Linux узнать dhcp сервер

Check if a DHCP server existing in my network using bash

using CentOS with static IP, Is there any way to determinate if a DHCP server running on the network using bash ?

6 Answers 6

sudo nmap --script broadcast-dhcp-discover -e eth0 

Starting Nmap 6.40 ( http://nmap.org ) at 2016-08-16 09:25 UTC Pre-scan script results: | broadcast-dhcp-discover: | IP Offered: 192.168.0.67 | DHCP Message Type: DHCPOFFER | Server Identifier: 192.168.0.1 | IP Address Lease Time: 0 days, 0:05:00 | Subnet Mask: 255.255.255.0 | Router: 192.168.0.1 | Domain Name Server: 8.8.8.8 | Domain Name: maas | Broadcast Address: 192.168.0.255 |_ NTP Servers: 91.189.91.157, 91.189.89.199, 91.189.94.4, 91.189.89.198 WARNING: No targets were specified, so 0 hosts scanned. Nmap done: 0 IP addresses (0 hosts up) scanned in 0.27 seconds 

Note: there is a similar script for dhcpv6

sudo nmap --script broadcast-dhcp6-discover -e eth0 

Good command but its worth noting that this just outputs the first DHCP server that responds. If multiple DHCP servers exists, this command won’t find them.

I prefer this variant, but it seems that the machine on which you’re executing this, really gets an offered IP assigned to the queried interface. Any way to prevent that?

If available in the repository there is dhcpdump

SYNOPSIS dhcpdump [-h regular-expression] -i interface DESCRIPTION This command parses the output of tcpdump to display the dhcp-packets for easier checking and debugging. USAGE dhcpdump -i /dev/fxp0 If you want to filter a specific Client Hardware Address (CHADDR), then you can specifiy it as a regular expressions: dhcpdump -i /dev/fxp0 -h ^00:c0:4f This will display only the packets with Client Hardware Addresses which start with 00:c0:4f. 

If you have tcpdump available to you, invoking the program as root with the following parameters might assist you in finding the server:

tcpdump -i [interface id] -nev udp port 68

Unfortunately, due to my network’s layout, I can’t get a full DHCP handshake captured right away. However, I do see a DHCP Request from my iPad:

22:16:44.767371 30:10:e4:8f:02:14 > ff:ff:ff:ff:ff:ff, ethertype IPv4 (0x0800), length 342: (tos 0x0, ttl 255, id 15652, offset 0, flags [none], proto UDP (17), length 328) 0.0.0.0.68 > 255.255.255.255.67: BOOTP/DHCP, Request from 30:10:e4:8f:02:14, length 300, xid 0x42448eb6, Flags [none] Client-Ethernet-Address 30:10:e4:8f:02:14 Vendor-rfc1048 Extensions Magic Cookie 0x63825363 DHCP-Message Option 53, length 1: Request Parameter-Request Option 55, length 6: Subnet-Mask, Default-Gateway, Domain-Name-Server, Domain-Name Option 119, Option 252 MSZ Option 57, length 2: 1500 Client-ID Option 61, length 7: ether 30:10:e4:8f:02:14 Requested-IP Option 50, length 4: 192.168.2.222 Lease-Time Option 51, length 4: 7776000 Hostname Option 12, length 15: "NevinWiamssiPad" 

After letting `tcpdump’ run overnight, I did eventually see this ACK:

07:46:40.049423 a8:39:44:96:fa:b8 > 68:a8:6d:58:5b:f3, ethertype IPv4 (0x0800), length 320: (tos 0x0, ttl 64, id 0, offset 0, flags [none], proto UDP (17), length 306) 192.168.2.1.67 > 192.168.2.22.68: BOOTP/DHCP, Reply, length 278, xid 0x5e7944f, Flags [none] Client-IP 192.168.2.22 Your-IP 192.168.2.22 Client-Ethernet-Address 68:a8:6d:58:5b:f3 Vendor-rfc1048 Extensions Magic Cookie 0x63825363 DHCP-Message Option 53, length 1: ACK Server-ID Option 54, length 4: 192.168.2.1 Lease-Time Option 51, length 4: 86400 Subnet-Mask Option 1, length 4: 255.255.255.0 Default-Gateway Option 3, length 4: 192.168.2.1 Domain-Name-Server Option 6, length 8: 192.168.2.1,142.166.166.166 

If when running that tcpdump command, and you see a BOOTP/DHCP Offer or Ack(Nack), that will be from a DHCP server, and the server’s MAC address will be right after the timestamp on the first line.

So the (valid) DHCP server here has MAC address a8:39:44:96:fa:b8`.

Using one of many MAC address lookup tools on the web I see this MAC belongs to A8:39:44 Actiontec Electronics, Inc which is my router.

In order to catch rogue DHCP server packets as they happen, I would have to leave this tcpdump process running in terminal window:

tcpdump -i en0 -nev udp src port 67 and not ether host a8:39:44:96:fa:b8

This will only show me DHCP server responses from hosts other than my valid DHCP server, as long as the process is running in its own window.

The following command will run in the background until 100 packets are captured, appending any rogue DHCP server messages to the file /tmp/rogue . Again, the MAC address of your valid DHCP server has to be used in the appropriate place, as well as the interface descriptor on your system.

tcpdump -U -i en0 -c 100 -nev udp src port 67 and not ether host a8:39:44:96:fa:b8 >> /tmp/rogue 2>&1 &

Источник

How can I find my DHCP server?

On my LAN there are multiple DHCP servers running, and all of them are on the same range. Now I use a machine which has a dynamic IP address from a DHCP server. I have to know from which server it comes. How to do that?!

5 Answers 5

To find out the DHCP server that’s giving you the IP, just press Ctrl + Alt + T on your keyboard to open Terminal. When it opens, run the command(s) below:

cat /var/lib/dhcp3/dhclient.leases 

Or you can just use grep command to get DHCP server address.

grep dhcp-server-identifier /var/lib/dhcp3/dhclient.leases 

grep dhcp-server-identifier /var/lib/dhcp/dhclient.leases 

For Ubuntu 14.04, 16.04, and 17.10 you can use:

Internet Systems Consortium DHCP Client 4.2.4 Copyright 2004-2012 Internet Systems Consortium. All rights reserved. For info, please visit https://www.isc.org/software/dhcp/ Listening on LPF/eth0/00:0c:29:49:3e:67 Sending on LPF/eth0/00:0c:29:49:3e:67 Sending on Socket/fallback DHCPDISCOVER on eth0 to 255.255.255.255 port 67 interval 3 (xid=0x4f723f9) DHCPREQUEST of 192.168.138.136 on eth0 to 255.255.255.255 port 67 (xid=0x4f723f9) DHCPOFFER of 192.168.138.136 from 192.168.138.254 DHCPACK of 192.168.138.136 from 192.168.138.254 RTNETLINK answers: File exists bound to 192.168.138.136 -- renewal in 892 seconds. 

Running dhclient (i.e., dhclient -d -nw eth0 ) messed with an already running dhclient process in my case, resulting in a new IP address.

In Ubuntu 14.04, the /var/lib/dhcp/dhclient.leases is empty. The actual lease file can be found on the command line of dhclient via ps . Look for the -lf option. This command should work in Ubuntu 14.04 installations (still valid as of 17.10):

cat $(ps aux | grep -o '[/]var/lib/NetworkManager/\S*.lease') | grep dhcp-server-identifier 

sudo nmap --script broadcast-dhcp-discover -e eth0 # DHCPv4 sudo nmap --script broadcast-dhcp6-discover -6 # DHCPv6 

sudo tcpdump -i eth0 -nev udp port 68 

In Ubuntu 16.04 you can try

Using the new iproute2 (in my case in Ubuntu 22.04.1 LTS):

$ ip route | grep default default via 1xx.1xx.xxx.xxx dev gpd0 metric 10 default via 192.168.xxx.xxx dev wlp0s proto dhcp metric 100 

The DHCP server IP is the one given after the via keyword for each of your specified network interface(s).

ip r | grep default also works.

ip route Show table routes. 

$ ip route help $ ip route help Usage: ip route < list | flush >SELECTOR ip route save SELECTOR ip route restore ip route showdump ip route get [ ROUTE_GET_FLAGS ] ADDRESS [ from ADDRESS iif STRING ] [ oif STRING ] [ tos TOS ] [ mark NUMBER ] [ vrf NAME ] [ uid NUMBER ] [ ipproto PROTOCOL ] [ sport NUMBER ] [ dport NUMBER ] ip route < add | del | change | append | replace >ROUTE SELECTOR := [ root PREFIX ] [ match PREFIX ] [ exact PREFIX ] [ table TABLE_ID ] [ vrf NAME ] [ proto RTPROTO ] [ type TYPE ] [ scope SCOPE ] ROUTE := NODE_SPEC [ INFO_SPEC ] NODE_SPEC := [ TYPE ] PREFIX [ tos TOS ] [ table TABLE_ID ] [ proto RTPROTO ] [ scope SCOPE ] [ metric METRIC ] [ ttl-propagate < enabled | disabled >] INFO_SPEC := < NH | nhid ID >OPTIONS FLAGS [ nexthop NH ]. NH := [ encap ENCAPTYPE ENCAPHDR ] [ via [ FAMILY ] ADDRESS ] [ dev STRING ] [ weight NUMBER ] NHFLAGS FAMILY := [ inet | inet6 | mpls | bridge | link ] OPTIONS := FLAGS [ mtu NUMBER ] [ advmss NUMBER ] [ as [ to ] ADDRESS ] [ rtt TIME ] [ rttvar TIME ] [ reordering NUMBER ] [ window NUMBER ] [ cwnd NUMBER ] [ initcwnd NUMBER ] [ ssthresh NUMBER ] [ realms REALM ] [ src ADDRESS ] [ rto_min TIME ] [ hoplimit NUMBER ] [ initrwnd NUMBER ] [ features FEATURES ] [ quickack BOOL ] [ congctl NAME ] [ pref PREF ] [ expires TIME ] [ fastopen_no_cookie BOOL ] TYPE := < unicast | local | broadcast | multicast | throw | unreachable | prohibit | blackhole | nat >TABLE_ID := [ local | main | default | all | NUMBER ] SCOPE := [ host | link | global | NUMBER ] NHFLAGS := [ onlink | pervasive ] RTPROTO := [ kernel | boot | static | NUMBER ] PREF := [ low | medium | high ] TIME := NUMBER[s|ms] BOOL := [1|0] FEATURES := ecn ENCAPTYPE := [ mpls | ip | ip6 | seg6 | seg6local | rpl | ioam6 ] ENCAPHDR := [ MPLSLABEL | SEG6HDR | SEG6LOCAL | IOAM6HDR ] SEG6HDR := [ mode SEGMODE ] segs ADDR1,ADDRi,ADDRn [hmac HMACKEYID] [cleanup] SEGMODE := [ encap | inline ] SEG6LOCAL := action ACTION [ OPTIONS ] [ count ] ACTION := < End | End.X | End.T | End.DX2 | End.DX6 | End.DX4 | End.DT6 | End.DT4 | End.DT46 | End.B6 | End.B6.Encaps | End.BM | End.S | End.AS | End.AM | End.BPF >OPTIONS := OPTION [ OPTIONS ] OPTION := < srh SEG6HDR | nh4 ADDR | nh6 ADDR | iif DEV | oif DEV | table TABLEID | vrftable TABLEID | endpoint PROGNAME >IOAM6HDR := trace prealloc type IOAM6_TRACE_TYPE ns IOAM6_NAMESPACE size IOAM6_TRACE_SIZE ROUTE_GET_FLAGS := [ fibmatch ] 

$ ip -V ip utility, iproute2-5.15.0, libbpf 0.5.0 

Источник

How to Find DHCP Server IP Address in Linux Using CLI

A DHCP server automatically provides and allocates IP addresses and other information like subnet mask, default gateway, DNS address, etc, to client devices on the network. It enables the systems on the network to communicate with other systems effectively. Without a DHCP server, an administrator has to manually configure the IP address and other information on all devices which is not only tedious but also increases the chance of errors like IP address conflict, typographical errors, etc. DHCP assigns each device a unique IP address and it also defines how long a device can keep this IP address.

So, that was the quick overview of the DHCP server. But do you know who your DHCP server is? Today’s in this guide, we will show you how to find your DHCP server IP address in a Linux OS using the command line.

Finding IP address of DHCP Server

You can find your DHCP server’s IP address from different locations. Following are some methods for finding the IP address of a DHCP server.

Method #1 Using the /var/log

Mostly the Linux logs are located in the /var/log file. When a DHCP server offers an IP address to a client, it sends a DHCPOFFER message which contains its own IP address and the IP address that is offered to the client. This message is also logged in the log file. The log files contain so much information. So in order to find only the specific information (DHCPOFFER), we will filter it out using the grep command.

Here is the command you can use for finding the IP Address of your DHCP server using the /var/log:

$ sudo grep -IR "DHCPOFFER" /var/log/*

The output below showing our DHCP server IP address that is 192.168.72.254.

Method #2 Using the Journalctl

Journalctl is used for viewing and querying logs collected by systemd. Using the journalctl command with grep, we can also find out the IP address of the DHCP server. The DHCPACK message is sent by the DHCP server to the client which contains the IP address of the DHCP server and the configuration information which the client may have requested.

Here is the command you can use for finding the IP Address of your DHCP server using the journalctl:

$ sudo journalctl | grep -m1 DHCPACK

The output below showing our DHCP server IP address that is 192.168.72.254.

Method #3 Using the dhclient.leases file

The dhclient keeps a record of leases it has been assigned in the dhclient.leases file. This file also contains information about the DHCP server address.

Here is the command you can use for finding the IP Address of your DHCP server using the dhclient.leases file:

$ sudo grep -m1 "dhcp-server" /var/lib/dhcp/dhclient.leases

The output below showing our DHCP server IP address that is 192.168.72.254.

Method #4 Using the dhclient utility

The dhclient utility is used to configure a network interface using the DHCP protocol. Using the dhclient utility, you can release an allocated IP address and request a new one from your DHCP server. You can also use it to find your DHCP IP address; however, this will make the dhclient to go through the entire DORA process (Discover; Offer; Request; Acknowledge).

Here is the command you can use for finding the IP Address of your DHCP server using the dhclient utility:

Replace with your network interface name:

The output below showing our DHCP server IP address that is 192.168.72.254.

In this post, we described four different methods using which you can find the IP address of your DHCP server in a Linux system. You can also visit our post on installing and configuring a DHCP server on Linux.

Karim Buzdar holds a degree in telecommunication engineering and holds several sysadmin certifications including CCNA RS, SCP, and ACE. As an IT engineer and technical author, he writes for various websites.

Источник