What is DHCP ?

DHCP is a protocol used to provide an IP address to a device. It is also used to configure additional networking related parameters on the device like subnet mask, router, domain name, and dns server.

Why DHCP ?

DHCP stands for dynamic host configuration protocol and so allows a device to get an IP address without any manual intervention as long as the dhcp client is enabled and running on the device.

Autoconfigure. No longer have to manually assign address and configurations on every device No conflicting IP addresses No longer have to track each and every ip address that was assigned. Reuse of IP addresses If an ip address is not in use, it can be used by some other device

How it works ?

Most devices on boot up do not have an IP address unless configured statically. To get to the network the device would need to first find a dhcp server to get an IP address. Since it does not know the address of the dhcp server, the dhcp client (running in the device) sends a UDP broadcast packet (DHCP Discover) in the network. All the devices in the network will see be able to see this packet and if there is one or more dhcp server in the network, they will respond back to the client with an offer (DHCP offer). The DHCP offer includes an IP address, subnet mask, lease time, router and other parameters as configured on the server by an administrator or requested by the client.

If multiple offers were received by the client, then it can decide which offer to accept and accordingly send a broadcast packet requesting (DHCP Request) an IP address from one of the offers. The dhcp server can identify themselves by the "transaction id" field in the request. All the other servers on receiving the request packet will withdraw their offers and return it back to their pool of addresses. The dhcp server that got selected by the client finally concludes the process by sending an acknowledgment (DHCP Ack) and any other information that the client may have requested.

If dhcp server is not in the same subnet, a dhcp relay-agent can be used to forward the request.

How to verify ?

It’s pretty easy to follow the DHCP Handshake on Wireshark. Since, all the handshake happens using broadcast packets, you can pretty much see any device trying to get an IP address using DHCP in your local network. Once you fire up Wireshark start taking live traces on your network interface. To filter out the other noise you can filter baded on a UDP port. (DHCP server listens on port 67). Next take some other device (laptop, iPod, iPad,) in your local network and power it on. You should be able to immediately see the entire handshake on your Wireshark window. If you do not see the first two steps and only see the DHCP Request, and DHCP Ack, it probably means that your device already has a preconfigured ip address and is requesting the server to extends it’s lease.

Screenshot

Missing after porting blog to github pages

Packet Flow

http://www.eventhelix.com/RealtimeMantra/Networking/DHCP.pdf

References

http://tools.ietf.org/html/rfc2131