On Tue, Mar 15, 2005 at 10:39:13PM -0700, Andrew Hunter wrote: > Hi. Are there any reliable ways of finding a rogue DHCP server on a > network? It would seem that one of my devices has suddenly decided to > start handing out addresses, which is irritating. My router is > supposed to serve addresses, but devices have suddenly started getting > non-169 addresses when everything should be 192.168.0.1-99. Any > ideas? >
Plug in a computer with Ethereal to your network and start sniffing packets in promiscuous mode. You can see the actual packet that the DHCP server is sending out. I've been able to track down rogue DHCP servers by looking at the server IP address in the packet, which can then be tracked down to the computer/device responsible. -- Andrew McNabb http://www.mcnabbs.org/andrew/ PGP Fingerprint: 8A17 B57C 6879 1863 DE55 8012 AB4D 6098 8826 6868
pgpG2xP6ogztI.pgp
Description: PGP signature
-------------------- BYU Unix Users Group http://uug.byu.edu/ The opinions expressed in this message are the responsibility of their author. They are not endorsed by BYU, the BYU CS Department or BYU-UUG. ___________________________________________________________________ List Info: http://uug.byu.edu/cgi-bin/mailman/
