# Bogus DHCP requests

## Carnildo

Every ten minutes, I get a set of entries like the following in my router's log:

```
Mar 14 02:56:20 router dhcpd: DHCPREQUEST for 0.0.0.0 from 00:00:00:00:00:00 via br0: wrong network.

Mar 14 02:56:20 router dhcpd: DHCPNAK on 0.0.0.0 to 00:00:00:00:00:00 via br0

Mar 14 02:56:20 router dhcpd: DHCPRELEASE of 0.0.0.0 from 00:00:00:00:00:00 via br0 (not found)
```

All of the machines currently connected to my network, with the exception of the router itself, use static addresses.  The router's DHCP client should only be active on one Ethernet port (the "outside" port connected to my modem).  How can I track down where these requests are coming from?

----------

## Kaso_da_Zmok

```
# tcpdump -lenx -i eth0 -s 1500 port bootps or port bootpc
```

and

```
dhcpdump -i eth0
```

----------

