# DHCP Wireshark Lab > [name=Aneesh Melkot (1001750503)] [color=#4D92B8]  ## Contents [TOC] ## DHCP Experiment ### Release IP Current IP is released using ```bash! $ ipconfig/release ``` This will make IP 0.0.0.0  ### Start Packet Sniffer Lets start up wireshark and turn on packet capture.  ### Renew IP x 2 IP can be renewed using ```bash! $ ipconfig/renew ```   ### Release IP  ### Renew IP Again  ### Bootp filter Here we can see our packet capture window with the `bootp` filter applied to show only DHCP packets.  ## Experiment Questions ### Q1 DHCP on UDP or TCP? DHCP is sent over **UDP**. This can be seen below -  ### Q2 Timing Diagram Here we can see the full timing diagram. Red box depicts the first 4 DHCP packets.  #### Ports Type | Src | Dest :--:|:--:|:--:| Discover|68|67 Offer|67|68 Request|68|67 ACK|67|68 ### Q3 Link layer address of host Thi link layer address is the MAC address highlighted below.  My machine's MAC is `94:08:53:be:94:f9`. ### Q4 DHCP Discover vs DHCP Request In one of its Options (53) the DHCP Message Type is set to `Discover (1)` for Discover packets  The same option is set as `Request (3)` for Request packets.  ### Q5 Transaction ID  As can be seen in the above image, the TX IDs are as follows - Group|XID :--:|:--:| 1| 0xe8cf7c7 2| 0x310009f7 > The client selects the **transaction ID** (xid) (often at random), and the server copies it in the answers. It serves a client-specific purpose, often enabling the client to identify the related dhcp answer to each request. [color=#4D92B8] ### Q6 SRC/DST IP Addressess  As can be seen above, here is the src dest IPs Type|SRC IP|DST IP :--:|:--:|:--: Discover | 0.0.0.0 | 255.255.255.255 Offer | 192.168.4.1 | 192.168.4.65 Request | 0.0.0.0 | 255.255.255.255 ACK | 192.168.4.1 | 192.168.4.65 ### Q7 DHCP Server IP Address My DHCP server's IP is `192.168.4.1`.  ### Q8 DHCP Offered IP As can be seen below the DHCP Server assigened `192.168.4.65` to my client machine.  ### Q9 Relay Agent Any TCP/IP host that is used to transfer requests and responses between the DHCP server and client when the server is present on a separate network is referred to as a DHCP relay agent. After receiving DHCP messages, relay agents create a fresh message to broadcast over a different INTERFACE. Additionally, if enabled, the Relay agent information is sent with **Option 82** and the **giaddr** (gateway address of the packet) field are added by the DHCP relay agent. When the server reply is transmitted to the host, the options field is erased.  > There is no relay agent in my experiment. A value of `0.0.0.0` indicates that there is no relay agent as well.[color=#4D92B8] ### Q10 Router & Subnet Mask - The `router line` indicates where the client should send messages by default. - The `subnet mask` line tells the client which subnet mask to use. ### Q11 DHCP Trace File IP As can be seen below, the client is offered `192.168.1.101` in the attached DHCP Trace.  As can be seen below, the client **accepts** the IP address as it sends the same IP in the subsequent Request message.  ### Q12 Lease Time A lease time is supplied along with the configuration information that DHCP transmits to a client. The client is permitted to use the allocated IP address for this amount of time. The length of the lease period can be adjusted in accordance with your unique requirements. This can be seen below.  > Lease time is **4 hours** in my case. [color=#4D92B8] ### Q13 DHCP Release Message - DHCP Release Message is the request to release the IP back to the DHCP Server. - There is no ACK for this. - Nothing happens if the release message is lost. The client will continue operation unitl its IP lease expires. ### Q14 ARP - Yes there numerous ARP messages sent out in my trace. - An ARP request is sent when a device needs a MAC address associated with an IP address, and it does not have an entry for the IP address in its ARP table. This is used to map MACs to IPs in the local network. The ARP packets can be seen below.