Dynamic Host Configuration Protocol (DHCP) is the protocol that provides you with an IP address automatically while connecting to the network. In this recipe, we will learn how to locate some of the common DHCP problems.
When you have a DHCP server on your network, and PCs are not able to receive IP addresses automatically, just connect Wireshark with port mirror to the device that doesn't receive the address, connect and disconnect the device from the network, or simply use the ipconfig /release
and ipconfig /renew
commands. Now, we will have a look at what can go wrong.
Have a look at the DHCP procedure described in the How it works … section. Anything that is not going according to this procedure is wrong, so check for the following:
DHCP Discover
packet?DHCP Discover
packet since it doesn't have a network to send it over.DHCP Discover
and receives DHCP Offer
from a single server. This is ok; continue watching the wire.DHCP Discover
and receives DHCP Offer
from two or more servers. This is a problem. You have more than one DHCP server on your LAN, and you might get different address allocations to clients on the LAN. Turn off one of the servers (at least the DHCP service on it).DHCP Ack
with the IP parameters, everything is fine.DHCP Request
, it can be a slow or non-responsive server. Check it.DHCP is considered to be a simple protocol, but actually it is very complex. When you connect a client to the network, it will go through the following steps:
DHCP Discover
: The client initializes a limited version of TCP/IP and broadcastsa request looking for a DHCP server. The request is sent from UDP port 68 to UDP port 67.DHCP Offer
: DHCP servers listen on UDP port 67, and if a server receives the request, it answers with a DHCP offer, that is offering to provide the service of address assignment.DHCP Request
: The client receives the DHCP offer and sends back a request to receive information. The request will be, for example, the IP address that we requested before (because we had it before), for our MAC address so that the server will recognize us as a prior client with a saved IP address and other parameters.DHCP Ack
: Here the server sends the requested information, including the IP address, subnet mask, default gateway, DNS servers, and other parameters that are configured on the server.In the next screenshot, we see a standard procedure of DHCP that works properly:
A very common problem is when you connect a device to your network, you receive an IP address and you don't have any idea where it came from. Usually, this is because someone has connected a DHCP server to your LAN without telling you. In most of the cases, it will be a small Internet router. This is very simple to find out:
ipconfig
and get an address that you don't know, it might be a problem.ARP –a
to give you the troublemaker's MAC address. This will tell you two things:3.149.242.118