DHCP

DHCP (Dynamic Host Configuration Protocol) automatically gives a device an IP address and other network settings (gateway, DNS, subnet mask…) so humans don’t have to type them in. It’s what your phone/laptop uses when it “gets an IP” from a school router.

1) The DHCP 4-step handshake (simple flow)

When a device (client) joins the network and needs network settings, a short conversation happens:

DHCPDISCOVER — Client: “Is there a DHCP server out there? I need an IP.” (broadcast)
DHCPOFFER — Server: “Here’s an offer: IP X.Y.Z.W for T seconds; here’s gateway, DNS, etc.” (broadcast or unicast)
DHCPREQUEST — Client: “I accept that offer — please assign IP X.Y.Z.W to me.” (broadcast so all servers know)
DHCPACK — Server: “Assigned. Use it for T seconds.” (or DHCPNAK if something went wrong)

And then the client uses its IP. Before the lease expires it will typically renew (REQUEST → ACK) to keep the same IP. You can memorize this workflow with the name DORA (Discover, Offer, Request, Acknowledge)

2) Where do DHCP messages travel (packet layering)?

DHCP runs on top of UDP, which runs on IP, which runs on Ethernet on most LANs. Important ports:

UDP port 67 = DHCP server
UDP port 68 = DHCP client

So on the wire you typically see: Ethernet frame → IP packet → UDP datagram → BOOTP/DHCP payload

3) What’s inside a DHCP packet? (fields you’ll actually see)

DHCP is an extension of BOOTP. The main fields (briefly explained) you’ll see in the DHCP/BOOTP payload:

op (1 byte) — 1=request, 2=reply
htype (1) — hardware type (1 = Ethernet)
hlen (1) — hardware address length (6 for MAC)
hops (1) — relay agent hops (usually 0)
xid (4) — transaction ID (random number to match request/response)
secs (2) — seconds since client started trying (optional)
flags (2) — e.g., broadcast flag
ciaddr (4) — client IP (if already has one)
yiaddr (4) — “your” IP (the IP the server assigns)
siaddr (4) — next server IP (rare)
giaddr (4) — gateway IP if relayed through DHCP relay agent
chaddr (16) — client hardware (MAC) address (first 6 bytes used)
sname (64) — server host name (optional)
file (128) — boot file name (PXE/boot clients)
options (variable) — DHCP options: message type, lease time, router, DNS, subnet mask, server identifier, etc.

DHCP fields in the network packet shown as boxes with their approximate sizes:

4) Important DHCP options (what clients care about)

Common options inside the options section:

DHCP Message Type (discover/offer/request/ack) — tells what kind of DHCP packet it is.
Subnet Mask — which addresses are on local network.
Router (default gateway) — where to send traffic destined for other networks.
Domain Name Server (DNS) — IPs clients use to resolve hostnames.
IP Address Lease Time — how long the client can keep the IP.
Server Identifier — IP of the DHCP server that sent the offer.
Renewal/Rebinding times — when client should renew the lease.

These are encoded as TLV (type, length, value) in the options field.

5) What DHCP messages look like on the wire

DHCPDISCOVER (Client → Broadcast)

Ethernet:
- dst = ff:ff:ff:ff:ff:ff (broadcast)
- src = client MAC
IP:
- src = 0.0.0.0 (client doesn’t yet have IP)
- dst = 255.255.255.255 (broadcast)
UDP:
- src port = 68
- dst port = 67
DHCP payload:
- op = 1 (request)
- xid = 0x3903F326 (example transaction ID)
- chaddr = client’s MAC
- options: 53 = DHCP Message Type: DISCOVER

DHCPOFFER (Server → Client, may still broadcast)

Ethernet:
- dst = ff:ff:ff:ff:ff:ff (broadcast) OR client MAC (if known)
- src = server MAC
IP:
- src = server IP (e.g., 192.168.1.1)
- dst = 255.255.255.255 or client IP if known
UDP:
- src port = 67
- dst port = 68
DHCP payload:
- op = 2 (reply)
- xid = 0x3903F326 (same as client’s DISCOVER!)
- yiaddr = 192.168.1.100 (offered IP)
- options:
  - 53 = DHCP Message Type: OFFER
  - 1 = Subnet Mask: 255.255.255.0
  - 3 = Router: 192.168.1.1
  - 6 = DNS Server: 8.8.8.8
  - 51 = Lease Time: 3600 sec

DHCPREQUEST (Client → Broadcast)

Ethernet:
- dst = ff:ff:ff:ff:ff:ff (broadcast so all servers see it)
IP:
- src = 0.0.0.0 (still no IP assigned yet)
- dst = 255.255.255.255
UDP:
- src port = 68
- dst port = 67
DHCP payload:
- op = 1 (request)
- xid = 0x3903F326 (same transaction ID)
- options:
  - 53 = DHCP Message Type: REQUEST
  - 50 = Requested IP Address: 192.168.1.100
  - 54 = Server Identifier: 192.168.1.1

(This is how the client says: “I’ll take that specific offer from that specific server.”)

DHCPACK (Server → Client)

Ethernet:
- dst = client MAC (now direct unicast possible)
IP:
- src = server IP (192.168.1.1)
- dst = 192.168.1.100 (the client’s new IP)
UDP:
- src port = 67
- dst port = 68
DHCP payload:
- op = 2 (reply)
- xid = 0x3903F326 (matching transaction ID)
- yiaddr = 192.168.1.100 (confirmed assigned IP)
- options:
  - 53 = DHCP Message Type: ACK
  - 1 = Subnet Mask: 255.255.255.0
  - 3 = Router: 192.168.1.1
  - 6 = DNS Server: 8.8.8.8
  - 51 = Lease Time: 3600 sec

At this point, the client configures its interface with 192.168.1.100/24, sets default gateway to 192.168.1.1, and can start normal IP communication.

6) Common gotchas

A client that already has an IP will use ciaddr (client IP) and may renew by sending REQUEST directly to the server (unicast) if it knows the server.
If a DHCP server is behind a router, networks use a DHCP relay agent which fills giaddr so the server knows the client’s subnet.
DHCP runs over broadcast initially because the client doesn’t have an IP yet.
Multiple DHCP servers: when client broadcasts a REQUEST it does so in a way that tells other servers which offer it accepted — the other servers withdraw their offers.