DHCP find / track

Unanswered Question
Jun 24th, 2008
User Badges:

Hello all

Is there by any chance, a command you can use when logged in to a switch/router to discover if there is a dhcp server nearby - and the address of it(meaning a functionality like the small cute program "dhcp find").

Best rgds.


  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
foxbatreco Tue, 06/24/2008 - 03:47
User Badges:
  • Bronze, 100 points or more

Pls try with sh dhcp server n let us know if it works.

mohammed_moustafa Tue, 06/24/2008 - 06:09
User Badges:

Hi Towli,

Let's make it more clear, why would you like to do so? are you facing a DHCP spoof attack? please calrify the main request so we can find an easy solution. but for this request I guess there is not such a tool.


towli Tue, 06/24/2008 - 09:23
User Badges:

I have been asked to find out wheter there is a dhcp server present on different locations. I thought i somehow would be able to clarify this by logging into a cisco device and "scan" the interface for dhcp servers (much like Roadkill's Dhcpfind).

I guess this is nut the case then?

(Thank you anyway! ! !)


towli Tue, 06/24/2008 - 09:07
User Badges:


It works and i doesnt. Upon typing it shows "0" (zero) all over (leases, offers etc.) even though i know there is a Dhcp server nearby.

It's close to what i am looking for :) is there an alternative?


rsvensson Tue, 06/24/2008 - 12:32
User Badges:

You can use WireShark on a machine that is receiving the DHCP replies. Just look for the DHCP reply packets. When you isolate these look at the source address. You can do a traceroute of the source address to determine what routers/L3 devices you are going through to further isolate where the DHCP server is located on your network. Happy hunting!

Hope this helps,


towli Tue, 06/24/2008 - 22:58
User Badges:


Unfortunately you need to be logged in to a machine to run wireshark (and hence bother a user on the location - we are talking about 10 seperated locations spread around Copenhagen). I thought i would be need to just be able to log in to a Cisco box and check it transparent for all users.

I guess this cant be done.

Thank you for preplying - its need to have you all at hand and i will try to contribute to this forum in the future, if i can be of any benefit.



This Discussion