NAT and DHCP

Comparison (Network Layer)

 1
NAT

Agenda 2
DHCP
3
NAT vs DHCP
 Network Address Translation (NAT) is a process that

NAT enables one, unique IP address to represent an entire

group of computers.
In network address translation, a network device, often a
(Network Address router or NAT firewall, assigns a computer or computers
inside a private network a public address.

Translator) In this way, network address translation allows the single

device to act as an intermediary or agent between the
local, private network and the public network that is the
Definition, working, configuration and types internet. NAT’s main purpose is to conserve the number
of public IP addresses in use, for both security and
economic goals.
 NAT-Purpose
To communicate with the internet, a networking system requires a unique IP
address. This 32-bit number identifies and locates the network device so a user
can communicate with it.

The IPV4 addressing scheme of past decades technically made billions of these
unique addresses available, but not all could be assigned to devices for
communication.
Some were exempted and used for testing, broadcast, and certain reserved
military purposes.
 NAT-Working
An inside host may want to communicate with a destination network address translation web server address
in the outside world. For further communication, it will send a data packet to the network’s NAT gateway
router.

The NAT gateway router determines whether the packet meets the condition for translation by learning the
source IP address of the packet and looking it up in the table. It can locate authenticated hosts for the
internal network translation purposes on its access control list (ACL), and then complete the translation,
producing an inside global IP address from the inside local IP address.

Finally, the NAT gateway router will route the packet to the destination after saving the translation in the
NAT table. The packet reverts to the global IP address of the router when the internet’s web server reverts to
the request.

Referring back to the NAT table, the router can determine which translated IP address corresponds to which
global address, translate it to the inside local address, and deliver the data packet to the host at their IP
address. The data packet is discarded if no match is found.
 NAT-Configuration
The organisation receives a range of registered, unique IP addresses assigned by the ISP. The assigned list of addresses are called
inside global addresses.
The team splits unregistered, private addresses into one small group and one much larger group. The stub domain will use the
larger group, called inside local addresses. The NAT routers will use the small group, called outside local addresses, to translate the
outside global addresses or unique IP addresses of devices on the public network.
Most stub domain computers communicate with each other using inside local addresses. There are inside global addresses for those
stub domain computers that communicate extensively outside the network, meaning they do not require translation.
However, when a typical stub domain computer with an inside local address needs to communicate outside the network, it sends the
packet to a NAT router.
The NAT router checks for the destination address in the routing table. If it has an entry for that address, the NAT router translates
the packet and enters that action into the address translation table. The NAT router drops the packet if the destination address is not
in the routing table.
The router sends the packet on using an inside global address.
A public network computer sends a packet to the private network. The packet’s destination address is an inside global address and
its source address is an outside global address.
The NAT router confirms that the destination address maps to a stub domain computer by checking the address translation table.
The NAT router sends the packet to the destination computer after translating the packet’s inside global address to the inside local
address.
 NAT-Types
1. Static network address translation SNAT. SNAT maps unregistered IP addresses using 1 to 1 network address
translation to match up with registered IP addresses. It is particularly useful when a device needs to be
accessible from outside the network.
2. Dynamic network address translation DNAT. This form of NAT selects a target from a group of registered IP
addresses and maps an unregistered IP address to the registered version.
3. Reverse network address translation RNAT. RNAT allows users to connect to themselves using the internet or
public network.
4. Overloading network address translation NAT. This is also known as NAT overload, port-level multiplexed
NAT, single address NAT, or port address translation (PAT). This form of dynamic NAT uses different ports
to map multiple private, local, unregistered IP addresses to a single registered IP address and distinguish which
traffic belongs to which NAT IP address. In terms of port address translation vs network address translation,
PAT is often most cost-effective when many users are connected to the internet through just one public IP
address.
5. Overlapping network address translation NAT. Overlapping NAT can happen either when two organizations
whose networks both use RFC 1918 IP addresses merge, or when registered IP addresses are assigned to
multiple devices or otherwise in use on more than one internal network. In both cases, the networks need to
communicate, and the organization(s) use overlapping NAT to achieve this without readdressing all devices.
 Dynamic Host Configuration Protocol is a network protocol
used to automate the process of assigning IP addresses and other
network configuration parameters to devices (such as computers,
smartphones, and printers) on a network. Instead of manually
DHCP configuring each device with an IP address, DHCP allows devices
to connect to a network and receive all necessary network
(Dynamic Host information, like IP address, subnet mask, default gateway, and
Configuration Protocol) DNS server addresses, automatically from a DHCP server.
This makes it easier to manage and maintain large networks,
Definition, working, features ensuring devices can communicate effectively without conflicts in
their network settings. DHCP plays a crucial role in modern
networks by simplifying the process of connecting devices and
managing network resources efficiently.
 DHCP- Components
DHCP Server: DHCP Server is a server that holds IP Addresses and other information related to configuration.
DHCP Client: It is a device that receives configuration information from the server. It can be a mobile, laptop, computer,
or any other electronic device that requires a connection.
DHCP Relay: DHCP relays basically work as a communication channel between DHCP Client and Server.
IP Address Pool: It is the pool or container of IP Addresses possessed by the DHCP Server. It has a range of addresses
that can be allocated to devices.
Subnets: Subnets are smaller portions of the IP network partitioned to keep networks under control.
Lease: It is simply the time that how long the information received from the server is valid, in case of expiration of the
lease, the tenant must have to re-assign the lease.
DNS Servers: DHCP servers can also provide DNS (Domain Name System) server information to DHCP clients,
allowing them to resolve domain names to IP addresses.
Default Gateway: DHCP servers can also provide information about the default gateway, which is the device that packets
are sent to when the destination is outside the local network.
Options: DHCP servers can provide additional configuration options to clients, such as the subnet mask, domain name,
and time server information.
Renewal: DHCP clients can request to renew their lease before it expires to ensure that they continue to have a valid IP
address and configuration information.
Failover: DHCP servers can be configured for failover, where two servers work together to provide redundancy and
ensure that clients can always obtain an IP address and configuration information, even if one server goes down.
DHCP- Frame Format
 DHCP- Packet Format
Hardware Length: This is an 8-bit field defining the length of the physical address in bytes. e.g for Ethernet the value is 6.
Hop count: This is an 8-bit field defining the maximum number of hops the packet can travel.
Transaction ID: This is a 4-byte field carrying an integer. The transcation identification is set by the client and is used to match a
reply with the request. The server returns the same value in its reply.
Number of Seconds: This is a 16-bit field that indicates the number of seconds elapsed since the time the client started to boot.
Flag: This is a 16-bit field in which only the leftmost bit is used and the rest of the bit should be set to os. A leftmost bit specifies a
forced broadcast reply from the server. If the reply were to be unicast to the client, the destination. IP address of the IP packet is
the address assigned to the client.
Client IP Address: This is a 4-byte field that contains the client IP address . If the client does not have this information this field
has a value of 0.
Your IP Address: This is a 4-byte field that contains the client IP address. It is filled by the server at the request of the client.
Server IP Address: This is a 4-byte field containing the server IP address. It is filled by the server in a reply message.
Gateway IP Address: This is a 4-byte field containing the IP address of a routers. IT is filled by the server in a reply message.
Client Hardware Address: This is the physical address of the client .Although the server can retrieve this address from the frame
sent by the client it is more efficient if the address is supplied explicity by the client in the request message.
Server Name: This is a 64-byte field that is optionally filled by the server in a reply packet. It contains a null-terminated string
consisting of the domain name of the server. If the server does not want to fill this filed with data, the server must fill it with all 0s.
Boot Filename: This is a 128-byte field that can be optionally filled by the server in a reply packet. It contains a null- terminated
string consisting of the full pathname of the boot file. The client can use this path to retrieve other booting information. If the
server does not want to fill this field with data, the server must fill it with all 0s.
Options: This is a 64-byte field with a dual purpose. IT can carry either additional information or some specific vendor
information. The field is used only in a reply message. The server uses a number, called a magic cookie, in the format of an IP
address with the value of 99.130.83.99. When the client finishes reading the message, it looks for this magic cookie. If present the
next 60 bytes are options
Working of DHCP
The 8 DHCP Messages
DHCP Discover Message: This is the first message generated in the communication
process between the server and the client. This message is generated by the Client host
in order to discover if there is any DHCP server/servers are present in a network or not.
This message is broadcasted to all devices present in a network to find the DHCP
server. This message is 342 or 576 bytes long.
DHCP Offers A Message: The server will respond to the host in this message specifying the unleased IP
address and other TCP configuration information. This message is broadcasted by the server. The size of
the message is 342 bytes. If there is more than one DHCP server present in the network then the client host
will accept the first DHCP OFFER message it receives. Also, a server ID is specified in the packet in order
to identify the server.
DHCP Request Message: When a client receives an offer message, it responds by broadcasting a DHCP
request message. The client will produce a gratuitous ARP in order to find if there is any other host present
in the network with the same IP address. If there is no reply from another host, then there is no host with the
same TCP configuration in the network and the message is broadcasted to the server showing the acceptance
of the IP address. A Client ID is also added to this message.
DHCP Acknowledgment Message: In response to the request message received, the server will make an
entry with a specified client ID and bind the IP address offered with lease time. Now, the client will
have the IP address provided by the server.
 DHCP Starvation

A DHCP starvation attack happens when a hacker floods a DHCP

server with requests for IP addresses. This overwhelms the server,
making it unable to assign addresses to legitimate users. The hacker
can then block access for authorized users and potentially set up a
fake DHCP server to intercept and manipulate network traffic,
which could lead to a man-in-the-middle attack.
 NAT vs DHCP
DHCP
DHCP is used to assign IP addresses to clients
DHCP provides network IP addresses to the
devices (hosts) connected to a network.
DHCP connections are between the host and the
server, typically within the network.
NAT
NAT is used to translate one address to another
primarily to support internet access but translating a
Private address into a public address.
NAT takes many private IP addresses and converts
them to a public one before sending data out of a
network and to the internet.
NAT connections are between routers.