DHCP and NAT

Overview

DHCP auto-assigns IP/mask/gateway/DNS via the DORA exchange. NAT lets many private hosts share one public IP by rewriting addresses/ports at the router.

Why it matters

NAT explains reachability: private hosts aren't directly attackable from the internet, shaping how you plan external vs internal testing. DHCP lease data helps inventory an internal network.

Core concepts

DORA. Discover, Offer, Request, Acknowledge. Lease. IP plus mask, gateway, DNS, with an expiry. NAT/PAT. Router rewrites source IP+port so many hosts share one public IP. Consequence. Inbound connections to private hosts need NAT rules or a foothold.

Lesson

Two services make everyday networking work without manual configuration.

DHCP: automatic addressing

When a device joins a network it doesn't know its IP. DHCP (Dynamic Host Configuration Protocol) hands one out in a four-step exchange — DORA:

1. Discover — client broadcasts "I need an address."
2. Offer — a DHCP server offers one.
3. Request — client asks for that offer.
4. Acknowledge — server confirms and leases it. The lease includes IP, subnet mask, default gateway, and DNS servers.

NAT: many private hosts, one public IP

NAT (Network Address Translation) lets a whole private network share one public IP. The router rewrites the source address (and port) of outgoing packets to its public IP, remembers the mapping, and reverses it for replies. This is PAT/"NAT overload" — the common home-router behaviour.

Why pentesters care

NAT is why an internal host with a 192.168.x.x address can't be reached directly from outside — you need a foothold or a port-forward. DHCP logs and lease tables are useful during internal engagements to map what's on the network.

Summary

DHCP gives hosts their addressing automatically (DORA); NAT multiplexes a private network onto one public IP. Together they explain why internal hosts are reachable from inside but not directly from the internet.