February 2019, Reading time: 2 minutes
In this post, I will analyze the dhcp process using wireshark. Before I begin a few things to note. On windows if you do an ipconfig /release the pc will not go through the entire dhcp process and most likely will send a request, requesting the same ip address. to force the whole process you have to do, net stop dhcp. net start dhcp.
The pc in the beginning has no ip address, so it broadcasts a dhcp discover message with hardware destination address FF:FF:FF:FF:FF:FF and destination IP 255.255.255.255. It also uses udp protocol ports 67 and 68.
you can download the file from here. or you can do right click open in new tab to see full size picture
If there is a server in the local lan, it will reply with a dhcp offer, offering an IP address to the client. the offer is still broadcast, since the pc has still no ip address. (there are cases where you can see a unicast. this depends on how your dhcp router/server is configured).
The pc will receive the offer, and send a request, again as broadcast. If it receives more than one offer, then usually, it accepts the first one.
Finally, the server will send an acknowledgement.
the whole process is also known as DORA, from Discover, Offer, Request, Ack