| View previous topic :: View next topic |
| Author |
Message |
tnt
Veteran
Joined: 27 Feb 2004
Posts: 1227
|
 Posted: Mon May 18, 2009 4:46 pm Post subject: how to find all DHCP servers on LAN? |
 |
|
is there any program/utility that can scan for all DHCP servers broadcasting on some LAN?
_________________
gentoo user |
|
| Back to top |
|
 |
Ahenobarbi
Retired Dev
Joined: 02 Apr 2009
Posts: 345
Location: Warsaw, PL
|
| Posted: Mon May 18, 2009 6:11 pm Post subject: |
|
|
Check if works for you ( it works for me but I have only one server).
If not maybe dhcpcd for address then ban the server that gives IP to you, repeat until you there is noone to give you one?
Last edited by Ahenobarbi on Thu May 21, 2009 3:45 pm; edited 1 time in total |
|
| Back to top |
|
|
arch_dude
n00b
Joined: 06 Apr 2004
Posts: 38
|
| Posted: Mon May 18, 2009 10:47 pm Post subject: |
|
|
I assume that you are aware that you should have at most one dhcp server on your LAN, and you are looking for one or more rogue servers. To find it/them:
First, emerge wireshark. then, run wireshark with a filter to capture only dhcp traffic. Then restart your etnernet connection to force your machine to make a new dhcp request. All of the servers will respond and wireshark will see the traffic. |
|
| Back to top |
|
|
Bircoph
Retired Dev
Joined: 27 Jun 2008
Posts: 261
Location: Moscow
|
| Posted: Thu May 21, 2009 3:43 pm Post subject: |
|
|
| arch_dude wrote: | | I assume that you are aware that you should have at most one dhcp server on your LAN |
This is absolutely not necessary. LAN may be segmented (e.g. via routers) and each segment may have its own dhcp server.
_________________
Per aspera ad astra! |
|
| Back to top |
|
|
overkll
Veteran
Joined: 21 Sep 2004
Posts: 1249
Location: Austin, Texas
|
| Posted: Thu May 21, 2009 3:51 pm Post subject: |
|
|
| If your network isn't too large, you may want to try net-misc/dhcping |
|
| Back to top |
|
|
pigeon768
l33t
Joined: 02 Jan 2006
Posts: 683
|
| Posted: Thu May 21, 2009 5:55 pm Post subject: |
|
|
| Bircoph wrote: | | arch_dude wrote: | | I assume that you are aware that you should have at most one dhcp server on your LAN |
This is absolutely not necessary. LAN may be segmented (e.g. via routers) and each segment may have its own dhcp server. |
Just so that nobody gets confused: you can only have dhcp server per segment.
Very bad things(tm) happen if you have more than one dhcp server broadcasting to a set of hosts. I suspect the OP has very bad things(tm) happening, and he knows what's causing it, but his network is jacked and he can't figure out where the second dhcp broadcasts are coming from. |
|
| Back to top |
|
|
overkll
Veteran
Joined: 21 Sep 2004
Posts: 1249
Location: Austin, Texas
|
| Posted: Thu May 21, 2009 6:06 pm Post subject: |
|
|
| pidgeon768 wrote: | | Just so that nobody gets confused: you can only have dhcp server per segment. |
I'm clear on that point.
tcpdump may help, unless you can't listen promiscously (switch with no management port) to the network and/or subnets.
Another option may be to setup iptables with a logging rule for DHCP. That should reveal the culprits.
If the network isn't too large, one could use dhcping to query suspect machines/routers and see if they respond.
IMHO, wireshark is overkill (no pun intended). That's a 15-20 minute compile just for eavesdropping. |
|
| Back to top |
|
|
RBH
Apprentice
Joined: 31 Oct 2004
Posts: 184
|
| Posted: Thu May 21, 2009 6:43 pm Post subject: |
|
|
| pigeon768 wrote: | | Bircoph wrote: | | arch_dude wrote: | | I assume that you are aware that you should have at most one dhcp server on your LAN |
This is absolutely not necessary. LAN may be segmented (e.g. via routers) and each segment may have its own dhcp server. |
Very bad things(tm) happen if you have more than one dhcp server broadcasting to a set of hosts. |
Certainly the rule I've always heard, but now that I think about it, isn't the danger a loss of efficiency rather than big bad network of doom?
I could have dreamed this, but don't all DHCP daemons worth their salt check if an IP's in use before leasing it? If that's the case, then - assuming DHCP server configs are kept up to date (not hard if we're talking about a pair of them), the negative impact would be a lot of this checking going on due to unexpectedly finding a supposedly free IP in use (leased out by the other server) and having to find another. Horribly inefficient, sure, but not the end of the world?
Naturally, I'm fully expecting to be corrected here as people with far greater knowledge than me sit there with a lonely DHCPD, but making mistakes is the best way to learn  |
|
| Back to top |
|
|
truc
Advocate
Joined: 25 Jul 2005
Posts: 3199
|
| Posted: Tue May 26, 2009 5:16 am Post subject: |
|
|
| http://www.gentoo.org wrote: | New Packages
Posted on May 26, 2009 by packages.gentoo.org
net-analyzer/dhcp_probe-1.3.0 dchp_probe attempts to discover DHCP and BootP servers on a directly-attached Ethernet network |
_________________
The End of the Internet! |
|
| Back to top |
|
|
overkll
Veteran
Joined: 21 Sep 2004
Posts: 1249
Location: Austin, Texas
|
| Posted: Tue May 26, 2009 3:52 pm Post subject: |
|
|
| Timely addition to the tree. Looks like the right tool for the job. |
|
| Back to top |
|
|
|
Networking & Security
