Would you like to inspect the original subtitles? These are the user uploaded subtitles that are being translated:
1
00:00:03,260 --> 00:00:09,010
Okay so let's have a look at why shock now before getting into the nitty gritty.
2
00:00:09,060 --> 00:00:15,840
I want to show you a really nice option in why a shock notice here we have messages discover offer request
3
00:00:15,870 --> 00:00:19,490
and acknowledgement in why shock.
4
00:00:19,680 --> 00:00:28,020
You can go to the statistics menu and click flow graph and you can see messages being sent on the network.
5
00:00:28,040 --> 00:00:33,750
I'm going to limit this to the photo which at the moment is DHEA P.
6
00:00:33,890 --> 00:00:38,700
And notice what you can see in the output here.
7
00:00:38,950 --> 00:00:41,830
Make this a bit smaller so I can zoom in.
8
00:00:41,890 --> 00:00:51,090
Notice we've got DHEA P discover with this transaction I.D. ending in c 3.
9
00:00:51,190 --> 00:00:52,360
Here's an offer.
10
00:00:52,640 --> 00:00:56,380
He has a request and he has an acknowledgement.
11
00:00:56,440 --> 00:01:00,540
This shows graphically the process of how the client.
12
00:01:00,550 --> 00:01:08,320
Notice there is no IP address here sends a broadcast message to 5 5 2 4 5 2 4 5 2 4 5 trying to discover
13
00:01:09,010 --> 00:01:10,540
the ATP servers on the network.
14
00:01:10,570 --> 00:01:12,160
So it's saying who's out there.
15
00:01:12,190 --> 00:01:17,350
I need an IP address the DHB server offers an IP address to the client.
16
00:01:17,370 --> 00:01:23,620
There may be multiple the ATP serves on the network so the DHB service that receive these discover messages
17
00:01:23,620 --> 00:01:26,210
will offer IP addresses to the client.
18
00:01:26,320 --> 00:01:29,680
The client will then request one of those IP addresses.
19
00:01:29,950 --> 00:01:35,880
In this example is only one DHB server so it's only going to request the IP address from that DHB server
20
00:01:36,160 --> 00:01:41,640
but if there were multiple DHB servers in the network it would request an IP address from one of them.
21
00:01:41,650 --> 00:01:50,260
Typically the first one to offer an IP address and then the DHB server will acknowledge that request.
22
00:01:50,260 --> 00:01:57,160
This is a great option and while shock you can graphically see discover offer request and acknowledgement
23
00:01:57,460 --> 00:02:01,090
again discover try and discover DHB servers on the network.
24
00:02:01,090 --> 00:02:04,300
The HP server will offer an IP address to the client.
25
00:02:04,420 --> 00:02:10,960
The client will then accept that offer and request the IP address from that DHB server and the DHB server
26
00:02:11,050 --> 00:02:17,150
will acknowledge that request now notice in the why shock capture.
27
00:02:17,180 --> 00:02:26,000
I've got a DHB discover DHB offer DHB request and DHB acknowledgement notice the IP address on the HP
28
00:02:26,150 --> 00:02:28,400
Discover there is no IP address.
29
00:02:28,610 --> 00:02:38,820
It's sending a message to a broadcast address so the C is trying to discover a DHB server on the Internet.
30
00:02:38,870 --> 00:02:49,050
Notice the MAC address ends in 80 b 0 going back to my P C notice MAC address ends in 8 0 b 0.
31
00:02:49,540 --> 00:02:56,800
So this message is being sent from that Windows P C we can also see that by looking at the client identifier.
32
00:02:56,830 --> 00:03:06,050
Notice MAC address their message type is DHB discover the piece is trying to discover a DHB server.
33
00:03:06,210 --> 00:03:10,450
And as mentioned notice it's requesting to use this IP address.
34
00:03:10,450 --> 00:03:16,750
The reason for that is because once again the P.C. use that IP address previously and is trying to get
35
00:03:16,780 --> 00:03:18,450
the same IP address.
36
00:03:18,580 --> 00:03:22,530
If a new device boots up it won't do that and I'll show you that in a moment.
37
00:03:22,780 --> 00:03:26,640
But because this M.S. age when 10.
38
00:03:26,700 --> 00:03:33,130
P.S. previously was allocated this IP address it's simply requesting the same IP address again.
39
00:03:33,160 --> 00:03:38,620
Notice you can see under whose name the name of this window's P.C. once again.
40
00:03:38,620 --> 00:03:40,710
There it is on the windows host.
41
00:03:40,870 --> 00:03:51,260
So in windows and in wire shock so first step is Discover piece he is trying to discover the DTP server.
42
00:03:51,260 --> 00:03:55,760
Now this IP address once again 10 1 1 2 5 4 is the DHB server.
43
00:03:55,760 --> 00:04:03,290
In our example this is the router Rod is configured with this IP address so the router replies back
44
00:04:04,470 --> 00:04:10,680
to a broadcast address because the client doesn't have an IP address yet it can send a message to an
45
00:04:10,680 --> 00:04:17,100
IP address because the client doesn't have an IP address so broadcasts saying your IP address is this
46
00:04:17,520 --> 00:04:23,420
so your client IP addresses this your client MAC address remember ending an 8 0 0 0.
47
00:04:23,550 --> 00:04:26,130
That is the MAC address of this windows.
48
00:04:26,140 --> 00:04:30,920
P.S. so that MAC address will get this IP address.
49
00:04:31,170 --> 00:04:32,110
Option 53.
50
00:04:32,110 --> 00:04:40,300
This is an offer from this DHB server I'll just jump back for a moment.
51
00:04:40,320 --> 00:04:48,140
Notice the protocol used here is UDP from source port 68 to destination port 67.
52
00:04:48,630 --> 00:04:53,910
But here we we're using DHL P which uses UDP.
53
00:04:53,910 --> 00:04:58,950
In this example source port is 67 going to destination port 68.
54
00:04:58,950 --> 00:05:07,380
And again the server with this identifier is allocating an IP address to the client with a lease time
55
00:05:07,410 --> 00:05:08,680
of one day.
56
00:05:08,760 --> 00:05:11,550
It needs to renew after 12 days.
57
00:05:11,550 --> 00:05:18,920
As I said previously typically after half the lease period clients will be told to renew notice subnet
58
00:05:18,920 --> 00:05:20,810
mask default gateway.
59
00:05:20,870 --> 00:05:28,460
Option 3 here default gateway or broader DNS server option 6 and option 15 is domain name.
60
00:05:28,910 --> 00:05:33,570
So that's the offer from the DHB server to the client.
61
00:05:33,770 --> 00:05:39,800
The client then requests that IP address the reason why is we could have multiple servers offering IP
62
00:05:39,800 --> 00:05:42,870
addresses to the client and it needs to request one of them.
63
00:05:42,920 --> 00:05:48,520
So you could have two DHB servers offering IP addresses to the client it needs to choose one typically
64
00:05:48,530 --> 00:05:51,120
chooses the one that replied first.
65
00:05:51,140 --> 00:05:58,890
So going up notice it UDP source port 68 going to 67 mac addresses the client.
66
00:05:59,850 --> 00:06:01,720
It's a request.
67
00:06:01,920 --> 00:06:09,600
So we're requesting that this MAC address use this IP address the IP address that was offered by the
68
00:06:09,900 --> 00:06:17,170
server so back again notice the server offered that IP address to the client and that's the IP address
69
00:06:17,170 --> 00:06:23,490
that the client is requesting to use the requested IP addresses this from this DHB server.
70
00:06:23,530 --> 00:06:31,110
This is my who's name because this is Windows that asks for net by us old protocol ask for other information
71
00:06:31,110 --> 00:06:33,960
such as private classless static right et cetera.
72
00:06:34,170 --> 00:06:37,870
And then lastly the server acknowledges that request.
73
00:06:38,040 --> 00:06:42,460
So UDP source port 67 to port 68.
74
00:06:42,660 --> 00:06:46,570
The service saying I acknowledge this as your IP address.
75
00:06:46,680 --> 00:06:48,460
This is your mac address.
76
00:06:48,510 --> 00:06:53,780
It's an acknowledgement and then similar kind of information is displayed once again.
77
00:06:53,820 --> 00:06:56,860
So notice we have four messages here.
78
00:06:57,030 --> 00:07:01,110
Discover offer request and acknowledgement.
79
00:07:01,220 --> 00:07:01,430
Okay.
80
00:07:01,440 --> 00:07:07,960
So that was why Ashok let's have a look on the road Roda.
81
00:07:08,050 --> 00:07:11,950
So again this is the MAC address of our client.
82
00:07:11,950 --> 00:07:21,690
This is the IP address that it got from the DHB server on the road and now show IP DHB bindings.
83
00:07:21,730 --> 00:07:33,570
Notice this MAC address was allocated this IP address automatically show IPD HP server statistics.
84
00:07:34,000 --> 00:07:38,200
We can see as an example that we have one address pull.
85
00:07:38,560 --> 00:07:41,400
There's been five discovered messages were received.
86
00:07:41,400 --> 00:07:47,860
There's been told for DHB requests and three offers and five acknowledgements a bunch of stuff has been
87
00:07:47,860 --> 00:07:49,890
going on in the background here.
88
00:07:51,390 --> 00:07:56,910
Most important command here is typically binding so that you can see which client received which IP
89
00:07:56,910 --> 00:07:58,280
address.
90
00:07:58,320 --> 00:08:00,930
Okay so I have got a linux host here.
91
00:08:00,930 --> 00:08:10,290
I'll start this linux host up go back into why a shock and what you'll see is we've got a bunch of DTP
92
00:08:10,290 --> 00:08:11,460
messages now.
93
00:08:11,910 --> 00:08:18,600
What I can do very nicely in why shock is do a filter so that I only see one host.
94
00:08:18,660 --> 00:08:28,260
Notice this MAC address here ends in C 955 that is the MAC address of the Linux client
95
00:08:30,960 --> 00:08:34,820
we can see as an example that this Linux client has obtained this IP address.
96
00:08:34,980 --> 00:08:42,900
I have Conficker because this is Linux shows me IP address shows me the MAC address ending and c 955
97
00:08:43,590 --> 00:08:46,880
in y shock I could actually add this as a filter.
98
00:08:47,760 --> 00:08:51,240
So add this as and selected.
99
00:08:51,240 --> 00:08:59,380
So this changes the Y shock filter to only show me that P C rather than the windows.
100
00:08:59,390 --> 00:09:04,260
P.S. Some only seeing the messages from that Linux client.
101
00:09:04,260 --> 00:09:08,040
So notice she has a Discover message sent out a broadcast.
102
00:09:08,130 --> 00:09:11,220
This is the offer from the DSP server.
103
00:09:11,220 --> 00:09:14,290
He has a request and he has an acknowledgement.
104
00:09:14,350 --> 00:09:18,680
So if we look at the Discover message notice it doesn't have an IP address.
105
00:09:18,720 --> 00:09:26,700
It's sending out a broadcast with its Mac address trying to discover DHB server it wants various parameters
106
00:09:26,700 --> 00:09:38,050
including A.P. the DHB server replies back with an offer offering this IP address 10 1 1 1 2 this client
107
00:09:38,710 --> 00:09:44,010
DHB servers this again lease time renewal time.
108
00:09:44,040 --> 00:09:52,020
Other information is displayed so on the client I can see that it got given this IP address by the DHB
109
00:09:52,020 --> 00:10:01,080
server it requested that IP address so request of this IP address and the DHB server acknowledged that
110
00:10:01,110 --> 00:10:02,310
IP address.
111
00:10:02,310 --> 00:10:05,040
Okay so that was quite a detailed video.
112
00:10:05,260 --> 00:10:10,690
I hope after this video you really understand how DHB works.
11866
Can't find what you're looking for?
Get subtitles in any language from opensubtitles.com, and translate them here.