Sniffing DHCP in GNS3: Wireshark Capture of DORA Process

DHCP (Dynamic Host Configuration Protocol)

• DHCP automatically assigns IP addresses to devices on a network

• Reduces manual configuration errors

• Works at the Application Layer

• Uses UDP protocol

  • Server port: 67

  • Client port: 68

DHCP Process (DORA Steps)

1. Discover – Client broadcasts to find a DHCP server

2. Offer – Server offers an IP address

3. Request – Client requests the offered IP

4. Acknowledge – Server confirms and leases the IP

DHCP Lease Concepts

• IP addresses are given for a limited time (lease)

• Client must renew the lease before it expires

• Lease can be:

  • Short (guest networks)

  • Long (office networks)

Information Provided by DHCP

• IP address

• Subnet mask

• Default gateway

• DNS server address

• Lease duration

DHCP Server Types

• Dedicated DHCP server

• Router-based DHCP

• ISP-provided DHCP

• Cloud DHCP services

DHCP Security Tips

• Enable DHCP Snooping to prevent rogue servers

• Use static IPs for critical devices (servers, printers)

• Monitor lease logs regularly

Common DHCP Issues

• IP address conflicts

• DHCP server down

• Limited IP pool exhausted

• Incorrect scope configuration

DHCP vs Static IP

• DHCP:

  • Automatic

  • Scalable

  • Less admin work

• Static IP:

  • Manual

  • More control

  • Used for servers/network devices

Lab Objective

• Configure a Cisco Router (R1) as a DHCP Server

• Client (VPCS / PC1) obtains IP automatically

• Verify DORA process using Wireshark

• Validate IP, Gateway, DNS, and Lease

Network Topology

STEP 1: Configure Router Interface (R1)

Enter privileged and global config mode:

Configure FastEthernet0/0:

This makes R1 the default gateway for the LAN.

STEP 2: Create DHCP Pool on Router

Enter DHCP configuration mode:

Define network and mask:

Set default gateway (Router IP):

Set DNS server:

Exit DHCP mode:

STEP 3 (Optional but Recommended): Exclude Static IPs

Prevent router IP from being leased:

Optional range exclusion example:

STEP 4: Configure PC1 as DHCP Client (VPCS)

Open PC1 console:

Expected output:

✔ DHCP process completed successfully

STEP 5: Verify IP Configuration on PC1

Expected output:

STEP 6: Capture DHCP Traffic with Wireshark

• Start capture on R1 ↔ Switch link

• Apply display filter:

• Observe DORA sequence:

STEP 7: CEH / Security Observations (Important)

• DHCP uses UDP 67 (server) / 68 (client)

• Discover & Request are broadcast

• Offer & ACK are unicast

• Vulnerable to:

  • Rogue DHCP servers

  • DHCP starvation attacks

• Defense:

  • DHCP Snooping

  • Port security

  • Trusted/untrusted ports

💖 Support Our Work

If you find this post helpful and would like to support my work, you can send a donation via TRC-20 (USDT). Your contributions help us keep creating and sharing more valuable content.

Thank you for your generosity! 🙏

Keywords

DHCP, DORA, DHCP Discover, DHCP Offer, DHCP Request, DHCP ACK, UDP 67, UDP 68, Broadcast, Unicast, IP Lease, Default Gateway, DNS Server, DHCP Pool, Scope, Excluded Address, Rogue DHCP, DHCP Snooping, Wireshark, VPCS, nerd cafe , نرد کافه

Channel Overview

🌐 Website: www.nerd-cafe.ir

📺 YouTube: @nerd-cafe

🎥 Aparat: nerd_cafe

📌 Pinterest: nerd_cafe

📱 Telegram: @nerd_cafe

📝 Blog: Nerd Café on Virgool

💻 GitHub: nerd-cafe