DHCP stands for “Dynamic Host Configuration Protcol”. It has been created to automatically assign IP addresses to any device that requests an IP address. A DHCP server allows devices to request IP addresses and networking parameters automatically, decreasing the need for a network administrator or a user to configure these settings manually. So when a new device connects to the network, the DHCP server would assign an IP address and the gateway.
The DHCP requests are made in the form of broadcasts. The purpose behind this attack is to send a reply to the victim machine before the real DHCP does. In case we are able to successfully accomplish this, we are able to manipulate the following things:
1. The IP address of the victim
2. Default gateway
3. DNS address
Since we are able to change the gateway, we can point the victim’s gateway to a fake IP address and therefore cause a Denial of Service (DoS) attack. In cases where we want to sniff the traffic, we can start a DHCP spoofing attack, and this can be done by changing the default gateway of the victim to our IP address and therefore be able to intercept all the traffic that the victim sends.