# How do dhcp and things work?

## PhiJ

The question comes from when I wondered if somebody else on my network could 'listen' to the insecure things I was doing on the internet  (we're all connected by ethernet cable to some kind of university router I suppose) - I know they could do that via the big bad internet, but could they do it directly, within the network?

So I was wondering if anybody knew any resources that could teach me about suchlike, or the answer to the above question, and how one would do it, or a general good book on security and the internet?

----------

## John R. Graham

Used to be local parts of our networks (called segments) were connected together with dumb hubs and all traffic from every computer on that segment was routed to every other computer.  The network card just normally ignores stuff not addressed to it unless explicitly put into "promiscuous mode".  Nowadays, local networks are put together with switches and routers.  Both of these are smart enough to prune LAN traffic so that it only appears on wires that are actually between the source and destination computers so the amount of traffic that a given computer can spy on is less than it used to be.

DHCP works with a special type of message called a "broadcast" because all network cards listen to that message.  The contents of the message further differentiates the type of message.  To get an IP address assigned by the DHCP server, a computer sends a broadcast message called "DHCP Discover".  A DHCP server that received this message will begin a more complicated dialog with originating computer resulting in the assignment of an IP address (called a lease) for a certain amount of time.  Other information is typically delivered to the originating computer, such as the IP addresses of the DNS server and gateway.

There is another broadcast-based protocol called ARP (Address Resolution Protocol) that allows computers on a local segment to discover each other's physical MAC addresses.

Finally, routers do something special.  They have one or more upstream (or WAN) ports and usually a lot of downstream (or LAN) ports.  A router discovers (simply by listening to traffic) a list of computers that exist on each of its downstream ports.  Using that list--and discovering more information as it goes--the router intelligently forwards the messages just to the ports that should receive them.  If the message doesn't appear to be addressed to any local computer, then the message is forwarded to the upstream port(s).  Routers also talk to each other to help avoid unnecessary traffic.

There are a lot of complicating nuances but that covers the basics.  If you have any specific questions, don't hesitate to ask.    :Smile: 

- John

----------

## think4urs11

 *PhiJ wrote:*   

> ... but could they do it directly, within the network?

 

yes.

Depending on the exact network setup it can be very easy to eavesdrop your traffic; one cue here is arp spoofing, annother one might be man in the middle.

In general Cisco gives lots of very good documentation, both to their products and to general descriptions about all sorts of networking stuff.

----------

