WiresharkLab-DHCP

Wireshark-DHCP

1. Are DHCP messages sent over UDP or TCP?

DHCP报文是通过UDP发送的。

2. Draw a timing datagram illustrating the sequence of the first four-packet Discover/Offer/Request/ACK DHCP exchange between the client and server. For each packet, indicated the source and destination port numbers. Are the port numbers the same as in the example given in this lab assignment?

我的捕获：

捕获示例：

顺序：Discover->Offer->Request->ACK
Discover: port68->67
Offer: port67->68
Request: port68->67
ACK: port67->68
与示例端口号相同

3. What is the link-layer (e.g., Ethernet) address of your host?

cc:f9:e4:ca:2d:b7

4. What values in the DHCP discover message differentiate this message from the DHCP request message?

Discover报文：

Request报文：

Option 53: DHCP Message Type不同。

5. What is the value of the Transaction-ID in each of the first four (Discover/Offer/Request/ACK) DHCP messages? What are the values of the Transaction-ID in the second set (Request/ACK) set of DHCP messages? What is the purpose of the Transaction-ID field?

前四个DHCP报文的Transaction-ID为0x23508555
第二组Request/ACK报文的Transaction-ID为0x8615ead
Transaction-ID字段的目的是为了便于DHCP服务器区分客户端的不同请求

6. A host uses DHCP to obtain an IP address, among other things. But a host’s IP address is not confirmed until the end of the four-message exchange! If the IP address is not set until the end of the four-message exchange, then what values are used in the IP datagrams in the four-message exchange? For each of the four DHCP messages (Discover/Offer/Request/ACK DHCP), indicate the source and destination IP addresses that are carried in the encapsulating IP datagram.

客户机和服务器都使用255.255.255.255作为目的IP地址
客户端使用0.0.0.0作为源IP地址
服务器使用172.23.0.1作为源IP地址

7. What is the IP address of your DHCP server?

由上一题的分析可知，DHCP服务器的IP地址为172.23.0.1

8. What IP address is the DHCP server offering to your host in the DHCP Offer message? Indicate which DHCP message contains the offered DHCP address.

DHCP提供的主机IP地址是172.23.226.106
是DHCP报文中Your(client) IP address字段提供的(不仅Offer报文，在ACK报文中也提供了)

9. In the example screenshot in this assignment, there is no relay agent between the host and the DHCP server. What values in the trace indicate the absence of a relay agent? Is there a relay agent in your experiment? If so what is the IP address of the agent?

Relay agent IP address的值为0.0.0.0表示没有使用DHCP中继代理
在我的实验中，DHCP使用了中继代理，Relay agent IP address为172.23.0.1

10. Explain the purpose of the router and subnet mask lines in the DHCP offer message.

router: 指示router的IP地址
subnet mask: 指示应该使用哪个子网掩码

11. In the DHCP trace file noted in footnote 2, the DHCP server offers a specific IP address to the client (see also question 8. above). In the client’s response to the first server OFFER message, does the client accept this IP address? Where in the client’s RESPONSE is the client’s requested address?

在示例文件中：

客户端确实接受了这个IP地址，通过第二个Request报文的源IP地址
Option:(50)中包含了所需要的地址

12. Explain the purpose of the lease time. How long is the lease time in your experiment?

lease time是DHCP服务器分配IP给客户的持续时间，在该时间内，这个IP是不能被分配给其它主机的
我的实验中是4个小时

13. What is the purpose of the DHCP release message? Does the DHCP server issue an acknowledgment of receipt of the client’s DHCP request? What would happen if the client’s DHCP release message is lost?

目的是收回分配给该客户机的IP地址
DHCP服务器不会ACK客户端的DHCP release请求
如果客户端的DHCP Release消息丢失，则DHCP服务器必须等待租用期结束，才能收回该IP

14. Clear the bootp filter from your Wireshark window. Were any ARP packets sent or received during the DHCP packet-exchange period? If so, explain the purpose of those ARP packets.

DHCP数据包交换期间发送了ARP数据包
确保分配的IP地址未被另一台工作站使用