Understanding DHCP

  1. dhcp
  2. domains
  3. dns

Dns is the protocol that helps with converting domain/hostnames to ip addresses. This has a huge network of servers, separated into several layers like the root servers, tld servers, authority servers, etc. And this huge layered architecture forms a crucial backbone of the internet.

But equally important to resolving names to IP is the task of assigning IP's to several machines inside a network.

Understanding DHCP reveals a lot of quirks of IP.

The problem dhcp solves

DNS is a domain name resolver. DHCP is for dynamically configuring IPs within a network.

The interesting DHCP handshake

The DHCP handshake starts with a request to the broadcast address of the network from the device requesting the ip configuration. Since this is sent to the broadcast address, because the requester does not know the address of the router, This is aptly called the DISCOVER request. The device, along with requesting the IP, also requests other configuration information like:

  • dns server
  • proxy conf
  • subnet mask,
  • gateway

And many more

After this the Server responds with an available IP and the other requested information. Note that at this stage the requester has not yet been assigned an IP.\ So even though at layer 3 the packet is addressed to the offered IP address, the packet is routed based on the information present in the frame (the mac address).

This is the OFFER request. This request also contains information about the dhcp server, it's server IP.\ One would expect that now it would be easy to communicate to the server directly rather than sending another broadcast message, but no!\

Even though the requester now has the IP address of the server, it sends another REQUEST request, to the broadcast IP, requesting to finally accept this information.\ It again sends most of the import information from the DISCOVER request and the server information from the received OFFER request.

Finally the server sends an acknowledgement about the request the data received.\ The Ip is then assigned and the local dns records are then updated with the hostname of the requester's device.

Few questions on the back of my head

  • What happens if there are multiple dhcp servers in the network?
  • how can one exploit this to take control over the network ips, since they are created by intercepting broadcast request
  • how does the dhcp server decide the lapse time for the issues IP and what happens when that time elapses?
  • What happens when the hostname is different in the discover and offer request? Because if not handled correctly, some other device can over ride the hostname of an ip associated to some other mac address, hence making it inaccessible via dns within the network

Potential future project to answer most of these

  • Run wireshark and intercept the requests for when trying to connect to something served from a local domain (i.e hostname., generally, .local or .home.local)
  • try to create a dhcp server using something like libcurl
  • Read more and play around with the requested parameter lapse time