October 9th, 2004, 08:08 PM
I use an internet cable connection. While running my sniffer, i found some interesting ip broadcast packets from my ISP. Each packet contained the name of an induvidual (string). I found that these broadcasts occured after regular intervals.The source port is 67(bootps) and destination port is 68 (bootpc). Does anyone have any idea of what's going on ??.
October 11th, 2004, 02:34 PM
That sounds like DHCP request and answering packets. They'd be broadcast probably from the actual DHCP server out to machines looking for addresses.
Google Search to help you out.
October 12th, 2004, 02:53 AM
That would be my guess. But, without actually seeing the capture we can only guess.
More than likely, its just you're ISP's DHCP server.
I don't know why they'd do this though... I thought the client is supposed to look for the DHCP server... not the server look for DHCP clients... But excuse my ignorence... I'll have to do some reading up on it. I've rarely use DHCP on a network... I find it easier or more organized to just assign static IPs. Except for mobile users... then I just assign based on MAC address... which is still "static" in a way. The same MAC always gets the same IP from the DHCP server... wow... its amazing how easily I can just mumble on and on with my thoughts... its sad, I know.
Ah, knew I wasn't going crazy...
DHCP Lease Stages
1. Lease Request - The client sends a broadcast requesting an IP address
2. Lease Offer - The server sends the above information and marks the offered address as unavailable. The message sent is a DHCPOFFER broadcast message.
3. Lease Acceptance - The first offer received by the client is accepted. The acceptance is sent from the client as a broadcast (DHCPREQUEST message) including the IP address of the DNS server that sent the accepted offer. Other DHCP servers retract their offers and mark the offered address as available and the accepted address as unavailable.
4. Server lease acknowledgement - The server sends a DHCPACK or a DHCPNACK if an unavailable address was requested.
AFAIK... Bootp works in a similar way...
Maybe you're ISP is sending a request for an IP address... why don't you give them one and see what happens?
A packet capture would really be nice at this point.
is a firefox extension that gives you stats on how long you have quit smoking, how much money you\'ve saved, how much you haven\'t smoked and recent milestones. Very helpful for people who quit smoking and used to smoke at their computers... Helps out with the urges.