Wireshark-users: Re: [Wireshark-users] Query on DHCP transactions

From: Kok-Yong Tan <ktan@xxxxxxxxxxxxxxxxxxx>
Date: Fri, 12 Mar 2010 01:35:37 -0500
Thanks for the response. Okay, so I now understand that it's not normal.

Could you elaborate on what you mean by "the unicast/broadcast option"? From where? The server or the client? Thus far, I've noticed a packet every second from the DHCP server (maintained by Time Warner, the cable ISP, so out of my control) to the multicast address of the client (a firewall, which is under my control) at 224.0.0.1 but how would this trigger the packet from the same DHCP server to the client at 255.255.255.255:68? It seems as if the DHCP server is responding with a packet but the response was not triggered by a DHCP request from the client (at least the logs aren't showing the firewall emitting any DHCP packets).

On Mar 12, 2010, at 01:07, Jaap Keuter wrote:

Hi,

Not really.
Note this is broadcast traffic, judging from the IP address. There
might be something going on with the unicast/broadcast option.

Thanks,
Jaap

Send from my iPhone

On 12 mrt 2010, at 01:34, Kok-Yong Tan <ktan@xxxxxxxxxxxxxxxxxxx> wrote:

Before hubbing out and firing up Wireshark, I got curious about
something while watching a log of DHCP transactions between a DHCP
server and client: Is it normal after the client has already obtained
an address, to see continuous attempts by the DHCP server to send
packets to 255.255.255.255:68 on the DHCP client if the DHCP client
is no longer asking for an address in a switched network?

--
Reality Artisans, Inc.             #   Network Wrangling and Delousing
P.O. Box 565, Gracie Station       #   Apple Certified Consultant
New York, NY 10028-0019            #   Apple Consultants Network member
<http://www.realityartisans.com>   #   Apple Developer Connection member
(212) 369-4876 (Voice) # My PGP public key can be found at <https://keyserver.pgp.com>