Dynamic Host Configuration Protocol dynamically assigns IP addresses. Lisa Bock reviews the four-step process: discover, offer, request, and acknowledgment.
- [Narrator] Dynamic Host Configuration Protocol automatically assigns IP addresses on a local area network. Because we want our IP address fast, it uses UDP for transport. The client would use UDP port 68, and the server would use UDP port 67. To activate DHCP, we want to make sure our interface is set to automatically obtain an IP address. I'm in the control panel. "Network and internet", "network and sharing center," and then I select "Ethernet 2," which is my active connection.
Select "properties", then I'll go to my bindings, where it says "Internet Protocol Version 4," and take a look at the properties. In there you can see "Obtain an IP address automatically." Now we don't assign static IP addresses, unless it's on a machine we don't want the IP address to change. That would include something like a server, or a printer. When a host joins the network, or wakes up, it doesn't have an IP address. It broadcasts by beginning the DHCP Process, by sending a discover packet.
The DHCP Process has four steps: Discover, Offer, Request, and Acknowledgement. It's also called the DORA Process. Let's watch it as it works. I'll being by doing a capture in Wireshark, and then in the display filter, I want to put the filter "BOOTP." That is the proper display filter for DHCP. I'm at the command line interface, and I see "ipconfig/ release," and that takes away my IP address.
To get my IP address back , I say "ipconfig/ renew." Keep in mind it's gonna take a few seconds because it is a four step process. And no I have an IP address and we can stop the capture. So let's take a look at the DHCP Process. Over here in the "Information," we'll just tighten this up so we can have a little bit more landscape in order to see this. Again, my display filter for DHCP is "BOOTP." When I'm looking at the Wireshark interface, my personal preference is to go to "view," and "packet bytes," 'cuz I don't really look at those, and now I can have a little more landscape when I'm taking a look at each of the frames.
In frame 535, we can see that's where I said to release it. Now there's your transaction ID, and as you can see, it ends with a nine-three. When I said renew, that started the four step process, Discover, Offer, Request, and Acknowledgement. So here we say Discover, and in this case you can see, it is a broadcast saying I need an IP address. Down below, we look at the Bootstrap Protocol, which is what your DHCP is, it's called Bootstrap Protocol. We see my client address is set at zero, because I don't have an IP address.
But the Transaction ID, which is ending in 6-7, will keep track of those transactions, so it gets to the right place. Now I'm offered an IP address. Here you can see, your client IP address, ending in 153. So the server says, I do have an IP address for you, maybe you'd like this one. I then send out a formal request that I would like that IP address. Then you see a final acknowledgement. This says, your IP address is the following. I'll scroll down so you can see that.
Right now, you see your IP address, is the following. So now my machine has an IP address, and I'm able to connect to the network.
Note: The topics in this course will prepare you for key objectives on the Certified Ethical Hacker exam. Find an overview of the certification and the exam handbook at https://www.eccouncil.org/programs/certified-ethical-hacker-ceh/.
- Sniffing network traffic
- Passive vs. active attacks
- Comparing IPv4 to IPv6
- MAC and macof attacks
- Investigating DHCP attacks
- Detecting ARP and DNS spoofing
- Sniffing tools and techniques