1
00:00:00,320 --> 00:00:05,270
So let's have a look to see how a Dhcp mechanism works in detail.

2
00:00:06,980 --> 00:00:13,190
Once a device is turned on and connected to a network that has a Dhcp server, it will send a request

3
00:00:13,190 --> 00:00:16,670
to the server called a Dhcp discover request.

4
00:00:17,750 --> 00:00:24,260
After the Discover packet reaches the Dhcp server, the server attempts to hold on to an IP address

5
00:00:24,260 --> 00:00:30,710
that the device can use and then offers a client the address with a Dhcp offer packet.

6
00:00:31,730 --> 00:00:37,910
Once the offer has been made for the chosen IP address, the device responds to the Dhcp server with

7
00:00:37,910 --> 00:00:40,640
a Dhcp request packet to accept it.

8
00:00:41,320 --> 00:00:48,190
After which the server sends an Ack packet that's used to confirm that the device has that specific

9
00:00:48,190 --> 00:00:54,670
IP address and to define the amount of time that the device can use the address before getting a new

10
00:00:54,670 --> 00:00:55,060
one.

11
00:00:55,690 --> 00:01:01,300
If the server decides a device cannot have the IP address, it will send a Nak.

12
00:01:02,900 --> 00:01:06,200
Let's see the Dhcp server mechanism in Wireshark.

13
00:01:08,140 --> 00:01:12,640
So Wireshark is already embedded into Kali and it's ready to use.

14
00:01:12,670 --> 00:01:17,770
In addition, I'd also like to show you how to download and install it in a Windows system.

15
00:01:17,980 --> 00:01:21,190
So right now I'm in a Windows 8 system.

16
00:01:21,670 --> 00:01:28,270
Open the internet browser and search for Wireshark for Windows using those as the keywords.

17
00:01:28,510 --> 00:01:31,710
The first link is the download page of Wireshark.

18
00:01:31,930 --> 00:01:32,440
Org.

19
00:01:32,680 --> 00:01:33,760
So let's click it.

20
00:01:34,710 --> 00:01:40,710
My windows is 64 bit, so I'll download the 64 bit, which is the latest stable version.

21
00:01:40,860 --> 00:01:43,410
Click it and save the installer.

22
00:01:43,740 --> 00:01:47,440
Now it takes less than a minute unless your connection is a mess.

23
00:01:47,460 --> 00:01:49,080
You might want to look into that.

24
00:01:49,650 --> 00:01:50,600
Just kidding.

25
00:01:53,460 --> 00:01:54,810
Click to run it.

26
00:01:58,840 --> 00:02:00,370
The setup Wizard opens.

27
00:02:00,910 --> 00:02:01,600
Okay.

28
00:02:01,600 --> 00:02:03,280
So simply it's a next.

29
00:02:03,310 --> 00:02:03,610
Next.

30
00:02:03,640 --> 00:02:03,910
Next.

31
00:02:03,910 --> 00:02:05,410
Finish installation.

32
00:02:05,410 --> 00:02:07,020
No need to change anything.

33
00:02:07,030 --> 00:02:09,370
Wait until the installation finishes.

34
00:02:19,450 --> 00:02:23,860
Okay, so check this to run Wireshark now and click Finish.

35
00:02:24,580 --> 00:02:27,700
And welcome to the Wireshark and Windows interface.

36
00:02:30,790 --> 00:02:35,950
So now I will show you the Dhcp mechanism in Wireshark.

37
00:02:38,590 --> 00:02:44,920
So let's run Wireshark and you can see that it's listing the packets received by Eth0.

38
00:02:46,100 --> 00:02:49,940
So to demonstrate the Dhcp mechanism.

39
00:02:50,560 --> 00:02:55,180
We need to ask for an IP address over at the Dhcp server.

40
00:02:56,790 --> 00:03:03,900
From the bottom right corner, right click to the network icon and select Open Network and Sharing Center.

41
00:03:04,680 --> 00:03:07,710
Click Ethernet zero and then properties.

42
00:03:08,100 --> 00:03:12,780
You'll have to scroll down a little bit and double click IP version four.

43
00:03:13,450 --> 00:03:18,040
And as you see here, the IP address is manually set for my Windows 8.

44
00:03:18,310 --> 00:03:25,690
So to start a Dhcp request, I'll choose obtain an IP address and DNS server address automatically.

45
00:03:25,900 --> 00:03:27,550
Those are my options.

46
00:03:28,090 --> 00:03:33,910
Now, before I click okay, I'll go to Wireshark and restart capturing by clicking the green button

47
00:03:33,940 --> 00:03:34,870
on the toolbar.

48
00:03:35,690 --> 00:03:38,840
So now Wireshark windows will be cleaned.

49
00:03:39,260 --> 00:03:40,790
Continue without saving.

50
00:03:41,120 --> 00:03:44,480
So now go to the network status window and click Okay.

51
00:03:44,600 --> 00:03:47,270
And we can close all the networking windows.

52
00:03:48,330 --> 00:03:50,470
So Wireshark captured the packets.

53
00:03:50,490 --> 00:03:56,640
Well, it's still capturing, but let's go to the top of the list to find the Dhcp packets.

54
00:03:57,390 --> 00:03:58,920
So here are the Dhcp.

55
00:03:58,920 --> 00:04:01,770
Discover packet is right here at the top of the list.

56
00:04:02,100 --> 00:04:09,720
When we look at the ports in the UDP header, we see that the port 68 is used to send Dhcp discover

57
00:04:09,720 --> 00:04:10,470
packets.

58
00:04:10,620 --> 00:04:20,070
So let's go back to the filter box and type UDP port equals equals 68 and now we have the Dhcp packets

59
00:04:20,070 --> 00:04:20,730
only.

60
00:04:21,829 --> 00:04:30,140
So the first packet is Dhcp Discover and as I mentioned before, it's broadcast source IP is all zeros

61
00:04:30,140 --> 00:04:32,360
because we don't have an IP address at the moment.

62
00:04:32,510 --> 00:04:35,210
Destination IP is all ones.

63
00:04:35,780 --> 00:04:39,260
255.255 .255.255.

64
00:04:39,290 --> 00:04:41,090
Because it's a broadcast packet.

65
00:04:42,800 --> 00:04:49,910
And right here is bootstrap protocol, which is an application layer protocol used by Dhcp mechanisms.

66
00:04:51,130 --> 00:04:56,590
The second packet is a Dhcp offer packet sent by the Dhcp server.

67
00:04:56,620 --> 00:05:01,330
172.16.99.254 to the Windows system.

68
00:05:01,780 --> 00:05:09,460
Destination IP is 172.16.99.233, which is offered to the Dhcp server.

69
00:05:09,670 --> 00:05:13,480
So in here the destination Mac address is important.

70
00:05:13,870 --> 00:05:16,780
That's what's going to be targeted according to the Mac address.

71
00:05:16,810 --> 00:05:24,190
So as you see the destination Mac address of the Dhcp offer packet is the same as the source mac address

72
00:05:24,190 --> 00:05:26,740
of the dhcp discover packet.

73
00:05:27,840 --> 00:05:33,090
Now, the third packet is the Dhcp request sent by the window system.

74
00:05:33,740 --> 00:05:38,810
It's still a broadcast packet and the source IP is still all zeros.

75
00:05:39,520 --> 00:05:45,740
The message is request and the requested IP address is an option 50.

76
00:05:45,760 --> 00:05:52,900
So if you expand it, you see the requested IP address and it's the same as the offered IP address.

77
00:05:52,900 --> 00:05:56,920
172.16.99.223.

78
00:05:57,220 --> 00:06:03,160
The last packet is Dhcp sent by the Dhcp server to the windows system.

79
00:06:03,780 --> 00:06:07,560
This packet completes the Dhcp mechanism successfully.

80
00:06:08,970 --> 00:06:12,480
So from now on, the IP address of our Windows system is.

81
00:06:12,480 --> 00:06:15,510
172.16.99.223.