1
00:00:00,360 --> 00:00:08,220
‫Dynamic host configuration protocol DHP now it's a protocol used to provide automatic and central management

2
00:00:08,220 --> 00:00:11,040
‫for the distribution of IP addresses within a network.

3
00:00:12,630 --> 00:00:19,650
‫It's also used to configure the proper subnet mask, default gateway and DNS server information on the

4
00:00:19,650 --> 00:00:20,160
‫device.

5
00:00:21,230 --> 00:00:29,750
‫In most homes and small businesses, the router acts as a DHCP server in large networks, a single computer

6
00:00:29,780 --> 00:00:31,610
‫might act as a DHP server.

7
00:00:32,830 --> 00:00:35,320
‫In short, the process goes like this.

8
00:00:36,080 --> 00:00:40,840
‫The device the client requests an IP address from a router, the host.

9
00:00:41,740 --> 00:00:47,920
‫After which the host assigns an available IP address to allow the client to communicate on the network.

10
00:00:49,270 --> 00:00:52,500
‫So let's look at some of the advantages of using the HP.

11
00:00:53,670 --> 00:01:00,600
‫A computer or any other device that connects to a network local or internet must be properly configured

12
00:01:00,600 --> 00:01:02,100
‫to communicate on that network.

13
00:01:02,130 --> 00:01:06,960
‫Makes sense since DHP allows that configuration to happen automatically.

14
00:01:07,410 --> 00:01:12,390
‫It's used in almost every device it connects to a network, including computers, switches, smartphones,

15
00:01:12,390 --> 00:01:13,560
‫gaming consoles, you name it.

16
00:01:14,990 --> 00:01:21,530
‫And because of this dynamic IP address assignment, there's less of a chance that two devices will have

17
00:01:21,530 --> 00:01:28,460
‫the same IP address, which is very easy to run into when using manually assigned static IP addresses.

18
00:01:30,400 --> 00:01:37,150
‫Using DHP also makes a network much easier to manage from an administrative point of view.

19
00:01:37,540 --> 00:01:42,820
‫Every device on the network can get an IP address with nothing more than their default network settings,

20
00:01:43,180 --> 00:01:46,030
‫which is set up to obtain an address automatically.

21
00:01:46,030 --> 00:01:49,840
‫So that's easy gives them nothing to call the helpdesk about.

22
00:01:50,980 --> 00:01:56,830
‫The only other alternative is to manually assign addresses to each and every device on the network.

23
00:01:58,220 --> 00:01:59,810
‫You're not getting paid enough to do that.

24
00:02:01,610 --> 00:02:07,820
‫So because these devices can get an IP address automatically, they can move freely from one network

25
00:02:07,820 --> 00:02:14,990
‫to another, given that they're all set up with DHP and receive an IP address automatically, which

26
00:02:14,990 --> 00:02:16,730
‫is super helpful with mobile devices.

27
00:02:17,990 --> 00:02:24,890
‫Now, as a cyber security expert, you should know one more thing about the DHP mechanism.

28
00:02:25,980 --> 00:02:32,490
‫The first device, which replies to a DHC Discovery request decides the configuration of the client.

29
00:02:33,910 --> 00:02:38,230
‫There is not any mechanism to authenticate the DHP server.

30
00:02:40,450 --> 00:02:46,550
‫Similarly, a DHP server tries to reply to all the DHP requests.

31
00:02:46,570 --> 00:02:53,050
‫And again, there is no authentication mechanism for the client who request an IP.

32
00:02:53,410 --> 00:02:53,860
‫You get it.

33
00:02:54,850 --> 00:02:55,600
‫I think you do.

34
00:02:56,020 --> 00:02:58,330
‫What if a hacker replies before the real deal?

35
00:02:59,410 --> 00:03:06,070
‫Or what if a client sends a lot of DHCP discovery requests by changing the Mac address each time?

36
00:03:08,570 --> 00:03:13,130
‫So let's have a look to see how a DHP mechanism works in detail.

37
00:03:15,140 --> 00:03:21,260
‫Once a device is turned on and connected to a network that has a DHCP server, it will send a request

38
00:03:21,260 --> 00:03:24,530
‫to the server called a DHP Discover request.

39
00:03:25,950 --> 00:03:32,630
‫After the Discover packet reaches the DHP server, the server attempts to hold on to an IP address that

40
00:03:32,640 --> 00:03:38,550
‫the device can use and then offers a client the address with a DHP offer packet.

41
00:03:39,950 --> 00:03:45,980
‫Once the offer has been made for the chosen IP address, the device responds to the DHB server with

42
00:03:45,980 --> 00:03:48,500
‫a DHB request packet to accept it.

43
00:03:49,520 --> 00:03:56,270
‫After which the server sends an act packet that's used to confirm that the device has that specific

44
00:03:56,270 --> 00:04:02,720
‫IP address and to define the amount of time that the device can use the address before getting a new

45
00:04:02,720 --> 00:04:02,930
‫one.

46
00:04:03,930 --> 00:04:09,120
‫If the server decides a device cannot have the IP address, it will send a knack.

47
00:04:11,120 --> 00:04:14,090
‫Let's see the DHCP server mechanism and Wireshark.

48
00:04:16,430 --> 00:04:20,550
‫So Wireshark is already embedded into colli and it's ready to use.

49
00:04:20,840 --> 00:04:25,580
‫In addition, I'd also like to show you how to download and install it in a Windows system.

50
00:04:26,300 --> 00:04:29,000
‫So right now, I'm in a Windows eight system.

51
00:04:29,810 --> 00:04:34,070
‫Open the internet browser and search for Wireshark for Windows.

52
00:04:34,550 --> 00:04:36,050
‫Using those is the keywords.

53
00:04:36,770 --> 00:04:41,600
‫First link is the download page of Wireshark Gorgie, so it's click it.

54
00:04:43,010 --> 00:04:50,240
‫My windows is 64 bit, so I'll download the 64 bit, which is the latest stable version, click it and

55
00:04:50,240 --> 00:04:51,200
‫say the installer.

56
00:04:52,090 --> 00:04:55,300
‫Now it takes less than a minute unless your connection is a mess.

57
00:04:55,720 --> 00:04:56,890
‫You might want to look into that.

58
00:04:57,950 --> 00:04:58,430
‫Just kidding.

59
00:05:01,590 --> 00:05:02,640
‫Click to run it.

60
00:05:06,960 --> 00:05:08,160
‫The setup wizard opens.

61
00:05:09,030 --> 00:05:13,290
‫OK, so simply, it's a next next, next finish installation.

62
00:05:13,620 --> 00:05:14,880
‫No need to change anything.

63
00:05:15,180 --> 00:05:17,130
‫Wait until the installation finishes.

64
00:05:27,520 --> 00:05:31,690
‫OK, so check this to run Wireshark now and click finish.

65
00:05:32,690 --> 00:05:35,540
‫And welcome to the wire and Windows interface.

66
00:05:39,080 --> 00:05:43,790
‫So now I will show you the DHP mechanism and Wireshark.

67
00:05:46,880 --> 00:05:52,760
‫So let's run Wireshark, and you can see that it's listing the packets received by eth0.

68
00:05:54,450 --> 00:05:57,780
‫So to demonstrate the DHC mechanism.

69
00:05:58,790 --> 00:06:03,050
‫We need to ask for an IP address over the DHCP server.

70
00:06:05,020 --> 00:06:11,740
‫From the bottom right corner, right click to the network icon and select Open Network and sharing center,

71
00:06:12,970 --> 00:06:18,790
‫click either net zero and then properties, you know, I've scroll down a little bit and double click

72
00:06:19,030 --> 00:06:20,680
‫IP version for.

73
00:06:21,610 --> 00:06:25,870
‫And as you see here, the IP address is manually set for my Windows eight.

74
00:06:26,650 --> 00:06:33,490
‫So to start a DHCP request, I'll choose obtain an IP address and DNS server address automatically.

75
00:06:33,970 --> 00:06:35,350
‫Those are my options.

76
00:06:36,340 --> 00:06:42,040
‫Now, before I click, OK, I'll go to Wireshark and restart, capturing by clicking the green button

77
00:06:42,040 --> 00:06:42,730
‫on the toolbar.

78
00:06:43,930 --> 00:06:51,340
‫So now Wireshark windows will be cleaned continue without saving to now go to the network status window

79
00:06:51,340 --> 00:06:55,090
‫and click OK, and we can close all the networking windows.

80
00:06:56,510 --> 00:06:58,460
‫So Wireshark captured the packets.

81
00:06:58,640 --> 00:06:59,960
‫Well, it's still catching.

82
00:07:00,290 --> 00:07:04,460
‫But let's go to the top of the list to find the DHP packets.

83
00:07:05,690 --> 00:07:12,440
‫So here the DHP Discover packet is right here at the top of the list when we look at the ports in the

84
00:07:12,440 --> 00:07:13,250
‫UDP header.

85
00:07:13,910 --> 00:07:18,260
‫We see that the Port 68 is used to send the HP Discover packets.

86
00:07:18,950 --> 00:07:24,920
‫So let's go back to the filter box and type UDP port equals equals 68.

87
00:07:25,430 --> 00:07:28,580
‫And now we have the DHP packets only.

88
00:07:30,100 --> 00:07:37,780
‫So the first packet is the HP Discover, and as I mentioned before, its broadcast source IP is all

89
00:07:37,780 --> 00:07:43,030
‫zeros because we don't have an IP address at the moment, destination IP is our ones.

90
00:07:43,960 --> 00:07:48,940
‫255.255.255.0, five, five, because it's a broadcast packet.

91
00:07:50,850 --> 00:07:57,720
‫And right here is Bootstrap Protocol, which is an application layer protocol used by DHP mechanisms.

92
00:07:59,210 --> 00:08:07,260
‫A second packet is a DHP offer packet sent by the DHP server one seven two point one six nine nine two

93
00:08:07,280 --> 00:08:13,810
‫five four to the Windows system destination IP is one seven two two eight one six nine nine nine two

94
00:08:13,820 --> 00:08:17,240
‫three three, which is offered to the DHP server.

95
00:08:18,020 --> 00:08:21,290
‫So in here, the destination Mac address is important.

96
00:08:22,190 --> 00:08:27,020
‫That's what's going to be targeted according to the Mac address, because you see the destination Mac

97
00:08:27,020 --> 00:08:34,670
‫address of the DHC offer packet is the same as a source Mac address of the DHCP Discover packet.

98
00:08:36,060 --> 00:08:40,920
‫Now, the third packet is the DHP request sent by the window system.

99
00:08:41,940 --> 00:08:46,620
‫It's still a broadcast packet and a source IP is still all zeros.

100
00:08:47,750 --> 00:08:56,120
‫The message is request, and the requested IP address is an option 50, so if you expand it, you see

101
00:08:56,120 --> 00:08:57,410
‫the requested IP address.

102
00:08:57,950 --> 00:09:00,740
‫And it's the same as the offered IP address.

103
00:09:01,190 --> 00:09:04,730
‫One seven two two one six nine nine two two three.

104
00:09:05,540 --> 00:09:11,000
‫The last packet is the HP Ach sent by the DHP server to the Windows system.

105
00:09:11,970 --> 00:09:15,420
‫This packet completes the DHP mechanism successfully.

106
00:09:17,110 --> 00:09:22,810
‫So from now on, the IP address of our Windows system is one seven two eight one six nine nine eight

107
00:09:22,840 --> 00:09:23,650
‫two two three.