Sujith's Library

Appearance

Dynamic Host Configuration Protocol (DHCP)

The Dynamic Host Configuration Protocol (DHCP) is an application-layer protocol that automates the process of assigning IP addresses and other network configurations to devices.

This enables "plug-and-play" networking, greatly reducing administrative overhead. DHCP operates over UDP, using port 67 for the server and port 68 for the client.

The DORA Process

DHCP uses a four-step discovery and assignment process known as DORA:

  1. Discover: A client without an IP address broadcasts a DHCP Discover message to find any available DHCP servers on the network. Since the client has no IP, this message is sent to the broadcast address 255.255.255.255.

  2. Offer: All DHCP servers that receive the discover message may respond with a DHCP Offer message, proposing an IP address and other configuration parameters. A client will typically select the first valid offer it receives.

  3. Request: The client formally requests the offered configuration from the selected server by broadcasting a DHCP Request message.

  4. Acknowledge (ACK): The selected server finalizes the assignment, records the lease, and sends a DHCP ACK message to the client, confirming the IP address assignment.

Key Features and Concepts

  • It reduces administrative overhead and enables plug-and-play networking.

  • DHCP Supports both dynamic and static IP allocation and also provides additional configuration like subnet mask, default gateway, DNS server, lease time.

  • IP Leasing: Addresses are "leased" only for a specific duration, not assigned permanently. For continuous connectivity, clients must renew or rebind their lease with the DHCP server before it expires.

  • DHCP Relay agent: In larger networks, a DHCP relay agent can be configured on a router. This agent forwards DHCP requests from a local subnet to a centralized DHCP server on a different network, allowing one server to manage many subnets.

  • Security: DHCP is inherently insecure and vulnerable to attacks like rogue DHCP servers and IP address starvation. In enterprise environments, security features like DHCP snooping are often used on switches to mitigate these risks.

  • Common Use Cases: DHCP is a fundamental service in nearly all modern networks, including LANs, Wi-Fi networks, and enterprise and ISP environments.

Network Address Translation (NAT)

Network Address Translation (NAT) is a technique that allows multiple devices in a private network to share a single public IP address to access the Internet. Its primary function is to conserve the limited supply of IPv4 addresses. NAT effectively hides the internal network structure from the Internet, acting as a single device externally.

Typically deployed in SOHO (small office/home office) networks where the NAT router gets its public IP via DHCP from the ISP and runs a DHCP server internally to assign private IPs.

Private IP's range from 10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16, these have meaning only within the local network and cannot be routed over the global internet.

A NAT-enabled router maintains a translation table that maps private IP and port to public IP and port to manage connections.

  • Outgoing Packets: When a device on the private network sends a packet, the NAT router replaces the private source IP and port with its own public IP and a new, unique source port. It records this mapping in its NAT translation table. It enables over 60,000 simultaneous connections through port differentiation.

  • Incoming Packets: When a reply arrives at the router's public IP address, it uses the destination port to look up the internal mapping in its NAT table. It then rewrites the destination IP and port back to the original private values and forwards the packet to the correct device internally.

Criticism

Despite its widespread use, NAT is controversial because:

  • It forces a Layer 3 device (router) to process Layer 4 information (ports).

  • It breaks the end-to-end principle of the Internet by modifying packet headers in transit.

  • Misuses transport layer ports for host-level addressing.

  • It makes it difficult for external devices to initiate connections to devices behind a NAT, complicating peer-to-peer (P2P) applications and some online games.

Internet Control Message Protocol (ICMP)

The Internet Control Message Protocol (ICMP) is a network-layer support protocol used by hosts and routers to communicate error messages and network status information. ICMP messages are encapsulated directly within IP datagrams and treated as payload.

Each ICMP message contains a Type and a Code field to specify its meaning. Error messages also include the header and first 8 bytes of the IP datagram that caused the error.

Common Uses and Message Types

ICMP is essential for network diagnostics and error reporting and is the foundation for common tools:

  • ICMP enables tools to Diagnose path issues, identify unreachable hosts and Measure round-trip time.

  • Ping (Testing Reachability): The ping command sends an ICMP Echo Request (Type 8) message. If the destination is reachable, it responds with an Echo Reply (Type 0).

  • Traceroute (Mapping Routes): The traceroute command works by sending UDP packets with increasing TTL values.

    • Routers along the path discard the packets when TTL reaches zero and send back an ICMP Time Exceeded (Type 11) message.

    • The final destination host replies with an ICMP Port Unreachable (Type 3, Code 3) message.

  • Error Reporting: Destination Unreachable (Type 3) is a general-purpose message used to report various issues, such as a non-existent host or a blocked port.

Made with ❤️ for students, by a fellow learner.

© 2025 Sujith.