Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win


Simple tcp/ip question.

Posted on 2004-08-08
Medium Priority
Last Modified: 2013-11-29
Simple tcp/ip question.
I was informed that my DHCP server is attributing more traffic that it should.  I have a client/server, domain network that has a normal internal DHCP setup.  The scope is set for start and ending at, which is allows 253 clients with a subnet mask of  There are 5 clients on the network.  The server and gateway are excluded

Now the argument is: would there be less traffic if the scope was only 10 or 20 static IP’s instead of 253.  The way I understand it is that the client will broadcast out to the network for an IP and when the server receives it an IP will be issued.  

Any responses on this?
Question by:mheinemannt
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions

Accepted Solution

net_sec_guru earned 100 total points
ID: 11745698
net mask is not

you can get by with (gives you plenty of room to grow)

DHCP traffic does not use significant network bandwidth during normal periods of usage. Typical DHCP traffic does not exceed 1 percent of overall network traffic. However, there are two phases of DHCP client configuration that generate some network traffic load. These phases are IP address lease and IP address renewal.

When a client initializes TCP/IP for the first time (and is configured as a DHCP client), its first step is to acquire an IP address using DHCP. This process, as described earlier, results in a conversation between the DHCP client and server consisting of four packets, the first of which is the client computer broadcasting a DHCPDiscover packet in an attempt to locate a DHCP server.

The entire process of acquiring an IP address lease through DHCP takes a total of four packets, each varying between 342 and 590 bytes in size. This process, on a clean network (when no other network traffic is using bandwidth), takes less than 1 second (about 300 milliseconds) on 10BaseT media. Results depend on media type in use.

I like narrowing the range down so I can pretty much guess what my range of addresses would be... but traffic wise I don't know how it would make much of a difference.

LVL 15

Expert Comment

ID: 11745792
Try to check for lease renewal configurations...

How many users does the DHCP server serves?


Expert Comment

ID: 11745950
Maybe (for some strange reason) you have got a very short lease time. Check it out, as Cyber-Dude says...
Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!


Assisted Solution

fatlad earned 100 total points
ID: 11746900
Lowering the scope of addresses will not alter the amount of traffic, this is entirely dependant on the number of client machines, and their lease times.

Not sure how Net Sec Guru managed to work out that your mask was wrong, or where he saying it was just set incorrectly for the size of the network?
LVL 27

Assisted Solution

pseudocyber earned 100 total points
ID: 11746920
Like net sec guru said, the mask should probably be

5 clients on the network reserving an IP or renewing is NOT going to be causing any problems on your network.  If the source of the information about the DHCP server causing traffic ... it could very well be some other type of traffic and not just DHCP traffic.  Is it running any other services/daemons?  Can you do some simple analysis of the traffic out the port with netmon and see what it's doing?

Here's an article on netmon:

Description of the Network Monitor Capture Utility



This article describes how to use the Network Monitor Capture Utility (Netcap.exe) that you can use to capture network traffic in Network Monitor.

Assisted Solution

by:Jeff Rodgers
Jeff Rodgers earned 100 total points
ID: 11748902
The DHCP traffic on a subnet is dictated by the number of clients requesting IP addresses.  The size of the scope is irrelevant so long as their are sufficient IP addresses available.

As a client logs onto the network it broadcasts a request demanding an IP address.

The DHCP server receives the request, looks at its database, sees what is available, and then Offers an IP address to the client.  If the Client likes the IP address and all is good the CLient then requests that IP address.  The DHCP server assigns it and responds with an Acknowledgement.  The Cleint then accepts it and moves on.

The only adjustment that is made ont he DHCP server that can impact network traffice is the length of the DHCP lease.  By default a client will attempt to renew its lease at 50% then again at 75% and 87.5% of the lease time (assuming it wasn't successful at 50% in renewing its lease (I.E. DHCP server unavailable) Therefore the longer you make the lease, the less traffic you will have.

5 Clients on a subnet will not generate enough traffic to degrade network performance unless of course you set the lease to a rediculously low number.

Good Luck
LVL 11

Assisted Solution

PennGwyn earned 100 total points
ID: 11754248
Your scope should not go all the way to .255 .  You risk issuing an address that isn't valid, especially if you correct the mask as suggested to

The amount of DHCP traffic is a product of the number of clients and the lease duration.  Lease durations of 8-168 hours are common; if yours is set to seconds, that will have a big impact.


Featured Post

Enroll in October's Free Course of the Month

Do you work with and analyze data? Enroll in October's Course of the Month for 7+ hours of SQL training, allowing you to quickly and efficiently store or retrieve data. It's free for Premium Members, Team Accounts, and Qualified Experts!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Phishing attempts can come in all forms, shapes and sizes. No matter how familiar you think you are with them, always remember to take extra precaution when opening an email with attachments or links.
We aren’t perfect, just like everyone else.  Check out the email errors our community caught and learn the top errors every email marketer should avoid.
NetCrunch network monitor is a highly extensive platform for network monitoring and alert generation. In this video you'll see a live demo of NetCrunch with most notable features explained in a walk-through manner. You'll also get to know the philos…
Monitoring a network: how to monitor network services and why? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the philosophy behind service monitoring and why a handshake validation is critical in network monitoring. Software utilized …
Suggested Courses

636 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question