1.a) run dhcpdump -i eth0 in one shell/shell (eth0 or the name of your interface).On debian/ubuntu one also has the options to use dhcpdump and/or tcpdump with the help of e.g. That monitoring terminal is needed just to see all responses (nmap is able to show only the first response). Nmap done: 0 IP addresses (0 hosts up) scanned in 0.94 seconds WARNING: No targets were specified, so 0 hosts scanned. Terminal2 (for sending a request): sudo nmap -script broadcast-dhcp-discover -e eth0 Tcpdump: verbose output suppressed, use -v or -vv for full protocol decode Terminal1 (for monitoring): sudo tcpdump -nelt udp port 68 | grep -i "boot.*reply" Terminal1 will show responses from all existing DHCP servers including MAC address. I suggest starting two terminals, one for monitoring and another for sending a request. Most managed switches can be configured to prevent rogue DHCP servers:
See for a list of tools (many of which were listed in other responses).
Use a tool that specifically looks for rogue DHCP servers sudo grep -i dhcp /var/log/messages*ĭisabling your production DHCP server might not be a good option, of course. The DHCP server information is usually in /var/log/messages. On a Mac, run ipconfig getpacket en0 (or en1).
You can get the IP address of the server by running ipconfig /all on a windows machine, and then you can get the MAC address by looking for that IP address using arp -a. Temporarily disable your production DHCP server and see if other servers respond. To recap and add to some of the other answers:
0 kommentar(er)
