Sunday, April 25, 2010

iPad and DHCP

I started wondering about the iPad and DHCP after noticing in my router's log files that the iPad was pretty chatty; re-associating with the AP really often even when sleeping. Here is about 40 minutes' worth of router logs, and notice the iPad associates with the AP every minute or so (I replaced my MAC address with "iPad" here):

[INFO] Sun Apr 25 14:39:52 2010 Lease 192.168.0.109 renewed by client "iPad"
[INFO] Sun Apr 25 14:39:52 2010 Wireless system with MAC address "iPad" associated
[INFO] Sun Apr 25 14:38:52 2010 Lease 192.168.0.109 renewed by client "iPad"
[INFO] Sun Apr 25 14:38:52 2010 Wireless system with MAC address "iPad" associated
[INFO] Sun Apr 25 14:37:51 2010 Lease 192.168.0.109 renewed by client "iPad"
[INFO] Sun Apr 25 14:37:51 2010 Wireless system with MAC address "iPad" associated
[INFO] Sun Apr 25 14:36:51 2010 Lease 192.168.0.109 renewed by client "iPad"
[INFO] Sun Apr 25 14:36:51 2010 Wireless system with MAC address "iPad" associated
[INFO] Sun Apr 25 14:35:51 2010 Lease 192.168.0.109 renewed by client "iPad"
[INFO] Sun Apr 25 14:35:50 2010 Wireless system with MAC address "iPad" associated
[INFO] Sun Apr 25 14:34:50 2010 Lease 192.168.0.109 renewed by client "iPad"
[INFO] Sun Apr 25 14:34:50 2010 Wireless system with MAC address "iPad" associated
... more of the same ...
[INFO] Sun Apr 25 14:03:10 2010 Lease 192.168.0.109 renewed by client "iPad"
[INFO] Sun Apr 25 14:03:10 2010 Wireless system with MAC address "iPad" associated
[INFO] Sun Apr 25 14:03:01 2010 Lease 192.168.0.109 renewed by client "iPad"
[INFO] Sun Apr 25 14:03:01 2010 Wireless system with MAC address "iPad" associated
[INFO] Sun Apr 25 14:02:01 2010 Lease 192.168.0.109 renewed by client "iPad"
[INFO] Sun Apr 25 14:02:01 2010 Wireless system with MAC address "iPad" associated
[INFO] Sun Apr 25 14:01:53 2010 Lease 192.168.0.109 renewed by client "iPad"
[INFO] Sun Apr 25 14:01:53 2010 Wireless system with MAC address "iPad" associated
[INFO] Sun Apr 25 14:00:53 2010 Lease 192.168.0.109 renewed by client "iPad"
[INFO] Sun Apr 25 14:00:53 2010 Wireless system with MAC address "iPad" associated

The really scary thing about this is the iPad was asleep, sitting on the charger for all but the last 10 minutes or so of this log. So it appears to be chatting up the network even when you're not using it.

I ran a network sniffer from another machine to capture broadcast traffic on the wireless LAN which backed up what I saw in the router log; I have a DHCP request and acknowledgment about every minute, as well as a bunch of ARP traffic. This is the sequence that was repeated every minute:


Time        Source        Destination           Protocol Info
35.434182   0.0.0.0       255.255.255.255       DHCP     DHCP Request  - Transaction ID "iPad"
35.440707   192.168.0.1   255.255.255.255       DHCP     DHCP ACK      - Transaction ID "iPad"
35.441587   "iPad"        Broadcast             ARP      Who has 169.254.255.255?  Tell 192.168.0.109
35.442794   "iPad"        Broadcast             ARP      Gratuitous ARP for 192.168.0.109 (Request)
35.533334   "iPad"        Broadcast             ARP      Gratuitous ARP for 0.0.0.0 (Request)
35.793304   "iPad"        Broadcast             ARP      Who has 169.254.255.255?  Tell 192.168.0.109
36.194540   "iPad"        Broadcast             ARP      Who has 169.254.255.255?  Tell 192.168.0.109
36.444386   "iPad"        Broadcast             ARP      Who has 192.168.0.1?  Tell 192.168.0.109
36.595654   "iPad"        Broadcast             ARP      Who has 169.254.255.255?  Tell 192.168.0.109
41.468674   "iPad"        Broadcast             ARP      Who has 192.168.0.2?  Tell 192.168.0.109


Now a normal DHCP request has 4 packets: discover, offer, request, and acknowledgment (or 'ack'). A DHCP renewal just uses the last two: the request and the ack. There's something fishy about this, though:

  1. For a DHCP renewal it is common to send my request packet to the DHCP server I've been using; that is, the first packet should be to 192.168.0.1, not to the broadcast address 255.255.255.255.
  2. One interesting item in the ARP requests is that the iPad looks for address 169.254.255.255, which is reserved as an "autoconfiguration" address for devices that cannot be configured using DHCP. Why would it be looking for that address if it had processed the DHCP acknowledgment?
  3. I think the iPad must have seen the DHCP acknowledgment because it looks for the DNS servers, 192.168.0.1 and 192.168.0.2, listed in the DHCP ack. How else would it be interested in those specific IP addresses?
  4. This could be a WiFi association problem instead of strictly DHCP-related; if it were aware that it was still on my network it wouldn't need to send a DHCP renewal for 12 hours, since my lease times are set up for 24. Why is it re-associating every minute and sending a fresh DHCP request? Is it because it doesn't know it has a lease, or because it doesn't know what network it is attached to? I think it could be either.
  5. If the machine associates to a new wireless access point (or doesn't realize it is on the same network), there's a good reason for it to send out a DHCP request packet (though honestly I think it should be starting over at 'discover' if it doesn't know where it is) - it could be that sending the request packet to the broadcast address was an attempt to workaround some problem with renewals on the same network versus requests on a new network.

This is all a mystery to me, but I will say I think there's something odd going on with the network interface on the iPad. The next step is to setup a wireless access point with a sniffer onboard to see if I can see not only the broadcast traffic, but any direct communication between the router and the iPad as well. I welcome comments from people who may know more than I do about DHCP, the iPad, or wireless networking.

Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)