Terms of Use For FixedByVonnie

By proceeding to access fixedByVonnie.com, you expressly acknowledge, and agree to, all of the following:

fixedByVonnie.com is a personal website and blog owned by Security Plus Pro LLC, which is being presented for informational purposes only. The views on this website are solely those of the website owner (and not those of any employer or of any professional associations affiliated with the website owner).  Any views expressed in this website and any information presented on this website, or in any of its blog entries, should not be relied on for any purpose whatsoever other than as the personal opinions of the website owner.  The website owner expressly disclaims any and all liability for any information presented on this site.  The owner of this website and its blog posts shall not be held liable, and shall be held harmless, for any errors or omissions in any information or representations contained in this website, or in any of its blog entries.  The website owner also expressly disclaims any liability for the current or future availability of any such information. The website owner makes no representations as to the accuracy or completeness of any information on this website or which may be found by following any link on this website. The website owner shall not be held liable for any losses, injuries, damages, claims, or causes of action, from the display or use of any information on this website or in any of its blog entries. If you use the information on this website, or on any of its blog entries, you do so solely at your own risk.

DHCP - fixedByVonnie


DHCP is like Costco and Walt Disney.  Almost everyone has heard of it!  We all know that DHCP is the magic that dishes out IP addresses to our computers.  And we know that DHCP just works.  But how does it really work?

I’m all about the why.  When I was kid I bet I importuned my parents by inundating them with “Why’s”.

  • Me: “Dad, why is the sky blue?”
  • Dad: “Because that’s the way God made it.”
  • Me: “Why?”
  • Dad: “He has his own purposes”
  • Me: “Why?”
  • Dad: “Oh my gosh… stop already!”


A day in the life of DHCP

When a DHCP client wakes up in the morning the first thing it does is flood the local area network.  The machine says, “Hey I can’t do anything without an IP address.  Are there any servers out here that can give me an IP address?  A default gateway would be nice too.”

The DHCP server on my local subnet is a Cisco router named R1.  Let’s configure it real fast:

DHCP server


Alright, now that we have that out of the way, let’s check out how DHCP works.

DHCP Discover

I started up my Windows 8.1 PC this morning, and since it doesn’t have a static IP address, it asked everyone on the network for a DHCP server.  Technically, the machine sends out a layer 2 broadcast frame to all hosts in the local subnet.  This is called a DHCP Discover because it’s trying to find a DHCP server.

The source MAC address is set to the DHCP client and the destination MAC is FF:FF:FF:FF:FF:FF which means: “send this thing out to everyone in my broadcast domain”.

DHCP Discover

So every device gets the frame and starts peeling back the upper layers of the frame.  Each computer, printer, PC, and smartphone on the local subnet says, “Hmm, I’ve got this interesting frame what’s this all about? Let’s look at layer 3”

DHCP Discover at Layer 3

Since the DHCP client doesn’t have an IP address yet, the source address is set to and the destination address is which means the packet isn’t bound for a specific device.  It’s asking for something but that question is located at layer 4.

So each computer, printer, PC and smartphone on the local subnet checks out the layer 4 stuff.

At layer 4, you’ll see the DHCP UDP segment went to port 67.  So all the devices that aren’t listening on UDP port 67 discard the frame.  Only the DHCP server is listening on this port so it’s the only device that should respond.

DHCP Discover at Layer 4

So the first part of the DHCP process, a DHCP Discover frame is injected into the network.

DHCP Offer

In the second part, the server listening on UDP port 67, sends a DHCP segment to the client.  The segment includes a bunch of settings for that client.  These are known as DHCP Options and usually include stuff like the client IP address, lease time and renewal time.

In the packet capture below you can see the server is offering the client  If you scrolled down the option list you would see an option for the subnet mask and a few other things too.

The DHCP Lease Time is how long the DHCP client should be allowed to use the IP address.  We don’t want to permanently assign the IP address to every DHCP client that connects to the network or else that would eventually starve the DHCP pool from dishing out IP addresses.

So each client gets a lease that expires after a certain amount of time.  It’s usually 86,400 seconds (1 day) but can be anything the DHCP server admin configured.

The other option I should mention is the DHCP Renewal Time Value.  When this value is reached the client will automatically renew its lease.  It’s like leasing a car and then mid-way through your lease you decide you want to extend the car lease.  The Renewal Time is just a way to tell the DHCP server “Hey, I’m still here actively using this IP Address, please don’t assign it out”

DHCP offer

DHCP Request

So the client says:

Heck yeah, I’ll take that IP address!

DHCP request


And the server says:

Have at it!

So with the request acknowledged, it dishes out the first valid IP address.


Check it out!

My PC grabbed

DHCP source

The amazing thing is that this Discover, Offer, Request, ACK thing is just four packets and it happens in less than a second.  You can remember it like this:

DORA the Explorer.

Image credit NickJR

Reservations and Scopes

Before we wrap up, I should mention that DHCP also lets you do reservations.  You can tell a printer to use a DHCP server and add the MAC address of the printer to the server.  That way your printer will always get the same IP address.  So when the printer sends a DHCP Offer to the server it’ll look at the layer 2 MAC address and assign it an IP address that won’t change.  It’s almost liek a static address but it a little different because you’re using DHCP to assign that address.

If you ever heard about DHCP scopes just think about streets.

DHCP scopes are streets.

In other words, if you have one scope for that means you’ve defined a pool of address for all hosts on the 10.0.0 street.  Remember the /24 bit mask tells us the first 24 bits belongs to the street (the network) and the last 8 bits belong to the house (the host number).

The Bottom Line

DHCP is awesome.  It just works.  And for that reason most people don’t bother to see what happens behind the scenes.  But you know me – I’m curious and always looking to understand how things work – so I hope this little post helped!


Connect with Vonnie on Twitter

Posted in Linux, Mac OS X 10.10 Yosemite, Mac OS X 10.8 Mountain Lion, Mac OS X 10.9 Mavericks, Windows, Windows 10, Windows 7, Windows 8, Windows 8.1, Windows Vista, Windows XP Tagged with: ,