Over breakfast coffee, I analyzed the Ethereal output from the DHCP discovery process that took place last night on the non-domain kitchen PC. It was textbook but for one thing: The PC sent out three DISCOVER packets at 0 seconds, 3 seconds and 11 seconds, each followed by an OFFER from the server within .0007 seconds! Why didn’t the PC respond to the first. I did notice at the pc some delay after I typed IPCONFIG /RENEW. I was even thinking that it may have failed since I’d guess it was about 15 seconds before the DOS prompt came back.
It was very interesting to see the format of the OFFER packet:
Note the hard coded renewal and rebinding times, i.e, 50% (1.5 days on a 3 day lease) and the 87.5%, which I had assumed was computed by the client. Instead it appears that the server does the computation and dictates the time frame.
The REQUEST and ACK seem to have all this information included, too. I guess this is to provide unique values since all packets are 255.255.255.255 broadcast packets. I’ll look to see if the MAC address is within… Yes, it’s embedded in the packet.
Thanks, Ethereal for clarifying all this cryptic stuff that’s all in binary within the packets!