/products/spade

eSupport