Dhcploc.exe

Windows NTŪ Resource Kits

Contents

Introduction

Command-line syntax

Examples

Introduction

You can use the Dhcploc utility to detect unauthorized DHCP servers on a subnet. It displays the DHCP servers that are active on the subnet, and beeps and sends alert messages when it detects unauthorized DHCP servers.

Command-line syntax

dhcploc [-p] [-a:"list_of_alertnames"] [-i:alertinterval] computer_IP_address [IP addresses of valid DHCP servers]

where

ParameterMeaning

computer_IP_addresThe IP address of the computer on which you are running the

utility. If the computer has multiple network adapters

installed, you need to select an adapter (and the corresponding

IP address) that is connected to the subnet under test.

IP addresses of valid Specify any number of IP addresses corresponding to

DHCP serversauthorized DHCP servers. The Dhcploc utility does not

respond to packets sent from these servers. However, if you do

not include the -p option, it will display the packets it sees

from these servers.

-pDisables display of packets sent from authorized DHCP

servers.

-a:"list_of_alertnames"Sends alert messages to the names specified in

list_of_alertnames. Separate multiple names with a space in

the list, and include the quotation marks to prevent Dhcploc

from confusing the names with IP addresses.

-i:alertintervalSpecifies the alert frequency in seconds.

Examples

Output produced by the Dhcploc utility has the following format:

time (IP)computer_IP_address packet_type (S)server_IP_address [***]

***Indicates an unauthorized server.

17:34:58 (IP)0.0.0.0 NACK (S)11.11.31.84 *** 17:36:38 (IP)11.101.190.130 OFFER (S)11.101.12.226 *** 17:36:38 (IP)11.101.196.231 ACK (S)11.101.13.53 17:36:53 (IP)11.101.196.231 ACK (S)11.101.13.53 17:37:05 (IP)11.101.196.234 OFFER (S)11.101.13.53 17:37:05 (IP)11.101.193.232 OFFER (S)11.101.12.198 17:37:06 (IP)11.101.190.132 OFFER (S)11.101.12.226 ***