Вы находитесь на странице: 1из 8

Christopher

Pina
CST 311
Lab 6

Command Prompt: Using a Windows Machine to complete trace. Used Mac to take screen shots.



1. Are DHCP messages sent over UDP or TCP?


As indicated under the protocol heading in the image above DHCP messages are sent over UDP.

2. Draw a timing datagram illustrating the sequence of the first four-packet Discover/Offer/Request/ACK
DHCP exchange between the client and server. For each packet, indicate the source and destination port
numbers. Are the port numbers the same as in the example given in this lab assignment?


The port number are the same as the example given in the lab.

3. What is the link-layer (e.g., Ethernet) address of your host?

The address of the linklayer of my host is 00:1c:42:23:9d:8c

4. What values in the DHCP discover message differentiate this message from the DHCP request message?


The biggest difference between the Discover and Request DHCP messages lie in the values for Option 53,
which indicates the type of message. The Discover message (left) has a value of 1 while the Request
message (right) has a value of 3.













5. What is the value of the Transaction-ID in each of the first four (Discover/Offer/Request/ACK) DHCP
messages? What are the values of the Transaction-ID in the second set (Request/ACK) set of DHCP
messages? What is the purpose of the Transaction-ID field?


The Transaction-ID for the first four (Discover/Offer/Request/ACK) DHCP messages is 0x2b08f4f3. The
Transaction-ID in the second set (Request/ACK) set of DHCP messages is 0x632a43fb. The Transaction-ID
field allows the client and server to identify messages and responses between each other. In other words
the Transaction-ID field is used by the client and server to make sure that the responses sent and received
are indeed for a particular message.

6. A host uses DHCP to obtain an IP address, among other things. But a hosts IP address is not confirmed
until the end of the four-message exchange! If the IP address is not set until the end of the four-message
exchange, then what values are used in the IP datagrams in the four-message exchange? For each of the
four DHCP messages (Discover/Offer/Request/ACK DHCP), indicate the source and destination IP
addresses that are carried in the encapsulating IP datagram.


The image shows that the each of the four DHCP messages (Discover/Offer/Request/ACK DHCP) use the
following source and destination IP addresses:
Discover: Source = 0.0.0.0, Destination 255.255.255.255
Offer: Source = 10.211.55.1, Destination 255.255.255.255
Request: Source = 0.0.0.0, Destination 255.255.255.255
ACK DHCP: Source = 10.211.55.1, Destination 255.255.255.255
These transactions take advantage of the IP broadcast address (255.255.255.255), which broadcasts the
message to all nodes connected to the subnet. This broadcasting allows the four-message exchange to
occur without having a set IP for the client. The messages are sent to different port numbers, which is
crucial to the DHCP process. The other key IP address is 0.0.0.0, which the client attempting to obtain an IP
address uses as placeholder for its IP address.




7. What is the IP address of your DHCP server?

The image shows that the DHCP Offer message originates from the the IP address 10.211.55.1. This is
the IP address of my DHCP server.

8. What IP address is the DHCP server offering to your host in the DHCP Offer message? Indicate which DHCP
message contains the offered DHCP address.

The DHCP server is offering my host IP address 10.211.55.3.


9. In the example screenshot in this assignment, there is no relay agent between the host and the DHCP
server. What values in the trace indicate the absence of a relay agent? Is there a relay agent in your
experiment? If so what is the IP address of the agent?


The IP address of the relay agent in the sample trace provided with the lab is 0.0.0.0, which indicates the
absence of a relay agent. As the image above shows, there is no relay agent in my experiment. The IP
address of the relay agent is also 0.0.0.0.

10. Explain the purpose of the router and subnet mask lines in the DHCP offer message.
The router line provides the client with the IP address of the default gateway (or default router). The
subnet mask line defines the mask applied to the IP address provided to the client; it helps define the
clients subnet.

11. In the DHCP trace file noted in footnote 2, the DHCP server offers a specific IP address to the client (see
also question 8. above). In the clients response to the first server OFFER message, does the client accept
this IP address? Where in the clients RESPONSE is the clients requested address?


The client accepts the IP address offered (see Question 8 above). This can be verified by looking at Option
50: Requested IP Address on the DHCP Request, which shows my client requesting IP address 10.211.55.3.
12. Explain the purpose of the lease time. How long is the lease time in your experiment?


Lease time is the amount of time that the specific IP address assigned to the client is valid. When the lease
time is up the IP address can be renewed by the client or reassigned to a different client. The lease time in
my trace was quite short: 1800 seconds or 30 minutes.

13. What is the purpose of the DHCP release message? Does the DHCP server issue an acknowledgment of
receipt of the clients DHCP request? What would happen if the clients DHCP release message is lost?

There is no response from


the DHCP server to this
release message.


The DHCP release message is sent by the client when it wishes to release the IP address back to the DHCP
server. The DHCP server does not seem to send any acknowledgment of receipt of the clients DHCP
request. If the message were to get lost the DHCP would not be able to reuse the assigned IP address until
the lease time has expired. The client should still be able to release the IP address, but the DHCP server
cannot do anything with it.

14. Clear the bootp filter from your Wireshark window. Were any ARP packets sent or received during the
DHCP packet-exchange period? If so, explain the purpose of those ARP packets.

Seem to be
Seem to be coming broadcasted to
from my IP. probe for IP
information

There were several ARP packets sent just after the DHCP packet-exchange period. The packets seem to be
coming from my host computer, who was just assigned an IP address by the DHCP server. It appears that
the ARP messages seem to be an attempt from the client to probe the network to make sure that the IP
addresses provided are indeed valid and available.