Skill Name: 0.0.0.0 Principle
Skill Content: Although the 0.0.0.0 is an invalid IP address, in a DHCP environment, the 0.0.0.0 IP address are very often be captured.
Skill Description:
We can not assign the IP address 0.0.0.0 to a network device for a static IP address. However, in a DHCP network environment, a new booting up device(host) does not have an useful IP address. This new device(host) needs a DHCP server to assign a dynamic IP address to the new booting device(host). The DHCP server will listen to UDP Port 67 and a DHCP client will use UDP-68.
Therefore, in a DHCP network environment, we can capture a 'DHCP discover' packet that source IP address is 0.0.0.0 as well as destination IP address is 255.255.255.255. The DHCP server would send back a DHCP response packet called 'DHCP offer'. After the previous reaction, this DHCP behavior will perform a 'DHCP request' packet to that new device(host) and get back a 'DHCP ACK' from the new device also.
In the previous booting behavior, both 'DHCP discover' packet and 'DHCP request' packet are sent by a new device(host) with 0.0.0.0 IP address. So that we can capture a lot of this network traffic from an office network in a general morring.
For cyber security, the 0.0.0.0 IP address only matches the following status normally.
- (A) In booting behavior, the 'DHCP discover' packet and 'DHCP request' packet will use 0.0.0.0 IP address.
- (B) The DHCP booting behavior uses broadcast packets also so that the sender must use UDP Protocol with Port 67, 68.
NSPA suggested display filter of Wireshark:
dhcp
Online Course: https://youtu.be/Vy3p3V0Q2A4
Analytical Example: https://www.hugediamond.net/shop
------------------------------------------------------------------------
Extent Information:
Español: Aunque 0.0.0.0 es una dirección IP no válida, en un entorno DHCP, la dirección IP 0.0.0.0 se captura con mucha frecuencia.
Franch: Bien que 0.0.0.0 soit une adresse IP invalide, dans un environnement DHCP, l'adresse IP 0.0.0.0 est très souvent capturée.
German: Obwohl 0.0.0.0 eine ungültige IP-Adresse ist, wird die 0.0.0.0-IP-Adresse in einer DHCP-Umgebung sehr oft erfasst.
Chinese: 雖然 0.0.0.0 是一個無效的 IP 地址,但在 DHCP 環境中,0.0.0.0 IP 地址經常被捕獲。
Japanese: 0.0.0.0は無効なIPアドレスですが、DHCP環境では、0.0.0.0IPアドレスがキャプチャされることがよくあります。
Vietnamese: Mặc dù 0.0.0.0 là địa chỉ IP không hợp lệ, nhưng trong môi trường DHCP, địa chỉ IP 0.0.0.0 rất thường được ghi lại.
Thai(Siamese): แม้ว่า 0.0.0.0 จะเป็นที่อยู่ IP ที่ไม่ถูกต้อง แต่ในสภาพแวดล้อม DHCP แต่ที่อยู่ IP 0.0.0.0 มักถูกดักจับ
Indonesian: Meskipun 0.0.0.0 adalah alamat IP yang tidak valid, dalam lingkungan DHCP, alamat IP 0.0.0.0 sangat sering ditangkap.
Malay: Walaupun 0.0.0.0 adalah alamat IP yang tidak sah, dalam persekitaran DHCP, alamat IP 0.0.0.0 sangat kerap ditangkap.
Myanmar: 0.0.0.0 သည်အကျုံးမ ၀ င်သော IP address တစ်ခုဖြစ်သော်လည်း DHCP ပတ်ဝန်းကျင်တွင် 0.0.0.0 IP address ကိုမကြာခဏဖမ်းယူသည်။
