DHCP The complete traffic runs on UDP User Datagram Protocol (OSI Layer 4)
· Client broadcast: asks for IP address
· In the network trace you see a call from 0.0.0.0 to 255.255.255.255
· Runs on port 67 UDP
· DHCP server response including IP address for client
· Runs on port 68 UDP
· Acknowledgement (ack) of the client to the server
· Client requests server ack
· Acknowledgement of the IP ownership of the client
This DHCP handshake has nothing to do with PXE at this point. PXE stands for pre-boot execution environment and is a rather old technology. It is in-deph defined and documented by Intel:
PXE does not come with a dedicated boot protocol. It is simply DHCP packets extended with additional DHCP options. It’s formerly known as the bootstrap protocol. If a PXE-enabled network card sends out an DHCP discover package, it will add DHCP option 60, which includes the string “PXEClient:Arch:xxxxx:UNDI:yyyzzz”. Then it waits for DHCP offers.
It will only respond if it gets a DHCP offer including option 60 which means: I am PXE capable and able to send out boot server and boot file information.
The DHCP offer can be splitted into two independent packages, coming from different servers. The DHCP server can send out the DHCP offer containing the clients IP address and the PXE server can send out the DHCP offer containing the option 60.
The PXE client will wait for all needed information up to 60 seconds. DHCP Discover will be retried four times. The four timeouts are 4, 8, 16 and 32 seconds respectively. If the client gets the offer within this timeout, it will proceed with the DHCP request. If not, it will stop with a PXE-MOF error.
(DHCP and PXE service run on different machines)
· Client broadcast asking for IP address and PXE-capable DHCP service
· DHCP discover package contains option 60
· DHCP discover uses port 67 UDP
· Reply of the DHCP server containing IP address offering on port 68 UDP
· Reply of the DHCP or PXE server containing option 60
· Client broadcast, ready to acknowledge IP address and boot server (port 67 UDP)
· Server broadcast, acknowledge clients IP address and lease (port 68 UDP)
· Client unicast request for options 66 (boot server) and option 67 (bootstrap file) (port 4011 UDP)
· Unicast addresses server which offered option 60
· Server ack from PXE server including options 66 and 67
Start of the bootstrap file download using TFTP (UDP 69 and UDP high level ports)
Screenshot: normal PXE boot
You can see in the screenshot that:
· DHCP offers come from two different machines (.2 is the DHCP, .1 is the PXE host)
· The last 2 steps run using unicast