How IP layer check if it is DHCP request - networking

When a DHCP request packet is received on router(configured with ip-helper), it redirects it to DHCP server. I would like to know that how router come to know that it is DHCP request packet. As it is defined by port no. which exist on transport layer. in Same way, how a router uses TCP port for BGP. But how could router use transport layer port no. as it is L3 device.

As Vidal said, DHCP requests are broadcast.
A host(the DHCP client), upon joining the networking will send out a DHCP discovery broadcast message. It doesn't know the address of the DHCP server, so it will talk with everyone currently connected to the network to discover if a DHCP server exists. The port is 67.
If there is a DHCP server, it will offer an IP address to the host. There might be many DHCP servers, in this case, it'll take the IP address of the first DHCP server that responded.
Once the host selects an IP address, it will send a DHCP request back to the server for that specific IP address.
The DHCP server will then acknowledge this message and confirm the DHCP lease to the client.
For a more clearer explanation, just read this article.

Related

When client request a IP address from DHCP server, why does it also use ARP?

When I use Wireshark to observe the process of the DHCP process, I noticed that the server also use ARP broadcast a message? I want to know what the use of this message. Like it shows on the screenshot, the broadcast message ask who has the IP 192.168.0.1.
the screenshot of Wireshot
Actually, DHCP server is configured to execute ARP before offering an IP address to a DHCP client to ensure that IP address has not been allocated to another client on the network. Because there may be several DHCP servers in the same network

How to get the destination IP when accepting a connection with a UdpSocket?

I am using UdpSocket to create a server, binding to 0.0.0.0:serverport. I can get the source IP when a datagram arrives by using recv_from.
However, I need to get my local server's IP (destination IP) which the remote client contacted. I can see it in Wireshark but cannot obtain it via the API.
Motivation: I have 2 IPs from same network, eth and wlan. When a client contacts me on my wlan IP, in Wireshark I see the response UDP packet will have the correct port (same as request), but the source IP is the IP of my eth interface, thus the client will not receive the answer. Listening on just my wlan IP does solve the issue, but I want to listen on all interfaces.

Is ARP applicable out of a subnet?

When a computer, with IP address IPs and default gateway IPg, is sending a datagram to destination with IP address IPd on a different subnet, it will perform:
a)- ARP(IPg)
b)- ARP( IPd)
c)- ARP(IPs)
d)- ARP(0)
Sending packet to another subnet actually means sending packet to gateway, since gateway is responsible for proper routing between subnets. Thus computer will perform discovery of gateway MAC address unless it's cached.

Server or router assigns ip address

Im new to networking,If I have a window server and in that server I have a normal soho router, will that server assign the ip address to each device? or will that router do it. What I've learned is that the server is suppose to be the DHCP but sometimes if you plug a router directly in the server it kicks the server off and the router starts to assign the ip address. If that is so, how would you fix that?
Most routers will take on the role of a DHCP Server out-of-the-box. That is, they will distribute ip addresses to whatever DHCP Client requests an address.
By default, a Windows server will not have set up a fully configured DHCP Server.
By default a Windows machine (either client or server) and most other networked devices will have set their network interface to be a DHCP Client.
Therefore, by simply plugging in your Windows server to one of your router's LAN ports will make the router set the Windows server's network interface to the next available ip address using DHCP.
If you were to connect more devices to the router's LAN ports it will still be the router that assigns those extra devices an ip address.
Ideally you want only one DHCP server in your network.
Also, if you want your Windows server to always have the same ip address you can do two things:
Log in to the router and set a fixed ip address for your Windows server network card's unique MAC address.
Modify the router's DHCP range (e.g. from .10 to .200) so it leaves some addresses free (e.g. .1 to .9 and from .201 to .254). Then set your Windows server network card's fixed IPV4 address to a fixed address (e.g. .210). You may also need to set a DNS server then.
This is only briefly skimming the subject of IPV4 networks, DHCP and friends so when you have some time try to read the wikipedia pages for them.
http://en.wikipedia.org/wiki/IPv4
http://en.wikipedia.org/wiki/Dynamic_Host_Configuration_Protocol
Server assigns your public IP address, in fact it assigns your router a public IP address.
While the router assigns each device connected a local IP address.
With respect to your router, the IP address server assigns it is its IPv4 address and the addresses router assigns to its clients are IPv6 address.
When you browse the internet through your router, the router reads your requests and responds according to that IPv6 address and when the router requests something to the server, server sees it as its IPv4 address. :)

How do two computers connect to same external address through NAT?

If I have two internal computers connecting to the same external IP address through a NAT router, how is the router able to get the traffic to the correct internal computer? It is my understanding that NAT forwards incoming packets to the computer that recently sent outgoing packets to the [incoming packet's] sender's IP address. Since both computers are sending to the same address, does the router forward the packet to both? If that is the case, is it the responsibility of the client software to determine which packets are relevant?
Is it possible if both computers are attempting to connect to the same port?
When you open a socket, you need to address a port of the destination system and open a conjugate listening port on your own system to receive any response. You have to send the destination system your listening port.
Having more than one system using the same modem
When you start a web browser, and go to www.google.com:80, your browser obtains/searches for a free non-system conjugate port from the system for listening. Let us say, the conjugate port is 10000. The listener port is for receiving the http stream back from google.
Then your kid sitting next to you incidentally also browses www.google.com:80 and his/her google session of the play station or xbox-whatever also incidentally is assigned conjugate port 10000.
Both of you are sitting behind a cable modem, and behind the cable modem is your wireless router. And both of your systems are behind the wireless router - All sitting in that sequence, network topology-wise.
To prevent port address collision on the router/modem
Let us say that your cable company DHCP assigns your modem ip4 adress 72.72.72.72. But your wireless router DHCP assigns 192.168.0.10 to your system and to 192.168.0.11 to your kid's system.
When the frame carrying the information of your listener ports passes thro your NAT router, it would translate either one or both listening- ports. Let's say port 15000 for your page and port 16000 for your kid's page.
Your wireless router then sends your requests to google server as coming from 72.72.72.72:15000 and 72.72.72.72:16000.
The google server then responds individually to 72.72.72.72:15000 and 72.72.72.72:16000 and when you wireless router encounters the response, it reaches into the mapping that it has stored and translates 72.72.72.72:15000 to 192.168.0.10:10000 to reach your system but translates 72.72.72.72:16000 to 192.168.0.11:10000 to reach your kid's system.
Running web/game/ftp/etc servers
But what if you have a web server or an ftp server running on your system. What if you have two systems and both have a web server and both web servers are listening on port 80?
Let us say the local ip addresses registered/assigned with your wireless router of your first web server system is 192.168.0.30 and your second web server system is 192.168.0.40.
The wireless router would have a configuration web page usually by default 192.168.0.1:80, unless you changed it. There would be a tab to on the page where you could define/reserve application port mappings.
You could register with your wireless router to reserve the mapping
192.168.0.30:80 => outgoing port 8080
192.168.0.40:80 => outgoing port 8088
So that you have to phone your friends your web/game servers are addressable through
72.72.72.72:8080 and 72.72.72.72:8088 respectively,
where the wireless router would preclude its port 8080 and 8088 from its own dynamic NAT usage.
Of course, 72.72.72.72 is as good as only before your ISP DHCP decide to renew the ip4 address of your modem to say, 72.72.90.200. After which you would have to phone/email your friends and say
Hey, the servers' addresses have changed to 72.72.90.200:8080 and 72.72.90.200:8088 respectively. Or you could subscribe to dynamic dns (ddns) service to use a named domain where the ddns service will need you to install a simple heartbeat utility on your system to help them monitor the address variation. DDNS translation is a separate issue/strategy.
NAT modems
Newer ISP contracts supply you with a modem that has NAT. If so, you have to switch off either the one on your modem or the one on your wireless router. You should not use both - what's the point in translating twice because NAT is simply to prevent address collision. When you switch off NAT from your wireless router, it can operate as a hub switch and not a router anymore so that you could connect it to the modem using one of its LAN socket instead of thro its WAN socket.
The router manages "source" ports that are separate for each computer. While you may be connecting to port 80 on the "destination" the router may assign the source port to some high number port.
Wikipedia sums it up as
Network address translation involves
re-writing the source and/or
destination IP addresses and usually
also the TCP/UDP port numbers of IP
packets as they pass through the NAT.
Checksums (both IP and TCP/UDP) must
also be rewritten to take account of
the changes.
Already good answers are provided, but here is another example:
HOST A addr HOST B addr
10.1.0.2:4040 10.1.0.3:4040
-----------------------------------------
NAT 200.50.50.28:4040 200.50.50.28:4041 (what external host sees)
200.50.50.28 is router's global (internet) IP.
Every port number is unique in the NAT table. And of course the router does all the dirty job of modifying the source and destination addresses transparently.
It uses different ports for incoming external traffic, and the NAT then routes the packets on one port to one internal IP address, and the packets from the other port to the other internal IP address... The iniital request from each internal computer, when it goes through the NAT on the way out, establishes which port will be used for the incoming traffic from the external ip address, and it tells the external server what port to send it's traffic back on for that connection.
RFC3022 provides a lot of information on how this works
Since public facing or external IP Address that was given by Internet Service Provider (ISP) has been discussed, I would like to add on this.
You can ask your ISP to have your public IP Address not change. It will become static, so that you do not have to inform your friends to change the IP Address if they want to access your server inside your Network Address Translator (NAT).
As of this writing, static IP Address cost around 100 bucks. Most of the ISP they call it business account.
You can determine your public facing IP Address by googling "what is my ip address".

Resources