Recipe14.18.Finding the DHCP Servers on a Subnet

Previous page
Table of content
Next page

Recipe 14.18. Finding the DHCP Servers on a Subnet

Problem

You want to find the DHCP Servers that are active on a particular subnet. This is useful if you believe there is a rogue DHCP Server causing problems for your clients.

Solution

The dhcploc command lets you see a computer's DHCP traffic for a broadcast domain. Simply pass in the IP address of the machine from which you are running the command:

> dhcploc 192.168.32.24

You will not see any output from the command until it captures some DHCP traffic. You can try running ipconfig /renew to force some traffic to be generated. You can also press the "d" key when you have dhcploc running to have it generate a DISCOVER message.

Here is some sample output from the command:

9:34:58 (IP)0.0.0.0        NACK      (S)192.168.31.84     *** 9:36:38 (IP)192.168.190.130 OFFER     (S)192.168.12.226   *** 9:36:38 (IP)192.168.196.231 ACK       (S)192.168.13.53 9:36:53 (IP)192.168.196.231 ACK       (S)192.168.13.53 9:37:05 (IP)192.168.196.234 OFFER     (S)192.168.13.53 9:37:05 (IP)192.168.193.232 OFFER     (S)192.168.12.198 9:37:06 (IP)192.168.190.132 OFFER     (S)192.168.12.221   ***

The first column contains a timestamp, the second column is the IP address of the target computer, the third is the DHCP request type, the fourth is the IP address of the DHCP Server, and the fifth is a flag that indicates whether the DHCP Server is authorized. If it is not authorized, you'll see three stars (***). In the previous output, you can see that 192.168.31.84, 192.168.12.226, and 192.168.12.221 are all unauthorized DHCP Servers.

dhcploc can also send alerts if it detects an unauthorized server. This allows you to start dhcploc, leave it running, and let it proactively notify you when it discovers an unauthorized server. To do so, specify the /a: option followed by the list of users to alert as shown here:

> dhcploc /a:"rallen" 192.168.32.24

Discussion

dhcploc works by capturing all of the DHCP traffic it sees on the network. Since most DHCP traffic is sent via broadcast, every computer in the broadcast domain (e.g., all computers connected to a hub on a local segment), can look at DHCP traffic. Most computers simply discard the traffic unless it is destined for them, but dhcploc captures all DHCP traffic.

Do not run dhcploc from a DHCP Server. DHCP traffic will be delivered to dhcploc instead of the DHCP Server. By running the command directly on a DHCP Server, it is likely the server won't be able to respond to any client requests.


See Also

Recipe 14.2 and MS KB 186462 (DHCPLOC Should Not Be Run from DHCP Servers)


Previous page
Table of content
Next page
Windows Server Cookbook
Windows Server Cookbook for Windows Server 2003 and Windows 2000
ISBN: 0596006330
EAN: 2147483647
Year: 2006
Pages: 380
Authors: Robbie Allen
BUY ON AMAZON
Kanban Made Simple: Demystifying and Applying Toyotas Legendary Manufacturing Process
The New Solution Selling: The Revolutionary Sales Process That Is Changing the Way People Sell [NEW SOLUTION SELLING 2/E]
PMP Practice Questions Exam Cram 2
Telecommunications Essentials, Second Edition: The Complete Global Source (2nd Edition)
VBScript in a Nutshell, 2nd Edition
Understanding Digital Signal Processing (2nd Edition)
flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net
Privacy policy