Skip to content

Instantly share code, notes, and snippets.

@rohan-molloy

rohan-molloy/dhcp-peek.md

Created February 10, 2018 08:27
Show Gist options
  • Save rohan-molloy/1bf310a727b75b6c1bf170597cde914b to your computer and use it in GitHub Desktop.
Save rohan-molloy/1bf310a727b75b6c1bf170597cde914b to your computer and use it in GitHub Desktop.
Download ZIP
take a peek at a DHCP enabled network, without actually having to apply any of the connection settings
Raw
dhcp-peek.md

Using Nmap to troubleshoot DHCP

There are so many times where it's useful to take a peek at a DHCP enabled network, without actually having to apply any of the connection settings offered. You don't need an active ip address for this to work as DHCP uses broadcasts.

  $ sudo nmap --script broadcast-dhcp-discover --spoof-mac -n -e eth1 

  Starting Nmap 6.47 ( http://nmap.org ) at 2018-02-10 08:17 UTC
  Spoofing MAC address 00:01:BA:48:7C:24 (IC-Net)
  Pre-scan script results:
  | broadcast-dhcp-discover: 
  |   IP Offered: 192.168.1.100
  |   DHCP Message Type: DHCPOFFER
  |   IP Address Lease Time: 1 day, 0:00:00
  |   Server Identifier: 192.168.1.1
  |   Subnet Mask: 255.255.255.0
  |   Router: 192.168.1.1
  |_  Domain Name Server: 192.168.1.1, 192.168.1.1
  WARNING: No targets were specified, so 0 hosts scanned.
  Nmap done: 0 IP addresses (0 hosts up) scanned in 1.31 seconds
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment