Trying to Understand DHCP and NAT

[whitehat]

Could some of you IT wizards help me understand something about DHCP and NAT?

I haven't studied these in the classroom, but I've done my share of reading and have certainly renewed DHCP and toggled NAT a few thousand times in the course of troubleshooting over the years. I was also just reviewing again the episode of hak5 where Darren + the cutie set up PPTP in BT5 and he shows how to disable DHCP for stealthiness.

My limited understanding is basically that NAT allows my army of home computers to share a single external IP address by use of internal/local IP addresses and DHCP helps devices communicate with one another. So my question is "what happens when I disable one of both of these?"

Empirically, I can see that I'm usually able to continue using the Internet as normal, on several devices at once. Does lack of NAT just slow down the process of identifying which of my babies (computers) a packet is meant for?

Thanks

[BlueWyvern]

It's actually really simple.

DHCP / Dynamic Host Control protocol literally just hands out IP Addresses. if you turn this off you can just set all of your machines to static IP addresses and they can get on the internet/network without an issue. Devices that are not assigned to static will not receive an IP and therefore not go anywhere.

NAT / Network Address Translation is the network equivalent to that little splitter you would use back in the day to get cable on two TVs instead of one. It takes one public IP address and translates packet data so that when requests are sent and received it knows what computer to send it to.

If you were to disable NAT you would have a gateway and would have to have multiple static IP addresses from your ISP.

Case in point if you buy a block of IPs from AT&T on DSL, you need them to change their device so that it disables NAT, then if DHCP is on it will hand out one of the static IP addresses from the ISP in it's own little DHCP pool, and each of these would be what I like to call "real world routable" or you can turn DHCP off and manually assign from that "pool" of statics yourself. (most people do the latter)

I know I that seems a bit convoluted, but I hope it helps you understand better.

[whitehat]

Thank you very much. That does help a lot!

I read this last night and thought I thanked you then, but I must've fallen asleep. I had a follow up question though -- if you can just set everything to static and it's fine then why would anyone ever want to use DHCP or NAT?

I only have 1 IP from my major home ISP with many computers connected wirelessly (and 1 is wired). So, given this should this be correct?

DHCP + NAT: Each computer has its own local/internal IP and NAT tells the data which IP it's supposed to be going to.

DHCP, no NAT: Each computer has its own local/internal IP but you're screwed because there's nothing telling he router how to route data sent tot he external IP between these local/internal IP's? Presumably this should be pointless? If it actually does work then what is NAT really contributing?

No DHCP, NAT: Each computer has the same IP, which is the external/broadcast one, though NAT is sitting there ready to handle DHCP when you turn it on. Presumably this should also be pointless? Should you even be able to use the Internet in this situation?

no DHCP, no NAT: Each computer has the same IP and NAT is disabled because it's irrelevant. You can't use the Internet unless you turn off all computers except for 1, because of the fact that we're assuming the home ISP only gives you 1 IP, like my ISP does.

Does that all sound correct? If so, then I understand with my only remaining confusion being that I know sometimes I've disabled NAT and still have been able to use the Internet. Perhaps it was because I was only using 1 computer at a time?

I'm also reading this http://www.iplocatio...etmask.php and trying to understand the role of the netmask/subnetmask, but I'm not sure if I should push my luck by asking how it figures into all of this. Every one I've ever seen has always been 255.255.255.0 or maybe 255.255.255.255 somtimes. Apparently this somehow performs mathematical operations on some IP address to help route data and keep us from running out of IPv4 addresses? I feel like this kinda makes sense but I'm not quite there yet.

Edited November 5, 2012 by whitehat

[BlueWyvern]

No DHCP, NAT: Each computer has the same IP, which is the external/broadcast one, though NAT is sitting there ready to handle DHCP when you turn it on. Presumably this should also be pointless? Should you even be able to use the Internet in this situation?

no DHCP, no NAT: Each computer has the same IP and NAT is disabled because it's irrelevant. You can't use the Internet unless you turn off all computers except for 1, because of the fact that we're assuming the home ISP only gives you 1 IP, like my ISP does.

I'm also reading this http://www.iplocatio...etmask.php and trying to understand the role of the netmask/subnetmask, but I'm not sure if I should push my luck by asking how it figures into all of this. Every one I've ever seen has always been 255.255.255.0 or maybe 255.255.255.255 somtimes. Apparently this somehow performs mathematical operations on some IP address to help route data and keep us from running out of IPv4 addresses? I feel like this kinda makes sense but I'm not quite there yet.

No DHCP, NAT: Each machine would need it's IP Address assigned Statically.

No DHCP, No NAT: basically whatever computer is connected and set up with your external IP would be the one online. (Pointless unless you have a block of IPs from your ISP)

Here's another way to think about it

NAT On = You get IPs like 192.168.x.x or 10.x.x.x (Depending on your IP Schema)

NAT Off = You get real IPs that someone could type in their browser and connect to such as 74.125.225.32

DHCP is simply a process for handing out IP addresses.

Regarding Subnet masks the long and short is they determine how many IP addresses are in your block of IPs

P.S. Many people cheat and use something like this

http://www.subnet-calculator.com/