November 4, 2025 • 29 mins
Ever wonder how your phone grabs an IP address the instant you join Wi‑Fi? We break down the invisible handshake that makes it happen: DORA. From discovery to acknowledgement, we map each step of the DHCP exchange, explain lease timers, and show how networks hand out addresses at scale without stepping on their own toes. Along the way, we share practical stories from classrooms, offices, and coffee shops that turn abstract packets into clear mental models.
We go deeper than definitions. You’ll learn how scopes shape address pools, why reservations keep printers stable, and how APIPA exposes broken paths with 169.254.x.x clues. In segmented environments, relays and the GIADDR field become the traffic cops that steer requests to the right subnet; misconfigure them and clients get stranded. Security gets real too: rogue DHCP can poison DNS, starvation floods can exhaust pools, and well‑meaning mesh gear can become a second server. We detail protective moves like DHCP snooping, port security, and rate limiting, plus how snooping’s binding tables feed stronger Layer 2 defenses.
Resilience matters, so we unpack failover strategies—hot standby, load balancing, and legacy split scopes—and the rich set of DHCP options that deliver DNS, NTP, TFTP, and VoIP boot settings. We also tackle IPv6 with a sober lens: where SLAAC fits, when DHCPv6 is still essential, and why economics slow change even as IPv4 addresses remain scarce. If you support users, we hand you a troubleshooting playbook: spot APIPA, check relays, expand scopes, and use ipconfig release/renew to solve issues methodically and ace help desk interviews.
If this helped you see the network with new eyes, tap follow, share with a teammate, and leave a quick review. Got a DHCP puzzle or a rogue gear story? Send it our way and we might feature it next time.
Interviews with Tech Leaders and insights on the latest emerging technology trends.
Listen on: Apple Podcasts Spotify
Art By Sarah/Desmond
Music by Joakim Karud
Little chacha Productions
Juan Rodriguez can be reached at
TikTok @ProfessorJrod
ProfessorJRod@gmail.com
@Prof_JRod
Instagram ProfessorJRod
Mark as Played
Transcript
Episode Transcript
Available transcripts are automatically generated. Complete accuracy is not guaranteed.
SPEAKER_01 (00:28):
And welcome to Technology Tap.
I'm Professor J.
Rod in this episode DHCP, theinvisible handshake of the
internet.
Let's tap in the code.
(01:12):
I'm your host, Professor J.
Rod, and today we're diving intothe protocol that quietly
assigns every device andidentity on the network, DHCP,
or dynamic host configurationprotocol.
Every time you connect yourlaptop, your phone joins Wi-Fi
or your Xbox goes online.
DHCP is silently at work,handing out IP addresses,
(01:35):
gateways, and DNS settings sothat everything just works.
You never see it, you nevertouch it.
But without DHCP, every newdevice will be like a car with
no license plate, unable to moveon the information highway.
So let's pull back the curtainsand take a deep detailed journey
through how DHCP works, why isit essential, and how to
(01:56):
troubleshoot it like a pro.
So let's first start off withthe definition.
DHCP, Dynamic CodesConfiguration Protocol, is a
network service thatautomatically assigns IP address
and other network configurationparameters, like subnet mass,
default gateway, and DNS serversto devices on a network.
It operates on applic on theapplication layer or layer 7 of
(02:19):
the OSI model and uses UDP port67 on the server side and 68 on
the client side.
Without DHCP, every device willrequire manual static
configuration, a nightmare inenvironments with hundreds or
thousands of hosts.
So this is the example that Ilike to give my students.
(02:40):
Right?
You get invited to a party.
Usually I pick one of thestudents.
I tell one of the students, hey,you invited me to a party in
your house, and I'm crazy enoughto accept.
And when I get there, I want toget on the internet.
Right?
The two things that I need toget on the internet from the
person is their username andpassword of the Wi-Fi.
(03:00):
What I need on my device is theMAC address and an IP address.
Well, how do I get the IPaddress?
Right?
This is where DHCP comes in.
DHCP is what handles that.
So imagine a college campus,each day thousands of students
connect their laptops and phonesto Wi-Fi.
(03:22):
DHCP dynamically assigns eachdevice a unique IP and returns
it to the pool when theydisconnect, keeping the network
efficient.
DHCP evolves from boot P, abootstrap protocol in the early
90s.
Boot P would assign IPs butrequire a manual entry for every
MAC address.
DHCP automated that process,adding leases and automatically
(03:45):
renewals.
Why does DHCP matter?
It simplifies configuration forlarge networks, presents IP
conflicts, enables portabilityfor devices, roaming laptops,
phones, IoT, and allows centralmanagement of IP address ranges
called scopes.
DHCP is the unsung hero of thenetwork, consistently handing
(04:10):
out digital address faster thanany human could.
Now, DHCP magic happens througha simple four-way handshake
called Dora, short for discover,offer, request, acknowledge,
right?
So when I put in that usernameand password on my phone, this
(04:31):
four-way handshake happensbetween my device and your
device.
So when a client first connects,it has no IP address, it sends a
broadcast message saying, Hey,any DHCP server out there, I
need an address.
This message includes theclient's MAC address, a random
(04:53):
transaction ID, and optionalparameters at once like DNS or
gateway.
Right?
This happens every time.
DHCP then offers any availableDHCP DHCP server that hears this
broadcast responds with anoffer, a unicast or broadcast
packet containing a proposed IPaddress to your the your IP
(05:17):
field, least duration, subnetmask, gateway, or DNS options.
So for example, here's an IPaddress 192.168.1.105 with a
gateway of 192.168.101.
The third step, the R and Dora,is the DHCP request.
The client chooses one offer ifmultiple servers reply and
(05:39):
broadcasts a request saying,Yes, I like to accept the offer
from 192.168.1.1.
And then DHCP acknowledged the Aand Dora.
The server confirms anacknowledgement or ACK.
It logs the lease in itsdatabase, binding the IP address
to the client's MAC address fora defined time, the lease
(05:59):
period, like apartment lease.
It's lease like an apartmentlease.
Results the client now has avalid IP, subnet, mask, gateway,
and DNS, and it's fully online.
And it's how quickly it happens,right?
It happens really quick.
So when you join a coffee shop,Wi-Fi, your phone broadcasts a
Discover, the cafe routerreplies with an offer, your
(06:21):
phone requests that address, andthe router acknowledges,
assigning you an IP from itspool.
Within milliseconds, you areonline sipping lattes and
streaming podcasts, liketechnology tab.
Each DHCP lease includes anexpiration time typically
measured in hours or days.
So let's break down how thelease are managed.
(06:43):
Lease stages.
One, bound.
The client has an active lease.
Two, renewal.
At 50% of the lease time, theclient unicasts a request to
renew.
Rebinding.
At 87.5% of the lease, theclient broadcasts a new request
if no reply was received.
And expires if the lease fullyexpires, the client releases the
(07:05):
IP and must start Dora again.
So the example again that I liketo give to the students about
the lease cycle is we're in theparty, we're having a good time.
Then we run out of soda, and youask me, Hey professor, can you
go to the bodega and get a soda?
Pepsi, Coca-Cola, Dr.
Pepper.
(07:26):
So I go to the Bodega, right?
Go to the Bodega, go to theCorner Bodega, talk to the
Bodega guy, play with the Bodegacat because you know there's
always a bodega cat, get thesodas, and then go back to the
party.
Now my question is, do I have tore log in again to your to your
router, to your network usingthe username and password you
(07:48):
gave me?
No.
Am I going to have the same IPaddress that I had before I left
to go to the bodega?
Yes, I will have the same IPaddress.
So here's another example.
24-hour release renewsautomatically after 12.
If the server is down, theclient tries again at 21 hours.
(08:08):
And if still no replies, itreleases and restarts Dora.
Now, if a DHCP fails completely,Windows assign itself and a PIPA
address, which is in the rangeof 19, it starts with
169.254.0.0.
So it's anything between169.254.0.0 and 169.254.255.255.
(08:34):
This allows limited localcommunication but no internet
access.
So if you see 169.254 whateveron your laptop, you know DHCP is
either unavailable or it's beenmisconfigured.
Then we have scope.
Scope is a defined range of IPaddress that a DHCP server can
(08:55):
hand out.
So for example, you want tostart, you want to hold 0
through 99.
You want you can start at 100.
So you can say, hey, starting at192.168.1.100 and 192.168.1.199,
these are the IPs I want to giveout.
Excuse address within the scopeof that server that must not be
(09:17):
assigned.
Of course, the router, which isusually 192.168.1.1, right?
Reservation, a permanent IPassignment link to a device MAC
address.
You can do that too.
That way it's you put it inmanually, it's static, it never
changes.
A printer, right?
Is an example, you might keep itthe same, not change it.
(09:38):
Router, servers, right?
If you have a managed switch,probably want to keep it the
same.
So in the small businesses,server and printers use
reservations while users' laptopuse dynamic.
You don't need to put manuallyon the workstations.
Makes no sense.
Workstation doesn't really itdoesn't really matter.
Right?
You can put any IP on theworkstations, it doesn't matter.
(10:00):
So you let the DHCP do do that.
Printers, routers, servers, youwant to do it manually.
DHCP requests are broadcast, butthey don't cross routers.
In multiple VLAN environments,though, this is a problem.
Clients in a VLAN 20 can't reacha DHCP server in a VLAN 10.
(10:21):
So the solution, and we did thisin my networking class this
week, is a relay agent, usuallya router, that forwards the DHCP
request to the server on behalfof the client.
It adds a key piece of info, thegig address or the gateway IP
address field.
Gitter tells the DHCP server,and that's spelled G-I-A-D-D-R,
(10:43):
which subnet the requestoriginated from, so it knows
which scope to use.
So, example, if you have a VLAN10, right, you want to use the
router that starts with10.10.10.1.
If you have a VLAN 20, just forstudents, let's say you want to
start with a 10.10.20.1.
The server sees the GIADDR andassigns it from the right poll.
(11:06):
If it's missing or wrong,clients may get the wrong subnet
or no address at all.
(11:37):
What are the DHCP securitythreats?
One rogue DHCP servers,attackers plugging in an
unauthorized router or laptop,handing out bogus IP address,
gateways, or DNS servers,results, traffic hijacking, or
denial of internet access.
And I've seen this.
Well, I haven't seen it thatthey did it.
(12:00):
But not all rogue, not all DHCPservers are rogue, right?
Like, well, I guess they can be.
But I had one job where theybrought in a wireless router and
they plugged it in into thenetwork because the company was
so cheap that they didn't want,everybody had wireless, but we
(12:22):
did not.
So they snuck in a wirelessrouter and they hooked it onto
the network.
And they nobody noticed that allthe techs were bringing in their
personal laptops to watchNetflix.
unknown (12:34):
Right?
SPEAKER_01 (12:35):
That's when Netflix changed to streaming.
Nobody realized that the thetechs, oh yeah, why is everybody
bringing in that personallaptops to work?
Nope, nobody.
Nobody knew.
But it was because that.
That I guess they must haveconfigured it right.
But if you could configure itwrong, that could hang out, that
could give out IPs.
Also, that wireless router.
(12:56):
So, and you believe nobody gotfired for that?
And they only find out becausethey fired one of the guys.
One of the guys got fired and heratted everybody out.
And he got fired.
Well, allegedly.
Allegedly.
Right?
Allegedly, rat everybody out.
Yeah, it was it was big newsback then.
Alright, mitigation.
(13:16):
Enable DHCP snooping onswitches.
It classifies ports as trustedor untrusted.
Untrusted port can send DHCPrequests, but not offers.
DHCP starvation is threat numbertwo.
Attackers flood fake DHCPrequests using random Mac
addresses, exhausting allavailable IP addresses.
(13:37):
Legitimate clients can'tconnect.
Use port security to limit Macsper port, rating limiting, rate
limiting, and DHCP snooping withbinding tables.
And in data theft via rogue DNS.
A rogue DHCP server can hand outmalicious DNS settings,
redirecting users to phishingsites.
Always validate gateway and DNSinfo on suspicious networks.
(14:02):
Advanced DHCP failoverredundancies and options.
Two servers share leaseinformation modes, hot standby,
one active, one passive backup,and low balance both active
50-50 split.
Split scopes, older method, twoservers share one range, 80% on
(14:22):
A, 20% on B.
Used before formal failoverprotocols exist.
DACP options, DHCP can sendadditional configuration
options, gateway, DNS, domainnames, network time, protocol
server, TFTP boot server andfile, and VoIP for phones.
(14:43):
DACP version 6.
IPv6 eliminates the need forNAT, and that's another network
address translation.
That's another podcast.
That's for another podcast.
But still requires it will stillrequire configuration
automation.
When is IPv6 coming?
Who knows?
I've been hearing it for 15years.
(15:06):
I suspect one big reason ismoney, and the other big reason
is if everything is working, whydo we need to change it?
Because it's gonna cost money.
So the first reason is money,and the second reason is money,
I think.
You know, we ran out of IPs along time ago and we developed
this public private publicprivate addressing schema that's
(15:29):
still working, right?
Again, that's for anotherepisode, right?
The I'll explain the publicprivate, but and it's working,
so yeah, we ran out of the weran out of IPs, guys.
We ran out of IP addresses yearsago, and we're still using this
method, and it's working, andyou know, I'm sure there's
(15:52):
reasons to change it, but themain reason not to change it is
money.
So IPv6 will eliminate the needfor all that.
So there's two bolts (16:00):
the stateless address auto
configuration, clientself-assigned address from a
router advertisement.
No DHCP server will be needed,and DHCP version 6 stateful
server assigns IPv6 addressesand options like DNS and domain.
They use port number 546 for theclient and 547 for the server.
(16:24):
Enterprise might use statelessaddress auto configuration for
addressing, but DHCP version 6for DNS, combining both methods.
So troubleshooting DHCP.
Here's some symptoms and fixes.
So if you have an IP addressthat's 169.254.x.x, that means
(16:46):
DHCP is unavailable.
Check relay, server, or cable.
You would want to ask the personif it's just happening to you or
it's happening to everybodyelse, because that's going to be
very important question to ask.
Wrong subnet IPs, GI A D D R ismisconfigured.
Correct helper address on therouter or the server.
(17:10):
Slow network joints, pullexhaustion, expand the scope or
shorten the lease.
Dedicated IPs, rogue server,sorry, duplicate IPs, rogue
server, enhance the TP Snoopy,and server not responding,
UDP67, port 6768 blocked, adjustfirewalls.
(17:30):
Now, one thing about DHCP,right?
So let's get back to the party,right?
So we're at the party, right?
I go to the bodega, come back, Idon't have to log in.
But if I leave and this personis telling me, well, in three
months or four months, I'm gonnahave another party and I want
you to come.
And when I go back, do I have tolog in again?
(17:53):
With the or would itautomatically log me in?
What do you think?
Well, the answer is depends.
If they didn't change anything,i.e., get a new router, right,
configure, get a new usernameand password, I don't have to do
anything.
On my end, if I didn't get a newphone, right, if my phone is the
(18:15):
same one, we should be fine.
And I didn't restart it or resetit or or reprogrammed it in any
way, it should be fine in threemonths.
Would I get the same IP address?
Probably not.
Probably not.
So, because imagine, right?
This is how it works.
You have 2,000 people at agraduation ceremony at at a
college.
2,000 students are graduating.
(18:36):
Each student brings in twodevices, right?
Average.
So there's 4,000 IP addressesthat they use.
Once they graduate and theyleave and they never come back,
what happens to those IPaddresses?
Well, they get recalled becauseof the lease, they get recalled
back, right?
And then usually universitieshave it like a day.
(18:58):
Some have two, but it's usuallya day.
And and at home, it's a coupleof days, sometimes a week.
It's depending on the on yourISP, how your ISP sets it up.
You can actually change it ifyou go inside your router.
Do you know how to go insideyour router?
If you don't know how to goinside your router, you open up
a browser and you type192.168.1.1, hit enter, and it
(19:22):
and it will it'll pop up.
Either 192.168.1.1 or192.168.0.1.
Now, some of them you may get anerror, like some kind of
message.
I'll bring mine up.
It says your connection is notprivate, right?
You may get that.
When you type 192.168.1.1, itsays your connection is not
(19:43):
private.
Just hit the advanced key, andthen it's gonna say the server
cannot approve that 192.168.1.1.
Its security certificate is nottrusted.
Proceed, you hit proceed.
It says unsafe.
It'll say unsafe, but youproceed, you click it, and you
should see your ISP.
It should say for Verizon, itwill be log into network
(20:03):
settings.
So then you log in and thenyou'll be able to get into your
router.
That's one way of doing it.
So, all right.
Another thing that I like to sayabout DACP is if you remember
when we go back, if somebodycalls you and they say, Hey, I
was able to log in, but I haveno internet and no email.
(20:24):
And you know, you see that theyhave a 169-254 IP address, you
ask them if anybody else aroundthem is having the same problem.
If they are, then it's theserver.
Then you need to go to the DACPserver, you're probably gonna
need to reboot it.
But if it's one person, if it'sone person that's having this
(20:45):
problem, I'm gonna give you theanswer, but I'm going to give
you the interview answer, right?
Rebooting will probably fix thisissue, right?
Once you reboot, the Dora willhappen again, the four-away
handshake, and they will get anIP address.
Most likely, this will fix it.
(21:05):
You say that in an interview,they're going to shake your hand
and they're going to tell you,thank you for coming, have a
nice day.
When you go on an interview andthey ask you that question, you
don't say, Oh, I'll reboot thecomputer.
No, even though rebooting is theright answer, it's weird.
They want you to tell them howyou would do it.
(21:25):
And how you would do it is youwill go into the command line
and type IPconfig space slashrelease, hit enter and Ipconfig
space slash renew.
So what Ipconfig space slashrelease does, it it releases the
(21:48):
IP address or any IP addressthat they have.
And then the renewal does theDora, the four-way, the four-way
handshake.
That is the answer that you givein an interview.
You do not, you know, you gointo the command line and you do
IP config space forward slashrelease, enter, and then Ip
(22:09):
config space forward slashrenew.
That does the four-wayhandshake, that does the Dora,
that gets them an IP address.
You should be fine.
You should try it, but justletting you know it's gonna
probably kick you off yournetwork and then put you back
on.
But that that's most likely ifyou're applying for a help desk
technician job, that's theanswer that you have to give
(22:32):
them.
If you don't give them thatanswer, they will just give you
a nice little handshake and theysay, Thank you for coming.
Have a nice day.
And this is also part of the Aplus exam.
Come T A Plus, they ask you thisquestion's always in there, and
some iteration of it, it's inthere somewhere.
So, you know, again, that'sthese are the things, these are
(22:53):
the things that you that youlike to know.
This is actually one of myfavorite topics, DCP, because
you ask the student, well, howdo you get an IP address?
How do I get an IP address on myphone?
How do I get an IP address on mycomputer?
If I go to your house, how do Iget an IP address?
How does it how does this thisis a process, right?
It's not a somosis that ithappens.
(23:14):
There is something behind thescenes that happens when you
hit, you know, when you click ashis username and password,
something happens when you hitenter, right?
It's the Dora, it's the youknow, the reservations, it's the
lease, it's the scope, it's allthis that it's involved in order
for you to get an IP address.
I find it fascinating that thisis how it works, right?
(23:38):
People think they know computersuntil they know computers.
Until I I bring this topic up,and they tell me, oh, I never
knew that.
So DHCP is one of the oldest,yes yet one of the most critical
services in modern networking.
It gives lives to every newdevice, allowing millions of
(23:58):
endpoints to coexist smoothly,and it's not just about
automation, it's about trust,reliability, and scalability.
If you don't have DHCP now, likewhy?
You have to put everythingmanually and you have to keep
track of every IP that you use.
If not, you're gonna getduplicate IPs, and duplicate IPs
is no bueno, right?
(24:19):
You can't have two devices havethe same IP and be on at the
same time.
That's not gonna work.
That would not work.
So all right.
Uh let's see.
Do I have questions?
I do have questions.
Let's do it.
Which of the following correctlylists the DHCP message sequence?
(24:40):
A offer, discover, request,acknowledge, b, discover, offer,
request, acknowledge, c request,offer, discourage, acknowledge,
or D, discover, acknowledge,request, offer.
I'll read it again.
Which of the following correctlylist the DHCP message sequence,
the four-way handshake.
A offer, discover, request,acknowledge, B.
(25:01):
Discover, offer, request,acknowledge, C, request, offer,
discover, acknowledge, or D,discover, acknowledge, request,
and offer.
Well, if you were listening tohow I described it, it's Dora.
So it's B.
Right?
Discover, offer, requestacknowledgement.
The four message handshakebetween the client and the
(25:21):
server.
Which network features preventsrogue DHCP servers from handing
out address?
A dynamic ARP inspection, B DHCPsnooping, C IP helper address,
or D radius authentication.
Which network feature preventsrogue DHCP servers from handing
(25:41):
out addresses?
A dynamic ARP inspection, B DHCPsnooping, C IP helper address,
or D radius authentication?
Well, the answer is B, DHCPsnooping.
DACP Snooping defines trustedversus untrusted ports and
blocks DHCP server traffic fromuntrusted ports, stopping rogue
(26:02):
servers.
And again, one thing that I wantto add about rogue servers, it
could be like you gotta bereally, really careful.
Like for example, those e rowsthat Amazon sells, right?
You have to configure them acertain way because those e rows
will give out IPs if you let it.
You have to switch it to bridgemode.
(26:22):
And if you switch it to bridgemode, then your router passes
through those e rows and givethe IPs to the device.
So, for example, if you have theway I have it set up is I have
uh like 100 feet cable comingout of the back of my router,
one going upstairs, one goingdownstairs, and one going into
(26:43):
the backyard.
And they connected to switches,which are then connected to e
rolls.
E-E-R-O-S, the Amazon sellsthem.
So the E-Rolls, they give outthe IP address.
So I had to go in there andmanually configure it to be
bridged.
So what happens is it takes thename of, you know, I give it a
(27:06):
wireless name, right?
And then when let's say the TVplugs is looking for the
internet, the smart TV, itattaches to the Eero.
The Eero sends a message to therouter saying, Hey, I need an IP
address, and then it sends itback to the Eero, and the Eero
passes it to the TV.
(27:26):
So I can get Wi-Fi upstairs,even though my and then I get
300 meg wireless upstairs anddownstairs and in the backyard
because of the eero.
And I have them connected to theswitch.
That helps.
Connecting them to a switchhelps.
All right.
Wow, that was a lot.
(27:46):
This is um like I said before,DACP is one of my favorite
topics.
Um, I love teaching it becauseit the students have never heard
of it.
So, all right, that's it.
For me, I'm Professor J-Rodd.
Keep learning, stay connected,and keep tapping into
(28:07):
technology.
This has been a presentation ofLittle Chacha Productions, art
by Savra, music by Joe Kim.
We're now part of the Pod MatchNetwork.
You can follow me at TikTok atProfessor J Rod at J R O D, or
(28:29):
you can email me at Professor JRod Jr.
at gmail.com, I'm gonna go tothe back.
And welcome to Technology Tap.
I'm Professor J.
Rod in this episode DHCP, theinvisible handshake of the
internet.
Let's tap in the code.
(01:12):
I'm your host, Professor J.
Rod, and today we're diving intothe protocol that quietly
assigns every device andidentity on the network, DHCP,
or dynamic host configurationprotocol.
Every time you connect yourlaptop, your phone joins Wi-Fi
or your Xbox goes online.
DHCP is silently at work,handing out IP addresses,
(01:35):
gateways, and DNS settings sothat everything just works.
You never see it, you nevertouch it.
But without DHCP, every newdevice will be like a car with
no license plate, unable to moveon the information highway.
So let's pull back the curtainsand take a deep detailed journey
through how DHCP works, why isit essential, and how to
(01:56):
troubleshoot it like a pro.
So let's first start off withthe definition.
DHCP, Dynamic CodesConfiguration Protocol, is a
network service thatautomatically assigns IP address
and other network configurationparameters, like subnet mass,
default gateway, and DNS serversto devices on a network.
It operates on applic on theapplication layer or layer 7 of
(02:19):
the OSI model and uses UDP port67 on the server side and 68 on
the client side.
Without DHCP, every device willrequire manual static
configuration, a nightmare inenvironments with hundreds or
thousands of hosts.
So this is the example that Ilike to give my students.
(02:40):
Right?
You get invited to a party.
Usually I pick one of thestudents.
I tell one of the students, hey,you invited me to a party in
your house, and I'm crazy enoughto accept.
And when I get there, I want toget on the internet.
Right?
The two things that I need toget on the internet from the
person is their username andpassword of the Wi-Fi.
(03:00):
What I need on my device is theMAC address and an IP address.
Well, how do I get the IPaddress?
Right?
This is where DHCP comes in.
DHCP is what handles that.
So imagine a college campus,each day thousands of students
connect their laptops and phonesto Wi-Fi.
(03:22):
DHCP dynamically assigns eachdevice a unique IP and returns
it to the pool when theydisconnect, keeping the network
efficient.
DHCP evolves from boot P, abootstrap protocol in the early
90s.
Boot P would assign IPs butrequire a manual entry for every
MAC address.
DHCP automated that process,adding leases and automatically
(03:45):
renewals.
Why does DHCP matter?
It simplifies configuration forlarge networks, presents IP
conflicts, enables portabilityfor devices, roaming laptops,
phones, IoT, and allows centralmanagement of IP address ranges
called scopes.
DHCP is the unsung hero of thenetwork, consistently handing
(04:10):
out digital address faster thanany human could.
Now, DHCP magic happens througha simple four-way handshake
called Dora, short for discover,offer, request, acknowledge,
right?
So when I put in that usernameand password on my phone, this
(04:31):
four-way handshake happensbetween my device and your
device.
So when a client first connects,it has no IP address, it sends a
broadcast message saying, Hey,any DHCP server out there, I
need an address.
This message includes theclient's MAC address, a random
(04:53):
transaction ID, and optionalparameters at once like DNS or
gateway.
Right?
This happens every time.
DHCP then offers any availableDHCP DHCP server that hears this
broadcast responds with anoffer, a unicast or broadcast
packet containing a proposed IPaddress to your the your IP
(05:17):
field, least duration, subnetmask, gateway, or DNS options.
So for example, here's an IPaddress 192.168.1.105 with a
gateway of 192.168.101.
The third step, the R and Dora,is the DHCP request.
The client chooses one offer ifmultiple servers reply and
(05:39):
broadcasts a request saying,Yes, I like to accept the offer
from 192.168.1.1.
And then DHCP acknowledged the Aand Dora.
The server confirms anacknowledgement or ACK.
It logs the lease in itsdatabase, binding the IP address
to the client's MAC address fora defined time, the lease
(05:59):
period, like apartment lease.
It's lease like an apartmentlease.
Results the client now has avalid IP, subnet, mask, gateway,
and DNS, and it's fully online.
And it's how quickly it happens,right?
It happens really quick.
So when you join a coffee shop,Wi-Fi, your phone broadcasts a
Discover, the cafe routerreplies with an offer, your
(06:21):
phone requests that address, andthe router acknowledges,
assigning you an IP from itspool.
Within milliseconds, you areonline sipping lattes and
streaming podcasts, liketechnology tab.
Each DHCP lease includes anexpiration time typically
measured in hours or days.
So let's break down how thelease are managed.
(06:43):
Lease stages.
One, bound.
The client has an active lease.
Two, renewal.
At 50% of the lease time, theclient unicasts a request to
renew.
Rebinding.
At 87.5% of the lease, theclient broadcasts a new request
if no reply was received.
And expires if the lease fullyexpires, the client releases the
(07:05):
IP and must start Dora again.
So the example again that I liketo give to the students about
the lease cycle is we're in theparty, we're having a good time.
Then we run out of soda, and youask me, Hey professor, can you
go to the bodega and get a soda?
Pepsi, Coca-Cola, Dr.
Pepper.
(07:26):
So I go to the Bodega, right?
Go to the Bodega, go to theCorner Bodega, talk to the
Bodega guy, play with the Bodegacat because you know there's
always a bodega cat, get thesodas, and then go back to the
party.
Now my question is, do I have tore log in again to your to your
router, to your network usingthe username and password you
(07:48):
gave me?
No.
Am I going to have the same IPaddress that I had before I left
to go to the bodega?
Yes, I will have the same IPaddress.
So here's another example.
24-hour release renewsautomatically after 12.
If the server is down, theclient tries again at 21 hours.
(08:08):
And if still no replies, itreleases and restarts Dora.
Now, if a DHCP fails completely,Windows assign itself and a PIPA
address, which is in the rangeof 19, it starts with
169.254.0.0.
So it's anything between169.254.0.0 and 169.254.255.255.
(08:34):
This allows limited localcommunication but no internet
access.
So if you see 169.254 whateveron your laptop, you know DHCP is
either unavailable or it's beenmisconfigured.
Then we have scope.
Scope is a defined range of IPaddress that a DHCP server can
(08:55):
hand out.
So for example, you want tostart, you want to hold 0
through 99.
You want you can start at 100.
So you can say, hey, starting at192.168.1.100 and 192.168.1.199,
these are the IPs I want to giveout.
Excuse address within the scopeof that server that must not be
(09:17):
assigned.
Of course, the router, which isusually 192.168.1.1, right?
Reservation, a permanent IPassignment link to a device MAC
address.
You can do that too.
That way it's you put it inmanually, it's static, it never
changes.
A printer, right?
Is an example, you might keep itthe same, not change it.
(09:38):
Router, servers, right?
If you have a managed switch,probably want to keep it the
same.
So in the small businesses,server and printers use
reservations while users' laptopuse dynamic.
You don't need to put manuallyon the workstations.
Makes no sense.
Workstation doesn't really itdoesn't really matter.
Right?
You can put any IP on theworkstations, it doesn't matter.
(10:00):
So you let the DHCP do do that.
Printers, routers, servers, youwant to do it manually.
DHCP requests are broadcast, butthey don't cross routers.
In multiple VLAN environments,though, this is a problem.
Clients in a VLAN 20 can't reacha DHCP server in a VLAN 10.
(10:21):
So the solution, and we did thisin my networking class this
week, is a relay agent, usuallya router, that forwards the DHCP
request to the server on behalfof the client.
It adds a key piece of info, thegig address or the gateway IP
address field.
Gitter tells the DHCP server,and that's spelled G-I-A-D-D-R,
(10:43):
which subnet the requestoriginated from, so it knows
which scope to use.
So, example, if you have a VLAN10, right, you want to use the
router that starts with10.10.10.1.
If you have a VLAN 20, just forstudents, let's say you want to
start with a 10.10.20.1.
The server sees the GIADDR andassigns it from the right poll.
(11:06):
If it's missing or wrong,clients may get the wrong subnet
or no address at all.
(11:37):
What are the DHCP securitythreats?
One rogue DHCP servers,attackers plugging in an
unauthorized router or laptop,handing out bogus IP address,
gateways, or DNS servers,results, traffic hijacking, or
denial of internet access.
And I've seen this.
Well, I haven't seen it thatthey did it.
(12:00):
But not all rogue, not all DHCPservers are rogue, right?
Like, well, I guess they can be.
But I had one job where theybrought in a wireless router and
they plugged it in into thenetwork because the company was
so cheap that they didn't want,everybody had wireless, but we
(12:22):
did not.
So they snuck in a wirelessrouter and they hooked it onto
the network.
And they nobody noticed that allthe techs were bringing in their
personal laptops to watchNetflix.
unknown (12:34):
Right?
SPEAKER_01 (12:35):
That's when Netflix changed to streaming.
Nobody realized that the thetechs, oh yeah, why is everybody
bringing in that personallaptops to work?
Nope, nobody.
Nobody knew.
But it was because that.
That I guess they must haveconfigured it right.
But if you could configure itwrong, that could hang out, that
could give out IPs.
Also, that wireless router.
(12:56):
So, and you believe nobody gotfired for that?
And they only find out becausethey fired one of the guys.
One of the guys got fired and heratted everybody out.
And he got fired.
Well, allegedly.
Allegedly.
Right?
Allegedly, rat everybody out.
Yeah, it was it was big newsback then.
Alright, mitigation.
(13:16):
Enable DHCP snooping onswitches.
It classifies ports as trustedor untrusted.
Untrusted port can send DHCPrequests, but not offers.
DHCP starvation is threat numbertwo.
Attackers flood fake DHCPrequests using random Mac
addresses, exhausting allavailable IP addresses.
(13:37):
Legitimate clients can'tconnect.
Use port security to limit Macsper port, rating limiting, rate
limiting, and DHCP snooping withbinding tables.
And in data theft via rogue DNS.
A rogue DHCP server can hand outmalicious DNS settings,
redirecting users to phishingsites.
Always validate gateway and DNSinfo on suspicious networks.
(14:02):
Advanced DHCP failoverredundancies and options.
Two servers share leaseinformation modes, hot standby,
one active, one passive backup,and low balance both active
50-50 split.
Split scopes, older method, twoservers share one range, 80% on
(14:22):
A, 20% on B.
Used before formal failoverprotocols exist.
DACP options, DHCP can sendadditional configuration
options, gateway, DNS, domainnames, network time, protocol
server, TFTP boot server andfile, and VoIP for phones.
(14:43):
DACP version 6.
IPv6 eliminates the need forNAT, and that's another network
address translation.
That's another podcast.
That's for another podcast.
But still requires it will stillrequire configuration
automation.
When is IPv6 coming?
Who knows?
I've been hearing it for 15years.
(15:06):
I suspect one big reason ismoney, and the other big reason
is if everything is working, whydo we need to change it?
Because it's gonna cost money.
So the first reason is money,and the second reason is money,
I think.
You know, we ran out of IPs along time ago and we developed
this public private publicprivate addressing schema that's
(15:29):
still working, right?
Again, that's for anotherepisode, right?
The I'll explain the publicprivate, but and it's working,
so yeah, we ran out of the weran out of IPs, guys.
We ran out of IP addresses yearsago, and we're still using this
method, and it's working, andyou know, I'm sure there's
(15:52):
reasons to change it, but themain reason not to change it is
money.
So IPv6 will eliminate the needfor all that.
So there's two bolts (16:00):
the stateless address auto
configuration, clientself-assigned address from a
router advertisement.
No DHCP server will be needed,and DHCP version 6 stateful
server assigns IPv6 addressesand options like DNS and domain.
They use port number 546 for theclient and 547 for the server.
(16:24):
Enterprise might use statelessaddress auto configuration for
addressing, but DHCP version 6for DNS, combining both methods.
So troubleshooting DHCP.
Here's some symptoms and fixes.
So if you have an IP addressthat's 169.254.x.x, that means
(16:46):
DHCP is unavailable.
Check relay, server, or cable.
You would want to ask the personif it's just happening to you or
it's happening to everybodyelse, because that's going to be
very important question to ask.
Wrong subnet IPs, GI A D D R ismisconfigured.
Correct helper address on therouter or the server.
(17:10):
Slow network joints, pullexhaustion, expand the scope or
shorten the lease.
Dedicated IPs, rogue server,sorry, duplicate IPs, rogue
server, enhance the TP Snoopy,and server not responding,
UDP67, port 6768 blocked, adjustfirewalls.
(17:30):
Now, one thing about DHCP,right?
So let's get back to the party,right?
So we're at the party, right?
I go to the bodega, come back, Idon't have to log in.
But if I leave and this personis telling me, well, in three
months or four months, I'm gonnahave another party and I want
you to come.
And when I go back, do I have tolog in again?
(17:53):
With the or would itautomatically log me in?
What do you think?
Well, the answer is depends.
If they didn't change anything,i.e., get a new router, right,
configure, get a new usernameand password, I don't have to do
anything.
On my end, if I didn't get a newphone, right, if my phone is the
(18:15):
same one, we should be fine.
And I didn't restart it or resetit or or reprogrammed it in any
way, it should be fine in threemonths.
Would I get the same IP address?
Probably not.
Probably not.
So, because imagine, right?
This is how it works.
You have 2,000 people at agraduation ceremony at at a
college.
2,000 students are graduating.
(18:36):
Each student brings in twodevices, right?
Average.
So there's 4,000 IP addressesthat they use.
Once they graduate and theyleave and they never come back,
what happens to those IPaddresses?
Well, they get recalled becauseof the lease, they get recalled
back, right?
And then usually universitieshave it like a day.
(18:58):
Some have two, but it's usuallya day.
And and at home, it's a coupleof days, sometimes a week.
It's depending on the on yourISP, how your ISP sets it up.
You can actually change it ifyou go inside your router.
Do you know how to go insideyour router?
If you don't know how to goinside your router, you open up
a browser and you type192.168.1.1, hit enter, and it
(19:22):
and it will it'll pop up.
Either 192.168.1.1 or192.168.0.1.
Now, some of them you may get anerror, like some kind of
message.
I'll bring mine up.
It says your connection is notprivate, right?
You may get that.
When you type 192.168.1.1, itsays your connection is not
(19:43):
private.
Just hit the advanced key, andthen it's gonna say the server
cannot approve that 192.168.1.1.
Its security certificate is nottrusted.
Proceed, you hit proceed.
It says unsafe.
It'll say unsafe, but youproceed, you click it, and you
should see your ISP.
It should say for Verizon, itwill be log into network
(20:03):
settings.
So then you log in and thenyou'll be able to get into your
router.
That's one way of doing it.
So, all right.
Another thing that I like to sayabout DACP is if you remember
when we go back, if somebodycalls you and they say, Hey, I
was able to log in, but I haveno internet and no email.
(20:24):
And you know, you see that theyhave a 169-254 IP address, you
ask them if anybody else aroundthem is having the same problem.
If they are, then it's theserver.
Then you need to go to the DACPserver, you're probably gonna
need to reboot it.
But if it's one person, if it'sone person that's having this
(20:45):
problem, I'm gonna give you theanswer, but I'm going to give
you the interview answer, right?
Rebooting will probably fix thisissue, right?
Once you reboot, the Dora willhappen again, the four-away
handshake, and they will get anIP address.
Most likely, this will fix it.
(21:05):
You say that in an interview,they're going to shake your hand
and they're going to tell you,thank you for coming, have a
nice day.
When you go on an interview andthey ask you that question, you
don't say, Oh, I'll reboot thecomputer.
No, even though rebooting is theright answer, it's weird.
They want you to tell them howyou would do it.
(21:25):
And how you would do it is youwill go into the command line
and type IPconfig space slashrelease, hit enter and Ipconfig
space slash renew.
So what Ipconfig space slashrelease does, it it releases the
(21:48):
IP address or any IP addressthat they have.
And then the renewal does theDora, the four-way, the four-way
handshake.
That is the answer that you givein an interview.
You do not, you know, you gointo the command line and you do
IP config space forward slashrelease, enter, and then Ip
(22:09):
config space forward slashrenew.
That does the four-wayhandshake, that does the Dora,
that gets them an IP address.
You should be fine.
You should try it, but justletting you know it's gonna
probably kick you off yournetwork and then put you back
on.
But that that's most likely ifyou're applying for a help desk
technician job, that's theanswer that you have to give
(22:32):
them.
If you don't give them thatanswer, they will just give you
a nice little handshake and theysay, Thank you for coming.
Have a nice day.
And this is also part of the Aplus exam.
Come T A Plus, they ask you thisquestion's always in there, and
some iteration of it, it's inthere somewhere.
So, you know, again, that'sthese are the things, these are
(22:53):
the things that you that youlike to know.
This is actually one of myfavorite topics, DCP, because
you ask the student, well, howdo you get an IP address?
How do I get an IP address on myphone?
How do I get an IP address on mycomputer?
If I go to your house, how do Iget an IP address?
How does it how does this thisis a process, right?
It's not a somosis that ithappens.
(23:14):
There is something behind thescenes that happens when you
hit, you know, when you click ashis username and password,
something happens when you hitenter, right?
It's the Dora, it's the youknow, the reservations, it's the
lease, it's the scope, it's allthis that it's involved in order
for you to get an IP address.
I find it fascinating that thisis how it works, right?
(23:38):
People think they know computersuntil they know computers.
Until I I bring this topic up,and they tell me, oh, I never
knew that.
So DHCP is one of the oldest,yes yet one of the most critical
services in modern networking.
It gives lives to every newdevice, allowing millions of
(23:58):
endpoints to coexist smoothly,and it's not just about
automation, it's about trust,reliability, and scalability.
If you don't have DHCP now, likewhy?
You have to put everythingmanually and you have to keep
track of every IP that you use.
If not, you're gonna getduplicate IPs, and duplicate IPs
is no bueno, right?
(24:19):
You can't have two devices havethe same IP and be on at the
same time.
That's not gonna work.
That would not work.
So all right.
Uh let's see.
Do I have questions?
I do have questions.
Let's do it.
Which of the following correctlylists the DHCP message sequence?
(24:40):
A offer, discover, request,acknowledge, b, discover, offer,
request, acknowledge, c request,offer, discourage, acknowledge,
or D, discover, acknowledge,request, offer.
I'll read it again.
Which of the following correctlylist the DHCP message sequence,
the four-way handshake.
A offer, discover, request,acknowledge, B.
(25:01):
Discover, offer, request,acknowledge, C, request, offer,
discover, acknowledge, or D,discover, acknowledge, request,
and offer.
Well, if you were listening tohow I described it, it's Dora.
So it's B.
Right?
Discover, offer, requestacknowledgement.
The four message handshakebetween the client and the
(25:21):
server.
Which network features preventsrogue DHCP servers from handing
out address?
A dynamic ARP inspection, B DHCPsnooping, C IP helper address,
or D radius authentication.
Which network feature preventsrogue DHCP servers from handing
(25:41):
out addresses?
A dynamic ARP inspection, B DHCPsnooping, C IP helper address,
or D radius authentication?
Well, the answer is B, DHCPsnooping.
DACP Snooping defines trustedversus untrusted ports and
blocks DHCP server traffic fromuntrusted ports, stopping rogue
(26:02):
servers.
And again, one thing that I wantto add about rogue servers, it
could be like you gotta bereally, really careful.
Like for example, those e rowsthat Amazon sells, right?
You have to configure them acertain way because those e rows
will give out IPs if you let it.
You have to switch it to bridgemode.
(26:22):
And if you switch it to bridgemode, then your router passes
through those e rows and givethe IPs to the device.
So, for example, if you have theway I have it set up is I have
uh like 100 feet cable comingout of the back of my router,
one going upstairs, one goingdownstairs, and one going into
(26:43):
the backyard.
And they connected to switches,which are then connected to e
rolls.
E-E-R-O-S, the Amazon sellsthem.
So the E-Rolls, they give outthe IP address.
So I had to go in there andmanually configure it to be
bridged.
So what happens is it takes thename of, you know, I give it a
(27:06):
wireless name, right?
And then when let's say the TVplugs is looking for the
internet, the smart TV, itattaches to the Eero.
The Eero sends a message to therouter saying, Hey, I need an IP
address, and then it sends itback to the Eero, and the Eero
passes it to the TV.
(27:26):
So I can get Wi-Fi upstairs,even though my and then I get
300 meg wireless upstairs anddownstairs and in the backyard
because of the eero.
And I have them connected to theswitch.
That helps.
Connecting them to a switchhelps.
All right.
Wow, that was a lot.
(27:46):
This is um like I said before,DACP is one of my favorite
topics.
Um, I love teaching it becauseit the students have never heard
of it.
So, all right, that's it.
For me, I'm Professor J-Rodd.
Keep learning, stay connected,and keep tapping into
(28:07):
technology.
This has been a presentation ofLittle Chacha Productions, art
by Savra, music by Joe Kim.
We're now part of the Pod MatchNetwork.
You can follow me at TikTok atProfessor J Rod at J R O D, or
(28:29):
you can email me at Professor JRod Jr.
at gmail.com, I'm gonna go tothe back.
Popular Podcasts
Las Culturistas with Matt Rogers and Bowen Yang
Ding dong! Join your culture consultants, Matt Rogers and Bowen Yang, on an unforgettable journey into the beating heart of CULTURE. Alongside sizzling special guests, they GET INTO the hottest pop-culture moments of the day and the formative cultural experiences that turned them into Culturistas. Produced by the Big Money Players Network and iHeartRadio.
Crime Junkie
Does hearing about a true crime case always leave you scouring the internet for the truth behind the story? Dive into your next mystery with Crime Junkie. Every Monday, join your host Ashley Flowers as she unravels all the details of infamous and underreported true crime cases with her best friend Brit Prawat. From cold cases to missing persons and heroes in our community who seek justice, Crime Junkie is your destination for theories and stories you won’t hear anywhere else. Whether you're a seasoned true crime enthusiast or new to the genre, you'll find yourself on the edge of your seat awaiting a new episode every Monday. If you can never get enough true crime... Congratulations, you’ve found your people. Follow to join a community of Crime Junkies! Crime Junkie is presented by audiochuck Media Company.
Stuff You Should Know
If you've ever wanted to know about champagne, satanism, the Stonewall Uprising, chaos theory, LSD, El Nino, true crime and Rosa Parks, then look no further. Josh and Chuck have you covered.