Friday, March 23, 2012

What is the difference between broadcast, unicast and multicast?

Unicast - A transmission to a single interface card.
Multicast - A transmission to a group of interface cards on the network.
Broadcast - A transmission to all interface cards on the network.

broadcast- sending information to all the pc's in a network
Multicast-sending infromation to a particular group
unicast-sending information to a particular pc.

unicast,broadcast,multicast
http://www.erg.abdn.ac.uk/~gorry/course/intro-pages/uni-b-mcast.html







  • Unicast
Unicast is the term used to describe communication where a piece of information is sent from one point to another point. In this case there is just one sender, and one receiver.
Broadcast
Broadcast is the term used to describe communication where a piece of information is sent from one point to all other points. In this case there is just one sender, but the information is sent to all connected receivers
Multicast
Multicast is the term used to describe communication where a piece of information is sent from one or more points to a set of other points. In this case there is may be one or more senders, and the information is distributed to a set of receivers (theer may be no receivers, or any other number of receivers).
http://www.erg.abdn.ac.uk/users/gorry/course/intro-pages/uni-b-mcast.html

  • What is Unicast, Broadcast, Multicast & Anycast?

Unicast
Example: 1) Browsing a website. (Webserver is the sender and your computer is the receiver.) 2) Downloading a file from a FTP Server. (FTP Server is the sender and your computer is the receiver).

Broadcast
Example: ARP Request message, DHCP DISCOVER Message.

Multicast
Example: Multicast Windows Deployment Services (WDS) OS deployment traffic, IP TV

Anycast
Example:  Used in DNS query.

https://techiemaster.wordpress.com/2016/08/15/what-is-unicast-broadcast-multicast-anycast/
[PC1] with IP address 192.168.1.6
ping to another computer [PC2] whose IP address is 192.168.1.1
 do not know PC2 MAC address and without MAC address we cannot send any packet
Check existing ARP on PC1
arp –a in command line to see existing ARP entry.
Delete ARP entry
arp –d command in command line
execute arp –a to make sure ARP entries have been deleted
ping 192.168.1.1
before sending ICMP request packet there was ARP Request and ARP reply packet exchanges
 PC1 got MAC address of PC2 and able to send ICMP packet
PC1 should send broadcast ARP request and PC2 should send unicast ARP reply
ARP request to get the MAC address of PC2.

ARP reply is sent by PC2 after receiving ARP request
arp –a in command line to see existing ARP entry.

Gratuitous ARP: When a system gets an IP address after that system is free to send a gratuitous ARP informing the network that I have this IP. This is to avoid IP conflict in same network.
Proxy ARP: when one device sends an ARP request and gets an ARP reply but not form the actual device. That means somebody sends ARP reply on behave of original device. It’s implemented for security reason.
https://linuxhint.com/arp_packet_analysis_wireshark/

ARP probe (collision detection) and ARP announce (Gratuitous ARP)
Before a host starts using IP address offered by DHCP server a host should check if this address is not in use by some other host. It is done by ARP probing. An ARP probe is an ARP request that has:
– non-zero Target Protocol Address and Source Hardware Address
– zero Source Protocol Address and Target Hardware Address


Frame 1272: 42 bytes on wire (336 bits), 42 bytes captured (336 bits) on interface 0
Ethernet II, Src: 90:61:ae:fd:41:43, Dst: Broadcast (ff:ff:ff:ff:ff:ff)
Address Resolution Protocol (request)
    Hardware type: Ethernet (1)
    Protocol type: IPv4 (0x0800)
    Hardware size: 6
    Protocol size: 4
    Opcode: request (1)
    Sender MAC address: 90:61:ae:fd:41:43
    Sender IP address: 0.0.0.0
    Target MAC address: 00:00:00:00:00:00
    Target IP address: 192.168.0.80
A host sends 3 such ARP probes and, if there is no reply, a host can starts using this address along with announcing this by sending an ARP announce (Gratuitous ARP). ARP announce has:
– non-zero Source Hardware Address and zero Target Hardware Address
– non-zero (Source Protocol Address and Target Protocol Address) and (Source Protocol Address is equal to Target Protocol Address)
An ARP announce is sent to L2 broadcast address.
Frame 1911: 42 bytes on wire (336 bits), 42 bytes captured (336 bits) on interface 0
Ethernet II, Src: 90:61:ae:fd:41:43, Dst: Broadcast (ff:ff:ff:ff:ff:ff)
Address Resolution Protocol (request/gratuitous ARP)
    Hardware type: Ethernet (1)
    Protocol type: IPv4 (0x0800)
    Hardware size: 6
    Protocol size: 4
    Opcode: request (1)
    [Is gratuitous: True]
    Sender MAC address: 90:61:ae:fd:41:43
    Sender IP address: 192.168.0.80
    Target MAC address: 00:00:00:00:00:00
    Target IP address: 192.168.0.80

https://yurmagccie.wordpress.com/2018/04/18/address-resolution-protocol-arp/


  • Dynamic Host Configuration Protocol (DHCP) is an application layer protocol used to distribute network configuration parameters, such as IP addresses, subnet masks, default gateways, etc. to hosts on a TCP/IP network.

1. A DHCP client sends a broadcast packet (DHCPDiscover) to discover DHCP servers on the network.

2. The DHCP server receives the DHCPDiscover packet and respond with a DHCPOffer packet, offering IP addressing information to the DHCP client.

3. If there is more than one DHCP server on the network segment and the DHCP client receives more than one DHCPOffer packets, the client will accept the first DHCPOffer packet. The DHCP client responds by broadcasting a DHCPRequest packet, requesting network parameters from the DHCP server.

4. The DHCP server approves the lease with a DHCPACK (Acknowledgement) packet. The packet includes the lease duration and other configuration information.

DHCP uses a well-known UDP port number 67 for the DHCP server, and the UDP port number 68 for the client.
 
https://geek-university.com/ccna/dynamic-host-configuration-protocol-dhcp/

The Server responds with a DHCP Offer (unicast), however if there are many offers from a different DHCP Servers the client accepts the first offer.the offer from the DHCP Server is not an assurance that the IP address will be allocated to the client


The client sends DHCP Request (Broadcast) that it has accepted the offered IP and it implicitly declines other offers from other servers if any. 


Analysis of DHCP Offer packets in wireshark

The Client IP address is still 0.0.0.0. 

This means that IP address has not been assigned to the DHCP Client. 

The destination IP address is 255.255.255.255 which means DHCP request is also broadcasted 

The IP address that is offered from DHCP Server to DHCP Client is 192.168.43.182



Analysis of DHCP ACK packets in wireshark





The DHCP messages are sent via UDP.


the link-layer (e.g., Ethernet) address of the host?

client is offered 192.168.1.10 by the DHCP server. The offer message contains the DHCP address offered by the server
 there is no relay agent between the host and the DHCP server
the value that indicates there is no relay agent is 0.0.0.0
the purpose of the router and subnet mask lines in the DHCP offer message
  • The subnet mask line tells the client which subnet mask to use.
  • The router line indicates where the client should send messages by default.

offered the IP address 192.168.1.110 in the offer message, client sent back a message further requesting that specific IP address

The purpose of lease time is to tell the client how long they can use the specific IP address assigned by the server before they will have to be assigned a new one.
  • The purpose of the release message is to release the IP address back to the server.
  • There is no verification that the release message has been received by the server.
  • If the message is lost, the client releases the IP address, but the server will not reassign that address until the clients lease on the address expires.

  • Discover: 0.0.0.0/255.255.255.255
  • Offer: 192.168.1.1/255.255.255.255
  • Request: 0.0.0.0/255.255.255.255
  • ACK:192.168.1.1/255.255.255.255

  • 192.168.1.1 
    • the IP address of  DHCP server
A host uses DHCP to obtain an IP address, among other things. But a host’s IP address is not confirmed until the end of the four-message exchange

1. Begin by opening the Windows Command Prompt application. As shown in Figure 1, enter “ipconfig /release”.

2. Start up the Wireshark packet sniffer, as described in the introductory Wireshark lab and begin Wireshark packet capture.

3. Now go back to the Windows Command Prompt and enter “ipconfig /renew”. This instructs your host to obtain a network configuration, including a new IP address. In Figure 1, the host obtains the IP address 192.168.1.108

4. Wait until the “ipconfig /renew” has terminated. Then enter the same command “ipconfig /renew” again.

5. When the second “ipconfig /renew” terminates, enter the command “ipconfig/release” to release the previously-allocated IP address to your computer.

6. Finally, enter “ipconfig /renew” to again be allocated an IP address for your computer.

7. Stop Wireshark packet capture.

https://maxwellsullivan.wordpress.com/2013/04/07/wireshark-lab-9-dhcp/
at
Labels: ,

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)