Virtual Architects Support Wiki

User Tools

Site Tools

You are here: start » networking » dhcp_find_rogue
Trace: dhcp_find_rogue
networking:dhcp_find_rogue

This is an old revision of the document!

Table of Contents

Find a Rogue DHCP Server

DHCP Process

DORA

  1. Discover
    • Client
  2. Offer
    • Server
  3. Request
    • Client
  4. Acknowledge
    • Server

Capture the Process

  1. Note the IP address of valid DHCP server
    • See DHCP Release packet from working client
  2. Start Wireshark
  3. ipconfig /release
  4. ipconfig /renew
  5. Save the capture
    • find_rogue.pcap

Analyze the Capture

In Wireshark:

  1. Open the .pcap file
  2. Filter on bootp packets
    • Shows DORA
  3. Filter on bootp.option.dhcp == 2 packets
    • Shows DHCP Offer packets
networking/dhcp_find_rogue.1532111628.txt.gz · Last modified: 2018/07/20 12:33 by gcooper

Page Tools

Except where otherwise noted, content on this wiki is licensed under the following license: CC Attribution-Share Alike 4.0 International
CC Attribution-Share Alike 4.0 International Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki