44 lines
1.7 KiB
Plaintext
44 lines
1.7 KiB
Plaintext
|
|
dhcploc:
|
|
|
|
This utility can be used to detect unauthorized DHCP server on a subnet.
|
|
It displays the dhcp servers that are active on the subnet and beeps and
|
|
sends out alert messages when it sees from any unauthorized dhcp
|
|
servers. The usage of this tool is as given below :
|
|
|
|
dhcploc [-p] [-a:"list-of-alertnames"] [-i:alertinterval] machine-ip-address [list of valid dhcp servers ip addresses]
|
|
|
|
machine-ip-address - ip address of the machine where the utility is
|
|
run. If the machine has multiple adapters then you need to select an
|
|
adapter (and the corresponding ip address) that is connected to the
|
|
subnet under test.
|
|
|
|
list of valid dhcp servers - you can specify any number of authorized
|
|
dhcp servers' ip addresses here. This utility will be silent if it sees any
|
|
packets from these server. However it will display the packets it sees
|
|
from these servers unless '-p' option is specified.
|
|
|
|
-p - if this option is specified then this utility will not display the
|
|
packets it sees from the specified authorized dhcp servers.
|
|
|
|
-a - if this option is specified the tool sends of alert message to
|
|
the list of names specified.
|
|
|
|
-i - this option specifies the alert frequency in seconds.
|
|
|
|
The format of the output will look like as below :
|
|
|
|
<time> (IP)<ipaddress offered> <packet type> (S)<server ip address> <***>
|
|
|
|
*** - indicates unauthorized server.
|
|
|
|
Examples :
|
|
|
|
17:34:58 (IP)0.0.0.0 NACK (S)11.11.31.84 ***
|
|
17:36:38 (IP)11.101.190.130 OFFER (S)11.101.12.226 ***
|
|
17:36:38 (IP)11.101.196.231 ACK (S)11.101.13.53
|
|
17:36:53 (IP)11.101.196.231 ACK (S)11.101.13.53
|
|
17:37:05 (IP)11.101.196.234 OFFER (S)11.101.13.53
|
|
17:37:05 (IP)11.101.193.232 OFFER (S)11.101.12.198
|
|
17:37:06 (IP)11.101.190.132 OFFER (S)11.101.12.226 ***
|