DHCP is an extension of the BOOTP mechanism. In other words, DHCP uses BOOTP as its transport protocol. This behavior allows existing BOOTP clients to interoperate with DHCP servers without requiring any change to the clients' initialization software; the following table shows basic comparisons between these two protocols:
|
BOOTP/DHCP |
BOOTP |
DHCP (Dynamic Host Configuration Protocol) |
|---|---|---|
|
Meaning |
Bootstrap Protocol |
Dynamic Host Configuration Protocol extension of BOOTP |
|
Year |
1985 |
1993 |
|
UDP Server Port |
67 | |
|
UDP Client port |
68 | |
|
Services |
|
|
|
RFC |
RFC951 |
RFC 2131 |
|
Existence |
Superseded by the Dynamic Host Configuration Protocol (DHCP) |
ACTIVE; RFCs keep coming to add more features and support different technical requirements |
Use the bootp filter to display BOOTP/DHCP traffic and use UDP port 67 to capture the BOOT/DHCP traffic only.
DISCOVER, OFFER, REQUEST, ACK protocol exchanges happen between clients and servers during network address assignment, as shown in the following screenshot. As a mnemonic, refer to this as DORA.
The address assignment can also be done using the Rapid Commit option for DHCPv4. Modeled on DHCPv6, it uses two-message exchanges to quickly configure the DHCPv4 client.
To demonstrate four-message exchange open the DHCPv4.pcap file in the Wireshark, as shown in the following screenshot:
The preceding figure shows a message exchange happening between the DHCPv4 client and DHCPv4 server. This is summarized as follows:
DISCOVER (bootp.option.dhcp == 1):- Expand Bootstrap protocol to view BOOTP details
- The client broadcasts (
255.255.255.255), aDHCPDISCOVERmessage, on its local physical subnet and may include the option: (55that isbootp.option.type) parameter request list; during this time the "yiaddr" field will be (bootp.ip.your == 0.0.0.0)
OFFER (bootp.option.dhcp == 2):- Expand Bootstrap protocol to view BOOTP details
- The DHCP server may respond with a
DHCPOFFERmessage that includes an available network address in the "yiaddr" (bootp.ip.your == 10.0.0.106) field - The DHCP server will send its option 54: DHCP server identifier and may include the other configuration parameter as requested in option 55 the
DICOVERphase
DHCPREQUEST (bootp.option.dhcp == 3):- Expand Bootstrap protocol to view BOOTP details
- The client broadcasts (
255.255.255.255) aDHCPREQUESTmessage that must include the option 54 DHCP server identifier to indicate which server it has selected, and may include other options specifying the desired configuration values - The DHCP server selected in the
DHCPREQUESTmessage commits the binding for the client to thedbstorage and responds with an ACK
ACK (bootp.option.dhcp == 5):- Expand Bootstrap protocol to view BOOTP details
- The server will send the ACK to the client with the configuration parameter; during this time the IPv4 address will be "yiaddr" (
bootp.ip.your == 10.0.0.106) - The client will verify the obtained configuration and check the IPv4 address again using the ARP protocol; if the address is in use by other dhcp clients, the client will send a
DECLINEmessage to the server and restart the configuration process
The commands to capture DHCPv4 traffic are as follows:
- On a Windows machine:
- Start a Wireshark capture.
- Open the Command Prompt.
- Type
ipconfig /renewand press Enter. - Type
ipconfig /releaseand press Enter. - Stop the Wireshark capture.
- On a Linux machine:
- Start a Wireshark capture.
- Open the Command Prompt.
- Bring down the network interface:
bash# ifdown eth0:0 - Bring up the network interface:
bash$ ifup eth0:0 - Stop the Wireshark capture.
- Using dhclient: