DHCP - Understanding the Magic Cookie

In general networking contexts, a “magic cookie” is a unique value or sequence of bytes used to identify, authenticate, or distinguish data in communication protocols. The term is often used to describe a token or identifier that serves a specific purpose.

In the context of DHCP, the magic cookie helps to differentiate DHCP messages from BOOTP messages. BOOTP is DHCP's predecessor that was developed in the 1980s.

If you look at a DHCP message, you will see that the Magic Cookie is a field found within DHCP messages. For example, the following Wireshark capture shows a DHCP offer message.

Frame 3: 342 bytes on wire (2736 bits), 342 bytes captured (2736 bits) on interface unknown, id 0 Ethernet II, Src: Apple_74:32:52 (68:a8:6d:74:32:52), Dst: Broadcast (ff:ff:ff:ff:ff:ff) Internet Protocol Version 4, Src: 0.0.0.0, Dst: 255.255.255.255 User Datagram Protocol, Src Port: 68, Dst Port: 67 Dynamic Host Configuration Protocol (Request) Message type: Boot Request (1) Hardware type: Ethernet (0x01) Hardware address length: 6 Hops: 0 Transaction ID: 0x99314172 Seconds elapsed: 0 Bootp flags: 0x0000 (Unicast) Client IP address: 0.0.0.0 Your (client) IP address: 0.0.0.0 Next server IP address: 0.0.0.0 Relay agent IP address: 0.0.0.0 Client MAC address: Apple_74:32:52 (68:a8:6d:74:32:52) Client hardware address padding: 00000000000000000000 Server host name not given Boot file name not given Magic cookie: DHCP Option: (53) DHCP Message Type (Request) Option: (55) Parameter Request List Option: (57) Maximum DHCP Message Size Option: (61) Client identifier Option: (50) Requested IP Address (192.168.1.107) Option: (51) IP Address Lease Time Option: (12) Host Name Option: (255) End Padding: 00000000000000

DHCP messages are formatted in an identical way to BOOTP messages. Without the specific magic cookie value, a host would not be able to differentiate between a BOOTP and a DHCP message.

The Magic Cookie is defined as the first 32 bits of the Options field. If those 32 bits are set to 99.130.83.99 (shown in dotted decimal format), then you know that the message must be interpreted as a DHCP message. This is defined in RFC 2131.

In all modern networks, the Magic Cookie is set to this value, because DHCP has replaced BOOTP virtually everywhere.

https://datatracker.ietf.org/doc/html/rfc2131#section-3