DHCP (Dynamic Host Configuration Protocol) DHCP operations fall into four phases: server discovery, IP lease offer, IP lease request, and IP lease acknowledgement. These stages are often abbreviated as DORA for discovery, offer, request, and acknowledgement.
Port Number: UDP port number 67 (also called “port bootps” ) is the destination port of a server, and UDP port number 68 (also called “port bootpc”) is used by the client.
RFC 2131 : https://tools.ietf.org/html/rfc2131
Wireshark : Use the filter “bootp” to filter DHCP packets
DHCP.pcap >>>>>>>>>>>>>>> Download
The Address Resolution Protocol (ARP) is a protocol used by the Internet Protocol, specifically IPv4, to map IP network addresses to the hardware addresses used by a data link protocol. The protocol operates below the network layer as a part of the interface between the OSI network and OSI link layer.
There are four types of arp messages that may be sent by the arp protocol.
- Gratuitous ARP
- Proxy ARP
RFC 826 : https://www.ietf.org/rfc/rfc826.txt
Wireshark : Use the filter “arp” to filter ARP packets
ARP.pcap >>>>>>>>>>>>>>> Download
♦ ICMP (PING):
Ping is a command-line utility, available on virtually any operating system with network connectivity, that acts as a test to see if a networked device is reachable.
The ping command sends a request over the network to a specific device. A successful ping results in a response from the computer that was pinged back to the originating device.
Ping operates by sending Internet Control Message Protocol (ICMP) echo request packets to the target host and waiting for an ICMP echo reply. The program reports errors, packet loss, and a statistical summary of the results, typically including the minimum, maximum, the mean round-trip times, and standard deviation of the mean.
RFC 826 : https://tools.ietf.org/html/rfc792
Wireshark : Use the filter “icmp” to filter ICMP packets
Ping.pcap >>>>>>>>>>>>>>> Download