Skip to content

DHCP - Dynamic Host Configuration Protocol

Some protocols move data.
DHCP gives devices the address to do so.
It is not about transmission. It is about configurations assigning IPs, gateways, and DNS settings automatically.

What this page covers

  • What DHCP is and what it does
  • How it fits into the TCP/IP stack
  • Where its data comes from
  • How it is structured and used
  • How it can be abused or defended
  • Tools I use to explore it

This page is my reference for understanding DHCP as a configuration protocol, a network initializer, and a potential attack surface.

What DHCP Actually Is

DHCP is a protocol used to automatically assign IP addresses and other network settings to devices.
It allows clients to join a network without manual configuration.

DHCP is used by:

  • Routers and switches
  • Desktop and mobile devices
  • Virtual machines
  • IoT hardware

It is essential for scalable and dynamic network environments.

How DHCP Lives in the TCP/IP Stack

  • OSI Layer: Application Layer (Layer 7)
  • Transport: UDP
  • Port 67 for server
  • Port 68 for client
  • Flow:
  • Client broadcasts a DHCPDISCOVER
  • Server responds with DHCPOFFER
  • Client sends DHCPREQUEST
  • Server confirms with DHCPACK

DHCP uses broadcast messages and does not require a prior connection.

Where DHCP Data Comes From

DHCP data is generated by:

  • Client devices requesting configuration
  • DHCP servers responding with settings
  • Network administrators defining scopes and options

The data includes IP addresses, subnet masks, gateways, DNS servers, and lease durations.

How DHCP Works

  • Lease process:
  • Discover → Offer → Request → Acknowledge

  • Client receives an IP and configuration for a limited time

  • Options:

  • DNS servers
  • Default gateway
  • Domain name
  • Boot server and file name (for PXE booting)

DHCP simplifies network setup and supports dynamic environments.

DHCP and Security

DHCP can be abused in several ways:

  • Rogue DHCP servers: assigning malicious configurations
  • DHCP starvation: exhausting available IPs
  • Man-in-the-middle: redirecting traffic via fake gateways
  • Information leakage: exposing internal network structure

Defenses include:

  • DHCP snooping on switches
  • Static IP reservations for critical devices
  • Monitoring for unauthorized DHCP servers
  • Limiting broadcast domains

Tools I Use to Explore DHCP

dhclient

  • Request IP configuration manually
  • Example: dhclient eth0

tcpdump

  • Capture DHCP traffic
  • Example: tcpdump -i eth0 port 67 or port 68

nmap

  • Detect DHCP servers
  • Example: nmap --script broadcast-dhcp-discover

These tools help me understand how DHCP assigns addresses, how it can be monitored, and how it can be abused or defended.

Final Thought

DHCP is a handshake.
It does not carry data, but it gives devices the ability to do so.
It is the protocol of identity, of automation, and of trust.

This page is my study of that handshake.
Not just how DHCP works, but how it can be secured, abused, and understood.