1
00:00:00,550 --> 00:00:05,110
‫So let's have a look to see how a DHP mechanism works in detail.

2
00:00:07,120 --> 00:00:13,240
‫Once a device is turned on and connected to a network that has a DHCP server, it will send a request

3
00:00:13,240 --> 00:00:16,510
‫to the server called a DHP Discover request.

4
00:00:17,920 --> 00:00:24,640
‫After the Discover packet reaches the DHP server, the server attempts to hold on to an IP address that

5
00:00:24,640 --> 00:00:30,550
‫the device can use and then offers a client the address with a DHCP offer packet.

6
00:00:31,930 --> 00:00:37,960
‫Once the offer has been made for the chosen IP address, the device responds to the DHB server with

7
00:00:37,960 --> 00:00:40,480
‫a DHB request packet to accept it.

8
00:00:41,500 --> 00:00:48,250
‫After which the server sends an act packet that's used to confirm that the device has that specific

9
00:00:48,250 --> 00:00:54,700
‫IP address and to define the amount of time that the device can use the address before getting a new

10
00:00:54,700 --> 00:00:54,880
‫one.

11
00:00:55,910 --> 00:01:01,100
‫If the server decides a device cannot have the IP address, it will send a knack.

12
00:01:03,110 --> 00:01:06,050
‫Let's see the DHCP server mechanism and Wireshark.

13
00:01:08,420 --> 00:01:14,270
‫So Wireshark is already embedded into Cali, and it's ready to use, in addition, I'd also like to

14
00:01:14,270 --> 00:01:17,570
‫show you how to download and install it in a Windows system.

15
00:01:18,290 --> 00:01:20,960
‫So right now, I'm in a Windows eight system.

16
00:01:21,800 --> 00:01:26,030
‫Open the internet browser and search for Wireshark for Windows.

17
00:01:26,540 --> 00:01:33,590
‫Using those as the keywords first link is the download page of Wireshark Gorgie, so it's click it.

18
00:01:34,980 --> 00:01:42,210
‫My windows is 64 bit, so I'll download the 64 bit, which is the latest stable version, click it and

19
00:01:42,210 --> 00:01:43,200
‫save the installer.

20
00:01:44,080 --> 00:01:45,360
‫Now it takes less than a minute.

21
00:01:45,360 --> 00:01:48,870
‫Unless your connection is a mess, you might want to look into that.

22
00:01:49,910 --> 00:01:50,420
‫Just kidding.

23
00:01:53,590 --> 00:01:54,610
‫Click to run it.

24
00:01:58,940 --> 00:02:00,140
‫The setup wizard opens.

25
00:02:01,010 --> 00:02:05,270
‫OK, so simply, it's a next next, next finish installation.

26
00:02:05,600 --> 00:02:06,860
‫No need to change anything.

27
00:02:07,160 --> 00:02:09,110
‫Wait until the installation finishes.

28
00:02:19,500 --> 00:02:23,670
‫OK, so check this to run Wireshark now and click finish.

29
00:02:24,670 --> 00:02:27,520
‫And welcome to the wire Chakan Windows interface.

30
00:02:31,060 --> 00:02:35,770
‫So now I will show you the DHP mechanism and Wireshark.

31
00:02:38,860 --> 00:02:44,740
‫So let's run Wireshark, and you can see that it's listing the packets received by eth0.

32
00:02:46,420 --> 00:02:49,780
‫So to demonstrate the DHC mechanism.

33
00:02:50,770 --> 00:02:55,030
‫We need to ask for an IP address over the DHP server.

34
00:02:57,000 --> 00:03:03,720
‫From the bottom right corner, right click to the network icon and select Open Network and sharing center,

35
00:03:04,950 --> 00:03:10,770
‫click either net zero and then properties, you know, I've scroll down a little bit and double click

36
00:03:11,010 --> 00:03:12,690
‫IP version four.

37
00:03:13,590 --> 00:03:17,850
‫And as you see here, the IP address is manually set for my Windows eight.

38
00:03:18,630 --> 00:03:25,470
‫So to start a DHCP request, I'll choose obtain an IP address and DNS server address automatically.

39
00:03:25,950 --> 00:03:27,300
‫Those are my options.

40
00:03:28,320 --> 00:03:34,020
‫Now, before I click, OK, I'll go to Wireshark and restart, capturing by clicking the green button

41
00:03:34,020 --> 00:03:34,710
‫on the toolbar.

42
00:03:35,910 --> 00:03:40,560
‫So now Wireshark windows will be cleaned continue without saving.

43
00:03:41,430 --> 00:03:47,070
‫So now go to the network status window and click OK and we can close all the networking windows.

44
00:03:48,490 --> 00:03:50,440
‫So Wireshark captured the packets.

45
00:03:50,620 --> 00:03:51,940
‫Well, it's still catching.

46
00:03:52,270 --> 00:03:56,440
‫But let's go to the top of the list to find the DHP packets.

47
00:03:57,670 --> 00:04:04,420
‫So here the DHP Discover packet is right here at the top of the list when we look at the ports in the

48
00:04:04,420 --> 00:04:05,230
‫UDP header.

49
00:04:05,890 --> 00:04:10,210
‫We see that the Port 68 is used to send the HP Discover packets.

50
00:04:10,930 --> 00:04:16,900
‫So let's go back to the filter box and type UDP port equals equals 68.

51
00:04:17,410 --> 00:04:20,560
‫And now we have the DHP packets only.

52
00:04:22,100 --> 00:04:29,750
‫So the first packet is the HP Discover, and as I mentioned before, its broadcast source IP is all

53
00:04:29,750 --> 00:04:35,000
‫zeros because we don't have an IP address at the moment, destination IP is our ones.

54
00:04:35,940 --> 00:04:40,920
‫255.255.255.0, two, five, five, because it's a broadcast packet.

55
00:04:42,800 --> 00:04:49,700
‫And right here is Bootstrap Protocol, which is an application layer protocol used by CPP mechanisms.

56
00:04:51,190 --> 00:04:59,070
‫A second packet is a DHP offer packet sent by the DHP server one seven two point one six nine nine eight

57
00:04:59,110 --> 00:05:05,410
‫two five four to the Windows System Destination IP is one seven two two eight one six nine nine nine

58
00:05:05,580 --> 00:05:09,220
‫two three three, which is offered to the DHP server.

59
00:05:10,000 --> 00:05:13,270
‫So in here, the destination Mac address is important.

60
00:05:14,170 --> 00:05:19,000
‫That's what's going to be targeted according to the Mac address, because you see the destination Mac

61
00:05:19,000 --> 00:05:26,650
‫address of the DHC offer packet is the same as a source Mac address of the DHCP Discover packet.

62
00:05:28,020 --> 00:05:32,880
‫Now, the third packet is the DHP request sent by the window system.

63
00:05:33,900 --> 00:05:38,610
‫It's still a broadcast packet and the source IP is still all zeros.

64
00:05:39,730 --> 00:05:48,100
‫The message is request, and the requested IP address is an option 50, so if you expand it, you see

65
00:05:48,100 --> 00:05:49,390
‫the requested IP address.

66
00:05:49,930 --> 00:05:52,720
‫And it's the same as the offered IP address.

67
00:05:53,170 --> 00:05:56,710
‫One seven two two one six nine nine two two three.

68
00:05:57,520 --> 00:06:02,980
‫The last packet is the HP Ach sent by the DHP server to the Windows system.

69
00:06:03,950 --> 00:06:07,400
‫This packet completes the DHP mechanism successfully.

70
00:06:09,080 --> 00:06:15,260
‫So from now on, the IP address of our Windows system is one seven two one six nine nine eight two two

71
00:06:15,260 --> 00:06:15,620
‫three.