/ Networking Basics / By

What Is DHCP and How Does It Work?

If you’ve ever connected a device to Wi-Fi and magically gotten internet access without typing in an IP address, you’ve already used DHCP, even if you didn’t know it.

DHCP stands for Dynamic Host Configuration Protocol, and it’s a core part of how networks work. As a pentester, understanding DHCP is important, not just so you know what’s happening behind the scenes, but because it can be abused in certain attacks.

Let’s break it down simply.

What Does DHCP Actually Do?

DHCP is responsible for automatically assigning IP addresses to devices on a network. Without it, every device would need to be configured manually.

Here’s what happens when you connect a device (like your laptop) to a network:

  1. Your device says: “Hey, I need an IP address!”
  2. The DHCP server replies: “Here you go: 192.168.1.50. You can use it for 24 hours.”
  3. Your device says: “Thanks!” and uses that IP to talk on the network.

This all happens automatically within a few seconds.

What Does DHCP Provide?

DHCP doesn’t just hand out IP addresses. It also gives your device:

  • Subnet mask (so it knows which IP range it’s in)
  • Default gateway (so it knows how to reach the internet)
  • DNS server (so it can resolve domain names)

All of this information is critical. Without it, your device wouldn’t know how to talk to anything beyond the local network.

What Happens When There’s No DHCP?

If there’s no DHCP server available, your device either:

  • Doesn’t get an IP at all, and can’t talk on the network.
  • Or assigns itself a link-local address (like 169.254.x.x), which only works locally and won’t get you online.

This is why if a network is broken or misconfigured, you might see a weird 169.254 IP in your settings, your device is just doing the best it can without a DHCP server.

DHCP from a Pentester’s Perspective

DHCP isn’t just something you passively observe, it’s something that can be abused.

Here are a few things to keep in mind:

1. DHCP Spoofing

As a pentester, you might run your own fake DHCP server on a network. If a device connects and talks to your DHCP server first, you can:

  • Assign it an IP of your choosing
  • Set your machine as the default gateway
  • Redirect its DNS requests to your server

This can lead to Man-in-the-Middle (MitM) attacks and DNS poisoning.

2. DHCP Starvation

This is where an attacker floods the DHCP server with so many fake requests that it runs out of IPs to assign. Legit users can’t get on the network anymore. It’s noisy and not subtle, but it’s a denial-of-service technique you should know.

3. Network Recon

When you plug into a target network and see what IP you get from DHCP, you can immediately start to map out the address range, subnet size, and default gateway—great intel for further recon.

Summary

  • DHCP automatically assigns IP addresses and network settings.
  • It’s the reason you don’t have to manually configure network settings every time you connect.
  • It provides your IP, subnet mask, gateway, and DNS.
  • As a pentester, DHCP can be a vector for attacks like spoofing, starvation, or network recon.

Related Posts

Scroll to Top