Welcome to the most active Linux Forum on the web.
Go Back > Forums > Linux Forums > Linux - Networking
User Name
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.


  Search this Thread
Old 03-16-2009, 01:32 AM   #1
Registered: Apr 2004
Location: Baltimore, MD
Posts: 681

Rep: Reputation: Disabled
scan network for DHCP server requests in real-time

I would like to scan my entire network (in real-time) to see which IP is making DHCP request to which DHCP server. The idea is to see if there is any rogue DHCP server on the network.

I have a server which can see all my vlan (it's a sniffer box) and from there I can do: tcpdump -i eth0 -n port 67 and port 68. But this command doesn't show which DHCP server it's accessing. I'm getting:

<date> IP <IP_ADDRESS> > : BOOTP/DHCP, Request from <MAC_ADDRESS>, length 300 - doesn't tell me the DHCP server name - just a broadcast packet.

Thanks for any help.
Old 03-17-2009, 01:16 PM   #2
LQ 5k Club
Registered: May 2003
Location: London, UK
Distribution: Debian "Jessie"
Posts: 6,063

Rep: Reputation: 388Reputation: 388Reputation: 388Reputation: 388
This is maybe over my head, but I think you can use nmap to discover dhcp servers. Try something like:
root@vaio:~# nmap -sU -p 67-68

Starting Nmap 4.53 ( ) at 2009-03-17 16:59 GMT
Interesting ports on (
67/udp open|filtered dhcps
68/udp closed        dhcpc
MAC Address: 00:18:4D:B9:DA:44 (Netgear)

Interesting ports on (
67/udp closed dhcps
68/udp closed dhcpc
MAC Address: 00:15:AF:6A:1D:F3 (AzureWave Technologies)

Interesting ports on (
67/udp closed dhcps
68/udp closed dhcpc

Nmap done: 255 IP addresses (3 hosts up) scanned in 6.944 seconds



Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
LXer: psad: Linux Detect And Block Port Scan Attacks In Real Time LXer Syndicated Linux News 0 08-12-2008 03:40 PM
LXer: Real-time garbage collection with Real-time Java LXer Syndicated Linux News 0 05-05-2007 01:16 PM
LXer: Real-time Linux gains real-time JVM LXer Syndicated Linux News 0 10-12-2006 11:54 AM
apache track incoming, outgoing requests real-time dtra Linux - Networking 1 07-18-2005 08:19 AM
dhcp client requests a new address every time EdoardoC Linux - Networking 6 02-02-2005 06:02 PM

All times are GMT -5. The time now is 05:47 PM.

Main Menu
Write for LQ is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration