DHCP

DHCP Information

[1] Wikipedia article describing the details of DHCP process.

Steps seen in [[Microsoft Network Monitor] when monitoring DHCP traffic to the server

  • Client broadcasts a "DHCP DISCOVER" request to find available DHCP servers with a request to keep current/previous IP address
  • Server sends a "DHCP OFFER" reply with the IP address being offered
  • Once the offer is received and accepted, client broadcasts a "DHCP REQUEST" message to request assignment of that IP address
  • The server sends an acknowledgment "DHCP ACK" which completes the process.

This process takes approximately 7 seconds in Harrington when all is going well.

Tools

  • dhcploc.exe is a support tool to help find DHCP server running on a subnet.
    • simple usage: dhcploc [current-ip-address]
    • another option: dhcploc -p 165.91.232.16 [current-ip-address] (this will exclude the Harrington's valid DHCP server and only show DHCP responses from rogue DHCP servers
  • Example run from providence:

U:\>dhcploc 165.91.232.18
09:32:59 ACK (IP)0.0.0.0 (S)165.91.232.16 ***
09:33:00 ACK (IP)165.91.233.63 (S)165.91.232.16 ***
09:34:18 ACK (IP)0.0.0.0 (S)165.91.232.16 ***
09:34:59 ACK (IP)0.0.0.0 (S)165.91.232.16 ***
09:35:37 ACK (IP)0.0.0.0 (S)165.91.232.16 ***
09:36:56 ACK (IP)0.0.0.0 (S)165.91.232.16 ***
09:38:15 ACK (IP)0.0.0.0 (S)165.91.232.16 ***
09:39:34 ACK (IP)0.0.0.0 (S)165.91.232.16 ***
09:40:07 ACK (IP)0.0.0.0 (S)165.91.232.16 ***

This was run when we were having sporadic delays when renewing IPs, so I am not sure if this is normal. - AS

DHCP Troubleshooting

  • Rogue DHCP server: Use dhcplog.exe to discover any DHCP servers running on subnet
  • Firewall on DHCP server: verify the firewall is set to all DHCP traffic from ANY source (initial broadcast messages will have source of 0.0.0.0 or 169.*.*.*)
  • Microsoft Network Monitor is a useful tool for watching network traffic on a machine. It is installed on CEHDDC09
  • UDP Ports 67 and 68 are for DHCP
Taxonomy: