Solved How do you find dhcp servers on network?

1337

Is it possible to scan for dhcp servers on the network (using linux)?

I suspect there might be more than one.

travisdh1

@Pete-S said in How do you find dhcp servers on network?:

Is it possible to scan for dhcp servers on the network (using linux)?

I suspect there might be more than one.

The first thing that comes to my mind is scanning for open port 67.

nmap -p 67 x.x.x.*

1337

@travisdh1 said in How do you find dhcp servers on network?:

@Pete-S said in How do you find dhcp servers on network?:

Is it possible to scan for dhcp servers on the network (using linux)?

I suspect there might be more than one.

The first thing that comes to my mind is scanning for open port 67.

nmap -p 67 x.x.x.*

Good idea. But what if they are not in the same ip range? Which I don't think they are.

gjacobse

I wonder if Wireshark would do this, if you applied the right filter.

travisdh1

@Pete-S said in How do you find dhcp servers on network?:

@travisdh1 said in How do you find dhcp servers on network?:

@Pete-S said in How do you find dhcp servers on network?:

Is it possible to scan for dhcp servers on the network (using linux)?

I suspect there might be more than one.

The first thing that comes to my mind is scanning for open port 67.

nmap -p 67 x.x.x.*

Good idea. But what if they are not in the same ip range? Which I don't think they are.

Then run a scan for each range. With multiple ranges, you should have 1 responding on each network segment (that you want to be assigning ip addresses automatically of course.)

dafyre

@gjacobse said in How do you find dhcp servers on network?:

I wonder if Wireshark would do this, if you applied the right filter.

Wireshark could do it. If VLANs are in use, he'd have to make sure his device is on a port on the same VLAN.

black3dynamite

sudo dhcping -s 255.255.255.255 -r -v
But I get a no answer response.

sudo nmap --script broadcast-dhcp-discover -e eth0

black3dynamite

Another option using nmap.
The following scans can take awhile since no targets (hosts) were specified.

Scan 10.0.0.0/8
sudo nmap -sU 10.0.0.0-254 -p 67-68

Scan 172.16.0.0/12
sudo nmap -sU 172.16.0.0-254 -p 67-68

Scan 192.168.0.0/16
sudo nmap -sU 192.168.0.0-254 -p 67-68

Dashrender

I would think that running wireshark - then release your IP, then send a DHCP request out to the network and see who responds. The NIC will of course grab the first one it sees, but wireshark should see any responses that are sent to it.

Reid Cooper

Try DHCPing.

JaredBusch

@Pete-S click the menu (three stacked dots) by the post that had the answer so others know which solution worked best for you.