1
00:00:00,000 --> 00:00:08,592


2
00:00:08,592 --> 00:00:12,056
In this segment, we're going to look at 

3
00:00:12,056 --> 00:00:16,695
reviewing DORA and DHCP in general.

4
00:00:16,695 --> 00:00:20,994
So, why is this important?

5
00:00:20,994 --> 00:00:25,534
Well, DHCP, dynamic host configuration protocol,

6
00:00:25,534 --> 00:00:29,332
is a commonly used way

7
00:00:29,332 --> 00:00:32,139
for your clients to be dynamically assigned

8
00:00:32,139 --> 00:00:36,707
IP addresses and, and other information such as

9
00:00:36,707 --> 00:00:40,727
DNS servers settings, if you're still using WINS,

10
00:00:40,727 --> 00:00:44,193
in any name, shape or form, it will provide that.

11
00:00:44,187 --> 00:00:46,500
It can provide a gateway information.

12
00:00:46,500 --> 00:00:50,880
It provides the basic IP information needed

13
00:00:50,880 --> 00:00:54,095
for a client to participate on a network.

14
00:00:54,095 --> 00:00:58,782
And why Wireshark can help you with this is

15
00:00:58,782 --> 00:01:02,511
that there are problems with this in times, and

16
00:01:02,511 --> 00:01:06,582
understanding DORA which is the actual

17
00:01:06,582 --> 00:01:09,946
process the packets take, which we'll take a look at

18
00:01:09,946 --> 00:01:15,643
in Wireshark, to have a client ask for,

19
00:01:15,643 --> 00:01:19,082
excuse me, ask for and receive an IP address.

20
00:01:19,082 --> 00:01:21,345
So, there's other factors involved.

21
00:01:21,345 --> 00:01:24,980
There's lease times, there's a, you know,

22
00:01:24,987 --> 00:01:27,466
the fact that it's broadcast-based and

23
00:01:27,466 --> 00:01:29,354
you may have it crossing a router

24
00:01:29,354 --> 00:01:31,810
and if you don't have an IP helper address

25
00:01:31,809 --> 00:01:34,555
configured on your router, it may not work.

26
00:01:34,555 --> 00:01:36,690
So, there's a lot of reasons why

27
00:01:36,690 --> 00:01:41,325
it's important to understand what DHCP is,

28
00:01:41,325 --> 00:01:45,172
understand the DORA concept and 

29
00:01:45,172 --> 00:01:47,172
what it will do for you.

30
00:01:47,172 --> 00:01:53,369
So, in sum, DHCP, used to dynamically

31
00:01:53,385 --> 00:01:54,931
configure host on your network.

32
00:01:54,930 --> 00:01:58,114
It's the, it's the defacto standard.

33
00:01:58,122 --> 00:02:00,122
It's an option of BOOTP

34
00:02:00,122 --> 00:02:04,300
and it functions in a way where if you set up a

35
00:02:04,300 --> 00:02:06,661
a DHCP server on your network,

36
00:02:06,661 --> 00:02:11,560
clients will request IP addresses from it

37
00:02:11,567 --> 00:02:14,629
and if it's configured correctly with the correct information,

38
00:02:14,629 --> 00:02:18,911
will assign those, that IP information to that client

39
00:02:18,911 --> 00:02:21,855
and allow it to participate on your network.

40
00:02:21,855 --> 00:02:25,063
So, what is DORA?

41
00:02:25,071 --> 00:02:29,935
DORA is the packets that go back and forth

42
00:02:29,935 --> 00:02:33,127
from the client to the server in the process of

43
00:02:33,127 --> 00:02:34,901
giving it that information.

44
00:02:34,901 --> 00:02:37,551
So, you have discovery packet, an offer,

45
00:02:37,569 --> 00:02:40,587
a request and an acknowledgement packet.

46
00:02:40,587 --> 00:02:42,587


47
00:02:42,587 --> 00:02:44,587
And you can use Wireshark

48
00:02:44,587 --> 00:02:48,042
to capture DHCP from client to source to

49
00:02:48,042 --> 00:02:50,669
destination server, the DHCP server

50
00:02:50,669 --> 00:02:52,669
to troubleshoot connectivity issues.

51
00:02:52,669 --> 00:02:56,528
So, what could some of those be?

52
00:02:56,528 --> 00:02:59,182
Well, as you could see on the diagram,

53
00:02:59,190 --> 00:03:01,158
there's a couple of things that can happen here.

54
00:03:01,158 --> 00:03:04,611
For one, as you can see on the diagram,

55
00:03:04,611 --> 00:03:09,260
the client is on a segment and it's asking for

56
00:03:09,259 --> 00:03:14,442
an IP address and it needs to traverse a router.

57
00:03:14,442 --> 00:03:17,688
Now, routers by default will not pass this information

58
00:03:17,688 --> 00:03:20,664
so in order to do so, you will need to

59
00:03:20,670 --> 00:03:26,295
configure a relay, which is called the DHCP relay agent,

60
00:03:26,295 --> 00:03:30,305
relay agent, and that is known in the Cisco world as

61
00:03:30,305 --> 00:03:31,568
an IP helper address.

62
00:03:31,568 --> 00:03:34,738
And it will point it directly to the correct

63
00:03:34,738 --> 00:03:39,501
DHCP server that will then send the packet back

64
00:03:39,501 --> 00:03:43,409
and be able to give it to the client so that 

65
00:03:43,409 --> 00:03:47,366
it can get it's dynamically assigned information.

66
00:03:47,366 --> 00:03:51,753
So, that being said, if we look at the actual capture,

67
00:03:51,753 --> 00:03:58,934
we can see quite simply that we have a discover packet.

68
00:03:58,934 --> 00:04:02,139
We have an offer packet, a request packet,

69
00:04:02,139 --> 00:04:03,245
and acknowledgement packet.

70
00:04:03,245 --> 00:04:06,036
So, what essentially is happening here is

71
00:04:06,036 --> 00:04:09,396
the source does not have an IP address at all,

72
00:04:09,396 --> 00:04:12,084
and it's requesting an IP address.

73
00:04:12,084 --> 00:04:15,295
So, the client address is all zeroes and it's asking

74
00:04:15,303 --> 00:04:19,099
the DHCP server from the source port,

75
00:04:19,091 --> 00:04:22,936
bootp 68 to the destination of 67.

76
00:04:22,936 --> 00:04:27,169
It's asking - I don't have any IP address information,

77
00:04:27,169 --> 00:04:31,545
I am going to all apps broadcast out and try to figure out

78
00:04:31,545 --> 00:04:37,604
if there is a DHCP server out there 
for me to participate with.

79
00:04:37,607 --> 00:04:41,387
It will respond back with an offer,

80
00:04:41,387 --> 00:04:45,727
ok, and you can see down here,
the specific options.

81
00:04:45,741 --> 00:04:49,513
And then, a request packet back

82
00:04:49,513 --> 00:04:53,123
for the IP and then the actual acknowledgement.

83
00:04:53,123 --> 00:04:57,733
And through this process, you can see here

84
00:04:57,733 --> 00:05:01,924
that if there was something problematic within it,

85
00:05:01,934 --> 00:05:04,602
for example, if you had an issue where 

86
00:05:04,602 --> 00:05:10,729
you did not have the router 
configured with the relay agent,

87
00:05:10,729 --> 00:05:12,999
if you were doing a capture on both ends,

88
00:05:12,999 --> 00:05:16,785
you could quickly find that you did not have 

89
00:05:16,785 --> 00:05:19,786
this set up and it was, the packet was never getting

90
00:05:19,786 --> 00:05:23,412
to the DHCP server across the segment.

91
00:05:23,412 --> 00:05:26,956
So, that is one simple way

92
00:05:26,956 --> 00:05:31,348
to find if you have a communication issue.

93
00:05:31,348 --> 00:05:34,619
And the communications review would be,

94
00:05:34,619 --> 00:05:37,711
if the DHCP client sends the request,

95
00:05:37,711 --> 00:05:39,711
broadcasts on the network

96
00:05:39,711 --> 00:05:42,367
and the DHCP server responds

97
00:05:42,367 --> 00:05:45,933
then you did not, you either had the relay agent

98
00:05:45,933 --> 00:05:49,173
configured or it was local and wasn't passing the router.

99
00:05:49,173 --> 00:05:51,484
You would see that on the local segment

100
00:05:51,484 --> 00:05:54,576
or you would have to look inside the router

101
00:05:54,576 --> 00:05:58,516
to see if you had an IP helper address configured,

102
00:05:58,516 --> 00:06:01,422
you can go on either side of the router and

103
00:06:01,422 --> 00:06:04,630
run the capture and if you're on 
the other side of the router,

104
00:06:04,630 --> 00:06:06,630
where the DHCP server was living,

105
00:06:06,630 --> 00:06:09,768
and you did not see discovery packets, 

106
00:06:09,768 --> 00:06:14,121
then it's quite possible, or you do not see the request

107
00:06:14,121 --> 00:06:17,511
for the DHCP server to send the information back,

108
00:06:17,511 --> 00:06:20,453
it's quite possible that it is
misconfigured on the router.

109
00:06:20,453 --> 00:06:25,416
So, remember communications review -

110
00:06:25,416 --> 00:06:29,246
the client will make a request for an IP via broadcast.

111
00:06:29,246 --> 00:06:35,051
The DHCP server on a local segment will reply back,

112
00:06:35,043 --> 00:06:37,043
if it's on a separate segment.

113
00:06:37,043 --> 00:06:38,906
The router will need to participate.

114
00:06:38,906 --> 00:06:41,525
It will need to act as a relay agent.

115
00:06:41,525 --> 00:06:44,426
Remember that routers do not do this by default.

116
00:06:44,426 --> 00:06:46,666
They will have to be configured and 

117
00:06:46,666 --> 00:06:49,579
you can watch DORA discover, offer,

118
00:06:49,592 --> 00:06:51,592
request and acknowlegement,

119
00:06:51,592 --> 00:06:53,592
each step so that you can check

120
00:06:53,584 --> 00:06:57,306
the capture to see if in fact, this did work.

121
00:06:57,306 --> 00:06:59,106


122
00:06:59,106 --> 00:07:02,462
And the relay agents is used to pass the broadcast,

123
00:07:02,454 --> 00:07:04,454
facilitate the communication,

124
00:07:04,454 --> 00:07:09,089
facilitate DORA from the client to the server and back

125
00:07:09,089 --> 00:07:12,631
by bridging the communication

126
00:07:12,631 --> 00:07:14,981
and allowing it to communicate from client

127
00:07:14,981 --> 00:07:18,878
to the server by providing an IP helper address

128
00:07:18,878 --> 00:07:22,547
and or DHCP relay agent.

129
00:07:22,547 --> 00:07:25,944
And as a review,

130
00:07:25,944 --> 00:07:27,944
you could check your discovery packet,

131
00:07:27,944 --> 00:07:31,522
your offer, your request and your acknowledgement

132
00:07:31,522 --> 00:07:35,433
to check in to see exactly where it's sourcing from,

133
00:07:35,433 --> 00:07:38,049
what the destination is, if it's responding.

134
00:07:38,049 --> 00:07:40,145
If you're only seeing discovery packets,

135
00:07:40,152 --> 00:07:41,977
and you're not getting offers then

136
00:07:41,977 --> 00:07:44,202
obviously, there's a break in the communication.

137
00:07:44,202 --> 00:07:46,986
And or if you're looking at the DHCP server side

138
00:07:46,994 --> 00:07:51,353
and you're not seeing a request from a specific address,

139
00:07:51,353 --> 00:07:54,467
then it's likely it's not passing that traffic.

140
00:07:54,467 --> 00:07:56,467