Introduction
Command-line syntax
Examples
You can use the Dhcploc utility to detect unauthorized DHCP servers on a subnet. It displays the DHCP servers that are active on the subnet, and beeps and sends alert messages when it detects unauthorized DHCP servers.
dhcploc [-p] [-a:"list_of_alertnames"] [-i:alertinterval] computer_IP_address [IP addresses of valid DHCP servers]
where
ParameterMeaning
computer_IP_addresThe IP address of the computer on which you are running the
utility. If the computer has multiple network adapters
installed, you need to select an adapter (and the corresponding
IP address) that is connected to the subnet under test.
IP addresses of valid Specify any number of IP addresses corresponding to
DHCP serversauthorized DHCP servers. The Dhcploc utility does not
respond to packets sent from these servers. However, if you do
not include the -p option, it will display the packets it sees
from these servers.
-pDisables display of packets sent from authorized DHCP
servers.
-a:"list_of_alertnames"Sends alert messages to the names specified in
list_of_alertnames. Separate multiple names with a space in
the list, and include the quotation marks to prevent Dhcploc
from confusing the names with IP addresses.
-i:alertintervalSpecifies the alert frequency in seconds.
Output produced by the Dhcploc utility has the following format:
time (IP)computer_IP_address packet_type (S)server_IP_address [***]
***Indicates an unauthorized server.
17:34:58 (IP)0.0.0.0 NACK (S)11.11.31.84 *** 17:36:38 (IP)11.101.190.130 OFFER (S)11.101.12.226 *** 17:36:38 (IP)11.101.196.231 ACK (S)11.101.13.53 17:36:53 (IP)11.101.196.231 ACK (S)11.101.13.53 17:37:05 (IP)11.101.196.234 OFFER (S)11.101.13.53 17:37:05 (IP)11.101.193.232 OFFER (S)11.101.12.198 17:37:06 (IP)11.101.190.132 OFFER (S)11.101.12.226 ***