LinuxQuestions.org
Support LQ: Use code LQ3 and save $3 on Domain Registration
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices

Reply
 
Search this Thread
Old 03-16-2009, 12:32 AM   #1
noir911
Member
 
Registered: Apr 2004
Location: Baltimore, MD
Posts: 681

Rep: Reputation: Disabled
scan network for DHCP server requests in real-time


I would like to scan my entire network (in real-time) to see which IP is making DHCP request to which DHCP server. The idea is to see if there is any rogue DHCP server on the network.

I have a server which can see all my vlan (it's a sniffer box) and from there I can do: tcpdump -i eth0 -n port 67 and port 68. But this command doesn't show which DHCP server it's accessing. I'm getting:

<date> IP <IP_ADDRESS> > 255.255.255.255.67 : BOOTP/DHCP, Request from <MAC_ADDRESS>, length 300 - doesn't tell me the DHCP server name - just a broadcast packet.

Thanks for any help.
 
Old 03-17-2009, 12:16 PM   #2
tredegar
Guru
 
Registered: May 2003
Location: London, UK
Distribution: Ubuntu 10.04, mostly
Posts: 6,007

Rep: Reputation: 367Reputation: 367Reputation: 367Reputation: 367
This is maybe over my head, but I think you can use nmap to discover dhcp servers. Try something like:
Code:
root@vaio:~# nmap -sU 10.0.0.0-254 -p 67-68

Starting Nmap 4.53 ( http://insecure.org ) at 2009-03-17 16:59 GMT
Interesting ports on www.routerlogin.com (10.0.0.2):
PORT   STATE         SERVICE
67/udp open|filtered dhcps
68/udp closed        dhcpc
MAC Address: 00:18:4D:B9:DA:44 (Netgear)

Interesting ports on meee.home.net (10.0.0.3):
PORT   STATE  SERVICE
67/udp closed dhcps
68/udp closed dhcpc
MAC Address: 00:15:AF:6A:1D:F3 (AzureWave Technologies)

Interesting ports on vaio.home.net (10.0.0.8):
PORT   STATE  SERVICE
67/udp closed dhcps
68/udp closed dhcpc

Nmap done: 255 IP addresses (3 hosts up) scanned in 6.944 seconds

root@vaio:~#
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
LXer: psad: Linux Detect And Block Port Scan Attacks In Real Time LXer Syndicated Linux News 0 08-12-2008 02:40 PM
LXer: Real-time garbage collection with Real-time Java LXer Syndicated Linux News 0 05-05-2007 12:16 PM
LXer: Real-time Linux gains real-time JVM LXer Syndicated Linux News 0 10-12-2006 10:54 AM
apache track incoming, outgoing requests real-time dtra Linux - Networking 1 07-18-2005 07:19 AM
dhcp client requests a new address every time EdoardoC Linux - Networking 6 02-02-2005 05:02 PM


All times are GMT -5. The time now is 11:40 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration