Dynamic Host Configuration Protocol

Sniffing and Evasion

Dynamic Host Configuration Protocol (DHCP) is an application-layer protocol that automates the assignment of IP addresses and other essential network configurations to devices on a network. This automation simplifies network management by eliminating the need for manual IP address configuration.

Objective:

This tutorial aims to guide you through configuring a Cisco router to function as a DHCP server and to analyze the DHCP traffic using Wireshark.

1. Network Topology:

The setup consists of a Cisco router (R1) connected to a PC. The router will be configured to assign IP addresses dynamically to devices within the network.

2. Configuring Basic Settings on the Router (R1):

R1#configure terminal
R1(config)#interface fastEthernet 0/0
R1(config-if)#ip address 172.16.1.1 255.255.255.0
R1(config-if)#no shutdown

3. Define the DHCP Pool:

Create a DHCP pool named 'LAN' and define its parameters.

/R1(config)#ip dhcp pool LAN
R1(dhcp-config)#network 172.16.1.0 255.255.255.0
R1(dhcp-config)#lease 2
R1(dhcp-config)#defa
R1(dhcp-config)#default-router 172.16.1.1
R1(dhcp-config)#dns-s
R1(dhcp-config)#dns-server 172.16.1.1
R1(dhcp-config)#exit
R1(config)#ip dhcp excluded-address 172.16.1.1 172.16.1.100

In this configuration:

  • The network 172.16.1.0/24 is specified for DHCP allocation.

  • The lease duration is set to 2 days.

  • The default gateway provided to clients is 172.16.1.1.

  • The DNS server address is set to 172.16.1.1.

  • Addresses from 172.16.1.1 to 172.16.1.100 are reserved and not assigned dynamically.

4. Renewing IP Address on the PC from DHCP Server:

After configuring the router, the connected PC should obtain an IP address from the DHCP server. To initiate this process:

PC1> ip dhcp
DDORA IP 172.16.1.101/24 GW 172.16.1.1

PC1> show ip

NAME        : PC1[1]
IP/MASK     : 172.16.1.101/24
GATEWAY     : 172.16.1.1
DNS         : 172.16.1.1
DHCP SERVER : 172.16.1.1
DHCP LEASE  : 172796, 172800/86400/151200
MAC         : 00:50:79:66:68:00
LPORT       : 20004
RHOST:PORT  : 127.0.0.1:20005
MTU         : 1500

PC1>

5. Capturing and Analyzing DHCP Traffic with Wireshark:

To observe the DHCP communication between the PC and the router:

a. Install and Launch Wireshark:

Ensure Wireshark is installed on the PC and open the application.

b. Start Packet Capture:

Select the network interface connected to the router and begin capturing packets.

c. Apply DHCP Display Filter:

To focus on DHCP packets, apply the following display filter:

dhcp

This filter will display only DHCP-related packets, allowing you to analyze the DHCP handshake process, including:

  • DHCPDISCOVER: Broadcasted by the client to locate available DHCP servers.

  • DHCPOFFER: Sent by the server in response to the discover message, offering an IP address.

  • DHCPREQUEST: Broadcasted by the client to request the offered IP address.

  • DHCPACK: Sent by the server to acknowledge the client's request and finalize the IP address assignment.

Keywords

DHCP, Cisco router, IP address, network configuration, DHCP server, DHCP client, lease time, subnet mask, default gateway, DNS server, Wireshark, packet capture, DHCPDISCOVER, DHCPOFFER, DHCPREQUEST, DHCPACK, IP allocation, network topology, command-line interface, dynamic addressing, وایرشارک

PreviousEcho Requests and ResponsesNextCisco Discovery Protocol

Last updated