Would you like to inspect the original subtitles? These are the user uploaded subtitles that are being translated: 1 00:00:03,260 --> 00:00:09,010 Okay so let's have a look at why shock now before getting into the nitty gritty. 2 00:00:09,060 --> 00:00:15,840 I want to show you a really nice option in why a shock notice here we have messages discover offer request 3 00:00:15,870 --> 00:00:19,490 and acknowledgement in why shock. 4 00:00:19,680 --> 00:00:28,020 You can go to the statistics menu and click flow graph and you can see messages being sent on the network. 5 00:00:28,040 --> 00:00:33,750 I'm going to limit this to the photo which at the moment is DHEA P. 6 00:00:33,890 --> 00:00:38,700 And notice what you can see in the output here. 7 00:00:38,950 --> 00:00:41,830 Make this a bit smaller so I can zoom in. 8 00:00:41,890 --> 00:00:51,090 Notice we've got DHEA P discover with this transaction I.D. ending in c 3. 9 00:00:51,190 --> 00:00:52,360 Here's an offer. 10 00:00:52,640 --> 00:00:56,380 He has a request and he has an acknowledgement. 11 00:00:56,440 --> 00:01:00,540 This shows graphically the process of how the client. 12 00:01:00,550 --> 00:01:08,320 Notice there is no IP address here sends a broadcast message to 5 5 2 4 5 2 4 5 2 4 5 trying to discover 13 00:01:09,010 --> 00:01:10,540 the ATP servers on the network. 14 00:01:10,570 --> 00:01:12,160 So it's saying who's out there. 15 00:01:12,190 --> 00:01:17,350 I need an IP address the DHB server offers an IP address to the client. 16 00:01:17,370 --> 00:01:23,620 There may be multiple the ATP serves on the network so the DHB service that receive these discover messages 17 00:01:23,620 --> 00:01:26,210 will offer IP addresses to the client. 18 00:01:26,320 --> 00:01:29,680 The client will then request one of those IP addresses. 19 00:01:29,950 --> 00:01:35,880 In this example is only one DHB server so it's only going to request the IP address from that DHB server 20 00:01:36,160 --> 00:01:41,640 but if there were multiple DHB servers in the network it would request an IP address from one of them. 21 00:01:41,650 --> 00:01:50,260 Typically the first one to offer an IP address and then the DHB server will acknowledge that request. 22 00:01:50,260 --> 00:01:57,160 This is a great option and while shock you can graphically see discover offer request and acknowledgement 23 00:01:57,460 --> 00:02:01,090 again discover try and discover DHB servers on the network. 24 00:02:01,090 --> 00:02:04,300 The HP server will offer an IP address to the client. 25 00:02:04,420 --> 00:02:10,960 The client will then accept that offer and request the IP address from that DHB server and the DHB server 26 00:02:11,050 --> 00:02:17,150 will acknowledge that request now notice in the why shock capture. 27 00:02:17,180 --> 00:02:26,000 I've got a DHB discover DHB offer DHB request and DHB acknowledgement notice the IP address on the HP 28 00:02:26,150 --> 00:02:28,400 Discover there is no IP address. 29 00:02:28,610 --> 00:02:38,820 It's sending a message to a broadcast address so the C is trying to discover a DHB server on the Internet. 30 00:02:38,870 --> 00:02:49,050 Notice the MAC address ends in 80 b 0 going back to my P C notice MAC address ends in 8 0 b 0. 31 00:02:49,540 --> 00:02:56,800 So this message is being sent from that Windows P C we can also see that by looking at the client identifier. 32 00:02:56,830 --> 00:03:06,050 Notice MAC address their message type is DHB discover the piece is trying to discover a DHB server. 33 00:03:06,210 --> 00:03:10,450 And as mentioned notice it's requesting to use this IP address. 34 00:03:10,450 --> 00:03:16,750 The reason for that is because once again the P.C. use that IP address previously and is trying to get 35 00:03:16,780 --> 00:03:18,450 the same IP address. 36 00:03:18,580 --> 00:03:22,530 If a new device boots up it won't do that and I'll show you that in a moment. 37 00:03:22,780 --> 00:03:26,640 But because this M.S. age when 10. 38 00:03:26,700 --> 00:03:33,130 P.S. previously was allocated this IP address it's simply requesting the same IP address again. 39 00:03:33,160 --> 00:03:38,620 Notice you can see under whose name the name of this window's P.C. once again. 40 00:03:38,620 --> 00:03:40,710 There it is on the windows host. 41 00:03:40,870 --> 00:03:51,260 So in windows and in wire shock so first step is Discover piece he is trying to discover the DTP server. 42 00:03:51,260 --> 00:03:55,760 Now this IP address once again 10 1 1 2 5 4 is the DHB server. 43 00:03:55,760 --> 00:04:03,290 In our example this is the router Rod is configured with this IP address so the router replies back 44 00:04:04,470 --> 00:04:10,680 to a broadcast address because the client doesn't have an IP address yet it can send a message to an 45 00:04:10,680 --> 00:04:17,100 IP address because the client doesn't have an IP address so broadcasts saying your IP address is this 46 00:04:17,520 --> 00:04:23,420 so your client IP addresses this your client MAC address remember ending an 8 0 0 0. 47 00:04:23,550 --> 00:04:26,130 That is the MAC address of this windows. 48 00:04:26,140 --> 00:04:30,920 P.S. so that MAC address will get this IP address. 49 00:04:31,170 --> 00:04:32,110 Option 53. 50 00:04:32,110 --> 00:04:40,300 This is an offer from this DHB server I'll just jump back for a moment. 51 00:04:40,320 --> 00:04:48,140 Notice the protocol used here is UDP from source port 68 to destination port 67. 52 00:04:48,630 --> 00:04:53,910 But here we we're using DHL P which uses UDP. 53 00:04:53,910 --> 00:04:58,950 In this example source port is 67 going to destination port 68. 54 00:04:58,950 --> 00:05:07,380 And again the server with this identifier is allocating an IP address to the client with a lease time 55 00:05:07,410 --> 00:05:08,680 of one day. 56 00:05:08,760 --> 00:05:11,550 It needs to renew after 12 days. 57 00:05:11,550 --> 00:05:18,920 As I said previously typically after half the lease period clients will be told to renew notice subnet 58 00:05:18,920 --> 00:05:20,810 mask default gateway. 59 00:05:20,870 --> 00:05:28,460 Option 3 here default gateway or broader DNS server option 6 and option 15 is domain name. 60 00:05:28,910 --> 00:05:33,570 So that's the offer from the DHB server to the client. 61 00:05:33,770 --> 00:05:39,800 The client then requests that IP address the reason why is we could have multiple servers offering IP 62 00:05:39,800 --> 00:05:42,870 addresses to the client and it needs to request one of them. 63 00:05:42,920 --> 00:05:48,520 So you could have two DHB servers offering IP addresses to the client it needs to choose one typically 64 00:05:48,530 --> 00:05:51,120 chooses the one that replied first. 65 00:05:51,140 --> 00:05:58,890 So going up notice it UDP source port 68 going to 67 mac addresses the client. 66 00:05:59,850 --> 00:06:01,720 It's a request. 67 00:06:01,920 --> 00:06:09,600 So we're requesting that this MAC address use this IP address the IP address that was offered by the 68 00:06:09,900 --> 00:06:17,170 server so back again notice the server offered that IP address to the client and that's the IP address 69 00:06:17,170 --> 00:06:23,490 that the client is requesting to use the requested IP addresses this from this DHB server. 70 00:06:23,530 --> 00:06:31,110 This is my who's name because this is Windows that asks for net by us old protocol ask for other information 71 00:06:31,110 --> 00:06:33,960 such as private classless static right et cetera. 72 00:06:34,170 --> 00:06:37,870 And then lastly the server acknowledges that request. 73 00:06:38,040 --> 00:06:42,460 So UDP source port 67 to port 68. 74 00:06:42,660 --> 00:06:46,570 The service saying I acknowledge this as your IP address. 75 00:06:46,680 --> 00:06:48,460 This is your mac address. 76 00:06:48,510 --> 00:06:53,780 It's an acknowledgement and then similar kind of information is displayed once again. 77 00:06:53,820 --> 00:06:56,860 So notice we have four messages here. 78 00:06:57,030 --> 00:07:01,110 Discover offer request and acknowledgement. 79 00:07:01,220 --> 00:07:01,430 Okay. 80 00:07:01,440 --> 00:07:07,960 So that was why Ashok let's have a look on the road Roda. 81 00:07:08,050 --> 00:07:11,950 So again this is the MAC address of our client. 82 00:07:11,950 --> 00:07:21,690 This is the IP address that it got from the DHB server on the road and now show IP DHB bindings. 83 00:07:21,730 --> 00:07:33,570 Notice this MAC address was allocated this IP address automatically show IPD HP server statistics. 84 00:07:34,000 --> 00:07:38,200 We can see as an example that we have one address pull. 85 00:07:38,560 --> 00:07:41,400 There's been five discovered messages were received. 86 00:07:41,400 --> 00:07:47,860 There's been told for DHB requests and three offers and five acknowledgements a bunch of stuff has been 87 00:07:47,860 --> 00:07:49,890 going on in the background here. 88 00:07:51,390 --> 00:07:56,910 Most important command here is typically binding so that you can see which client received which IP 89 00:07:56,910 --> 00:07:58,280 address. 90 00:07:58,320 --> 00:08:00,930 Okay so I have got a linux host here. 91 00:08:00,930 --> 00:08:10,290 I'll start this linux host up go back into why a shock and what you'll see is we've got a bunch of DTP 92 00:08:10,290 --> 00:08:11,460 messages now. 93 00:08:11,910 --> 00:08:18,600 What I can do very nicely in why shock is do a filter so that I only see one host. 94 00:08:18,660 --> 00:08:28,260 Notice this MAC address here ends in C 955 that is the MAC address of the Linux client 95 00:08:30,960 --> 00:08:34,820 we can see as an example that this Linux client has obtained this IP address. 96 00:08:34,980 --> 00:08:42,900 I have Conficker because this is Linux shows me IP address shows me the MAC address ending and c 955 97 00:08:43,590 --> 00:08:46,880 in y shock I could actually add this as a filter. 98 00:08:47,760 --> 00:08:51,240 So add this as and selected. 99 00:08:51,240 --> 00:08:59,380 So this changes the Y shock filter to only show me that P C rather than the windows. 100 00:08:59,390 --> 00:09:04,260 P.S. Some only seeing the messages from that Linux client. 101 00:09:04,260 --> 00:09:08,040 So notice she has a Discover message sent out a broadcast. 102 00:09:08,130 --> 00:09:11,220 This is the offer from the DSP server. 103 00:09:11,220 --> 00:09:14,290 He has a request and he has an acknowledgement. 104 00:09:14,350 --> 00:09:18,680 So if we look at the Discover message notice it doesn't have an IP address. 105 00:09:18,720 --> 00:09:26,700 It's sending out a broadcast with its Mac address trying to discover DHB server it wants various parameters 106 00:09:26,700 --> 00:09:38,050 including A.P. the DHB server replies back with an offer offering this IP address 10 1 1 1 2 this client 107 00:09:38,710 --> 00:09:44,010 DHB servers this again lease time renewal time. 108 00:09:44,040 --> 00:09:52,020 Other information is displayed so on the client I can see that it got given this IP address by the DHB 109 00:09:52,020 --> 00:10:01,080 server it requested that IP address so request of this IP address and the DHB server acknowledged that 110 00:10:01,110 --> 00:10:02,310 IP address. 111 00:10:02,310 --> 00:10:05,040 Okay so that was quite a detailed video. 112 00:10:05,260 --> 00:10:10,690 I hope after this video you really understand how DHB works. 11866