# how to find all DHCP servers on LAN?

## tnt

is there any program/utility that can scan for all DHCP servers broadcasting on some LAN?

 :Rolling Eyes: 

----------

## Ahenobarbi

Check if 

```
dhcpcd -dB eth0
```

 works for you ( it works for me but I have only one server).

If not maybe dhcpcd for address then ban the server that gives IP to you, repeat until you there is noone to give you one?Last edited by Ahenobarbi on Thu May 21, 2009 3:45 pm; edited 1 time in total

----------

## arch_dude

I assume that you are aware that you should have at most one dhcp server on your LAN, and you are looking for one or more rogue servers. To find it/them:

First, emerge wireshark. then, run wireshark with a filter to capture only dhcp traffic. Then restart your etnernet connection to force your machine to make a new dhcp request. All of the servers will respond and wireshark will see the traffic.

----------

## Bircoph

 *arch_dude wrote:*   

> I assume that you are aware that you should have at most one dhcp server on your LAN

 

This is absolutely not necessary. LAN may be segmented (e.g. via routers) and each segment may have its own dhcp server.

----------

## overkll

If your network isn't too large, you may want to try net-misc/dhcping

----------

## pigeon768

 *Bircoph wrote:*   

>  *arch_dude wrote:*   I assume that you are aware that you should have at most one dhcp server on your LAN This is absolutely not necessary. LAN may be segmented (e.g. via routers) and each segment may have its own dhcp server.

  Just so that nobody gets confused: you can only have dhcp server per segment.

Very bad things(tm) happen if you have more than one dhcp server broadcasting to a set of hosts. I suspect the OP has very bad things(tm) happening, and he knows what's causing it, but his network is jacked and he can't figure out where the second dhcp broadcasts are coming from.

----------

## overkll

 *pidgeon768 wrote:*   

> Just so that nobody gets confused: you can only have dhcp server per segment.

 

I'm clear on that point.

tcpdump may help, unless you can't listen promiscously (switch with no management port) to the network and/or subnets.

Another option may be to setup iptables with a logging rule for DHCP.  That should reveal the culprits.

If the network isn't too large, one could use dhcping to query suspect machines/routers and see if they respond.

IMHO, wireshark is overkill (no pun intended).  That's a 15-20 minute compile just for eavesdropping.

----------

## RBH

 *pigeon768 wrote:*   

>  *Bircoph wrote:*    *arch_dude wrote:*   I assume that you are aware that you should have at most one dhcp server on your LAN This is absolutely not necessary. LAN may be segmented (e.g. via routers) and each segment may have its own dhcp server. Very bad things(tm) happen if you have more than one dhcp server broadcasting to a set of hosts.

 

Certainly the rule I've always heard, but now that I think about it, isn't the danger a loss of efficiency rather than big bad network of doom?

I could have dreamed this, but don't all DHCP daemons worth their salt check if an IP's in use before leasing it? If that's the case, then - assuming DHCP server configs are kept up to date (not hard if we're talking about a pair of them), the negative impact would be a lot of this checking going on due to unexpectedly finding a supposedly free IP in use (leased out by the other server) and having to find another. Horribly inefficient, sure, but not the end of the world?

Naturally, I'm fully expecting to be corrected here as people with far greater knowledge than me sit there with a lonely DHCPD, but making mistakes is the best way to learn  :Very Happy: 

----------

## truc

 *http://www.gentoo.org wrote:*   

> New Packages
> 
> Posted on May 26, 2009 by packages.gentoo.org
> 
> net-analyzer/dhcp_probe-1.3.0 	dchp_probe attempts to discover DHCP and BootP servers on a directly-attached Ethernet network

 

 :Question: 

----------

## overkll

Timely addition to the tree.  Looks like the right tool for the job.

----------

