Let’s Talk about DHCP & DORA process

How does a computer know what it’s IP configuration is?

  • Most likely, a computer received its IP configuration from a DHCP server.
  • Not only did the server give the PC an IP address, but it also told the PC where the default gateway is and also give information about the DNS server.
  • A computer will receive its IP configuration in one of two ways statically or dynamically.
  • The administrator assigns an IP number and subnet mask to each host(computer) in the network. each network interface that is going to be available to connect to the network requires this information
  • The administrator assigns the default gateway and DNS server location to each host in the network
  • Each time a change is made like a new default gateway is established each IP configuration on each host must be updated
  • Static assigning works fine for very small offices
  • The administrator configures a DHCP server to handle the IP address assigning process which automates the process.
  • The DHCP server listens on a specific port for IP information requests
    once it receives a request the DHCP server responds with the required information.

Let’s Talk About DORA Process

  • The client (computer/host) sends out a DHCP Discover message to find out the DHCP server.
  • DHCP discover message is a layer 2 broadcast as well as a layer 3 broadcast.
Fields in DHCP Discover Message:
Src IP : 0.0.0.0
Dst IP : 255.255.255.255:67 (UDP port 67)
Src MAC : clients(computer/host) MAC address
Dst MAC : FF:FF:FF:FF:FF:FF
  • DHCP server receives the DHCP discover a message from the client(computer/host) and sends back the DHCP offer message with field information as below:
Src IP  : DHCP Server IP Address
Dst IP : 255.255.255.255
Still Broadcast as Client still has no IP Address
Src MAC : MAC Address of DHCP Server
Dst MAC : DHCP clients(computer/host) MAC address

The offer packet is sent to the MAC address of the computer using UDP port 68

  • DHCP client(computer/host) receives the DHCP offer from the DHCP server and sends back a DHCP Request message with the following fields
Src IP  : 0.0.0.0 
Dst IP : 255.255.255.255
Src MAC : DHCP clients(computer/host) MAC address
Dst MAC : FF:FF:FF:FF:FF:FF

Requesting the proper IP configuration

  • Once the DHCP client sends the request to get the Offered IP address, the DHCP server responds with an acknowledge message to the DHCP client(computer/host) with the below fields
Src IP  : DHCP Server IP Address
Dst IP : 255.255.255.255
Src MAC : MAC Address of DHCP Server
Dst MAC : DHCP clients MAC address

Upon receipt of the acknowledgment packet, the PC changes its IP configuration to reflect the information received

Components & Processes of DHCP

  • PC sends discovery packet to 255.255.255.255:67
  • DHCP sends the offer packet to the PC’s MAC address on port 68
  • The administrator configures the IP address range with one that is available to be handed out.
  • Administrator reserves specific IP addresses to be handed out to specific MAC addresses these are used for devices that should always have the same IP address (servers and routers)
  • Configuration parameters are only good for a specified amount of time

Thank you for reading.

Pursuing M. Tech. in Cyber Security and Incident Response. #LoveToPlayCTF #infosec #cybersecurity