windows-nt/Source/XPSP1/NT/net/dhcp/client/rogue/dhcploc.txt

44 lines
1.7 KiB
Plaintext
Raw Permalink Normal View History

2020-09-26 03:20:57 -05:00
dhcploc:
This utility can be used to detect unauthorized DHCP server on a subnet.
It displays the dhcp servers that are active on the subnet and beeps and
sends out alert messages when it sees from any unauthorized dhcp
servers. The usage of this tool is as given below :
dhcploc [-p] [-a:"list-of-alertnames"] [-i:alertinterval] machine-ip-address [list of valid dhcp servers ip addresses]
machine-ip-address - ip address of the machine where the utility is
run. If the machine has multiple adapters then you need to select an
adapter (and the corresponding ip address) that is connected to the
subnet under test.
list of valid dhcp servers - you can specify any number of authorized
dhcp servers' ip addresses here. This utility will be silent if it sees any
packets from these server. However it will display the packets it sees
from these servers unless '-p' option is specified.
-p - if this option is specified then this utility will not display the
packets it sees from the specified authorized dhcp servers.
-a - if this option is specified the tool sends of alert message to
the list of names specified.
-i - this option specifies the alert frequency in seconds.
The format of the output will look like as below :
<time> (IP)<ipaddress offered> <packet type> (S)<server ip address> <***>
*** - indicates unauthorized server.
Examples :
17:34:58 (IP)0.0.0.0 NACK (S)11.11.31.84 ***
17:36:38 (IP)11.101.190.130 OFFER (S)11.101.12.226 ***
17:36:38 (IP)11.101.196.231 ACK (S)11.101.13.53
17:36:53 (IP)11.101.196.231 ACK (S)11.101.13.53
17:37:05 (IP)11.101.196.234 OFFER (S)11.101.13.53
17:37:05 (IP)11.101.193.232 OFFER (S)11.101.12.198
17:37:06 (IP)11.101.190.132 OFFER (S)11.101.12.226 ***