Detect DHCP Servers

Detecting DHCP Servers

If you want a heads-up on DHCP server changes on your network (like the fact that some bright light has plugged a rogue DHCP server into it), there are a couple options.


# nmap --script broadcast-dhcp-discover

Note you might have to add the -i <interface> flag.

Problem with this solution is that it stops after the first answer.


# tcpdump -i ens192 -nev udp src port 67
Should return a hit whenever a DHCP REPLY packet is detected on the network. DHCP REPLY packets are only emitted by DHCP servers.

Naturally you can do things like exclude your known DHCP server.

