Introduction
Every device on a network needs an IP address to communicate. You could assign those addresses manually, but that does not scale. DHCP, the Dynamic Host Configuration Protocol, solves this by automatically handing out IP addresses and other network configuration details to devices as they join the network.
It is one of those protocols that works silently in the background, but understanding it is important both for network administration and for security.
What DHCP Provides
When a device connects to a network and gets an IP address from DHCP, it receives more than just the address. A typical DHCP response also includes the subnet mask, the default gateway, and the IP addresses of DNS servers. All of this is enough for the device to start communicating on the network and reaching the internet.
The DORA Process
DHCP follows a four-step process often called DORA: Discover, Offer, Request, and Acknowledge.
It starts with a Discover message. When a device first connects and has no IP address yet, it broadcasts a DHCP Discover packet to the entire network. Since it does not know its own IP or the server's IP, both source and destination are special values, the source is 0.0.0.0 and the destination is the broadcast address 255.255.255.255.
Any DHCP server that hears this responds with an Offer. The server picks an available IP address from its pool and sends it back to the client, still using broadcast since the client has no address yet. The offer includes the proposed IP, the lease duration, and other configuration options.
The client picks one offer (there could be multiple DHCP servers on the network) and sends a Request back, also broadcast, to tell the chosen server it would like that address. Broadcasting the request also informs other DHCP servers that their offers were not chosen, so they can return those addresses to their pools.
Finally, the server sends an Acknowledge confirming the lease. At this point the client configures its network interface with the assigned address and is ready to communicate.
Client -> DHCP Discover (broadcast)
Server -> DHCP Offer (broadcast)
Client -> DHCP Request (broadcast)
Server -> DHCP Acknowledge (broadcast)Leases and Renewals
DHCP addresses are not permanent. They are leased for a set period of time, configured on the server. Before the lease expires, the client will attempt to renew it by contacting the DHCP server directly with a unicast Request. If the server is available and the address is still available, it renews the lease. If the lease expires without renewal, the address goes back into the pool and can be assigned to someone else.
This is why devices on a network can end up with different IP addresses across sessions. It is also why relying on IP addresses alone to identify a device is not always reliable.
DHCP and Security
Because DHCP is unauthenticated, it is vulnerable to a few attacks. A rogue DHCP server attack involves an attacker setting up their own DHCP server on the network. When clients broadcast Discover packets, the rogue server can respond first with a crafted Offer that points to a malicious default gateway or DNS server, effectively redirecting all traffic through the attacker.
DHCP starvation is another attack where an attacker floods the network with Discover requests using spoofed MAC addresses, exhausting the DHCP pool so that legitimate devices cannot get addresses.
Most managed switches can mitigate these with DHCP snooping, which restricts which ports are allowed to send DHCP responses.
Static vs Dynamic Addressing
Not everything on a network uses DHCP. Servers, printers, and network equipment often get static IP addresses assigned manually, so that their addresses never change. This is important for devices that other systems need to find reliably, a DNS server or a file server should not show up at a different IP every morning.
In practice, most networks use a mix. End-user devices get dynamic addresses from DHCP, while infrastructure devices are statically configured or assigned fixed addresses through DHCP reservations tied to their MAC address.
Conclusion
DHCP is one of those foundational protocols that makes modern networks manageable at scale. The four-step DORA process, the concept of leases, and the security implications of an unauthenticated broadcast-based system are all worth understanding. Once you know how addresses get assigned, a lot of other networking behaviour starts to click into place.