Scribd
Upload
1K views13 pages

Wireshark Lab Solution

1. The document describes steps taken in a Wireshark lab experiment to observe the DHCP process of obtaining an IP address dynamically from a DHCP server. Key steps include using ipconfig commands to release and renew the IP address, and observing the DHCP request/response packets in Wireshark. 2. The lab questions ask about details observed in the DHCP packet capture related to protocols used, packet contents, addresses, ports, and purposes of fields like Transaction ID and lease time. 3. No ARP packets were observed during the DHCP exchange, since the IP address was not yet assigned when the request/response occurred.

Uploaded by

muqaddas fatima
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
1K views13 pages

Wireshark Lab Solution

1. The document describes steps taken in a Wireshark lab experiment to observe the DHCP process of obtaining an IP address dynamically from a DHCP server. Key steps include using ipconfig commands to release and renew the IP address, and observing the DHCP request/response packets in Wireshark. 2. The lab questions ask about details observed in the DHCP packet capture related to protocols used, packet contents, addresses, ports, and purposes of fields like Transaction ID and lease time. 3. No ARP packets were observed during the DHCP exchange, since the IP address was not yet assigned when the request/response occurred.

Uploaded by

muqaddas fatima
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd

Assignment

Wireshark Lab

2020

Submitted to:
DR. AKMAL KHAN
Submitted by:
Muqaddas Fatima
MSCS (1st Semester)
SP20M2LA054
ADVANCED COMPUTER NETWORK

Wireshark Lab: DHCP


1. DHCP Experiment
Steps:

1. Begin by opening the Windows Command Prompt application. As shown in

Figure 1, enter “ipconfig /release”.

2. Start up the Wireshark packet sniffer, as described in the introductory

Wireshark lab and begin Wireshark packet capture.

3. Now go back to the Windows Command Prompt and enter “ipconfig

/renew”. This instructs your host to obtain a network configuration, including a

new IP address. In Figure 1, the host obtains the IP address 192.168.1.108

4. Wait until the “ipconfig /renew” has terminated. Then enter the same

command “ipconfig /renew” again.

5. When the second “ipconfig /renew” terminates, enter the

command “ipconfig/release” to release the previously-allocated IP address to

your computer.

6. Finally, enter “ipconfig /renew” to again be allocated an IP address for

your computer.

7. Stop Wireshark packet capture.


ADVANCED COMPUTER NETWORK

Figure 1: Command Prompt window showing sequence of ipconfig commands that you should enter.
ADVANCED COMPUTER NETWORK

Questions:
1. Are DHCP messages sent over UDP or TCP?
The DHCP messages sent over UDP.

Figure 2: UDP protocol

2. Draw a timing datagram illustrating the sequence of the first four-packet


Discover/Offer/Request/ACK DHCP exchange between the client and server.
For each packet, indicated the source and destination port numbers. Are the
port numbers the same as in the example given in this lab assignment?

The port numbers are the same as the example in the Lab.

Figure 3: Flow Diagram


ADVANCED COMPUTER NETWORK

3. What is the link-layer (e.g., Ethernet) address of your host?


The ethernet address of my host is 60:f6:77:12:ec:65
ADVANCED COMPUTER NETWORK

Figure 4: Ethernet

4. What values in the DHCP discover message differentiate this message from the
DHCP request message?
The values which differentiate the Discover message from the Request message
are in “Option 53: DHCP Message Type”.
ADVANCED COMPUTER NETWORK

Figure 5: DHCP Value


5. What is the value of the Transaction-
ID in each of the first four (Discover/Offer/Request/ACK) DHCP messages?
What are the values of the Transaction-ID in the second set (Request/ACK) set
of DHCP messages? What is the purpose of the Transaction-ID field?
The value of the Transaction ID is 0x92a2f318. The second Transaction ID is
0x92a2f318. A Transaction ID is used so that the DHCP server can differentiate
between client requests during the request process.

Figure 6: Transaction Field

6. A host uses DHCP to obtain an IP address, among other things. But a host’s
IP address is not confirmed until the end of the four-message exchange! If the
IP address is not set until the end of the four-message exchange, then what
values are used in the IP datagrams in the four-message exchange? For each
of the four DHCP messages (Discover/Offer/Request/ACK DHCP), indicate the
ADVANCED COMPUTER NETWORK

source and destination IP addresses that are carried in the encapsulating IP


datagram.

Discover: 0.0.0.0/255.255.255.255
Offer: 192.168.1.1/192.168.1.6
Request: 0.0.0.0/255.255.255.255
ACK:192.168.1.1/192.168.1.6

Figure 7: IP Addresses

7. What is the IP address of your DHCP server?


The IP address of DHCP server is 192.168.1.1.

Figure 8: DHCP IP Addresses

8. What IP address is the DHCP server offering to your host in the DHCP Offer
message? Indicate which DHCP message contains the offered DHCP address.

The DHCP server offered the IP address 192.168.1.6 to my client machine. The
DHCP message with “DHCP Message Type = DHCP Offer” contained the
offered IP.
ADVANCED COMPUTER NETWORK

Figure 9: Client IP Addresses

9. In the example screenshot in this assignment, there is no relay agent between


the host and the DHCP server. What values in the trace indicate the absence of
a relay agent? Is there a relay agent in your experiment? If so what is the IP
address of the agent?

The “Relay agent IP address” is 0.0.0.0, which indicates that there is no DHCP
Relay used. There was no Relay Agent used in my experiment.
ADVANCED COMPUTER NETWORK

Figure 10: Relay agent

10. Explain the purpose of the router and subnet mask lines in the DHCP offer
message.
The router line indicates to the client what its default gateway should be.
The subnet mask line tells the client which subnet mask it should use.
ADVANCED COMPUTER NETWORK

Figure 11: Subnet & router

11. In the DHCP trace file noted in footnote 2, the DHCP server offers a specific
IP address to the client (see also question 8. above). In the client’s response to
the first server OFFER message, does the client accept this IP address? Where
in the client’s RESPONSE is the client’s requested address?

In my experiment, the host requests the offered IP address in the DHCP


Request message.
ADVANCED COMPUTER NETWORK

12. Explain Figure 12: Requested IP the purpose of the lease


time. How long is the lease time in
your experiment?
The lease time is the amount of time the DHCP server assigns an IP address to a
client. During the lease time, the DHCP server will not assign the IP given to the
client to another client, unless it is released by the client. Once the lease time has
expired, the IP address can be reused by the DHCP server to give to another
client. In my experiment, the lease time is 1 day.

Figure 13: Lease Time

13. What is the purpose of the DHCP release message? Does the DHCP server
issue an acknowledgment of receipt of the client’s DHCP request? What would
happen if the client’s DHCP release message is lost?
The client sends a DHCP Release message to cancel its lease on the IP address
given to it by the DHCP server. The DHCP server does not send a message back
to the client acknowledging the DHCP Release message. If the DHCP Release
message from the client is lost, the DHCP server would have to wait until the
lease period is over for that IP address until it could reuse it for another client.

14. Clear the bootp filter from your Wireshark window. Were any ARP packets
sent or received during the DHCP packet-exchange period? If so, explain the
purpose of those ARP packets.
No there is no Arp packets sent by DHCP packet exchanged period.
ADVANCED COMPUTER NETWORK

Figure 14: ARP

You might also like