Categories: broadcast, safe
Sends a DHCP request to the broadcast address (255.255.255.255) and reports the results. By default, the script uses a static MAC address (DE:AD:CO:DE:CA:FE) in order to prevent IP pool exhaustion.
The script reads the response using pcap by opening a listening pcap socket on all available ethernet interfaces that are reported up. If no response has been received before the timeout has been reached (default 10 seconds) the script will abort execution.
The script needs to be run as a privileged user, typically root.
random or a specific
client MAC address in the DHCP request. "DE:AD:C0:DE:CA:FE"
is used by default. Setting it to
possibly cause the DHCP server to reserve a new IP address
time in seconds to wait for a response (default: 10s)
sudo nmap --script broadcast-dhcp-discover
| broadcast-dhcp-discover: | Response 1 of 1: | Interface: wlp1s0 | IP Offered: 192.168.1.114 | DHCP Message Type: DHCPOFFER | Server Identifier: 192.168.1.1 | IP Address Lease Time: 1 day, 0:00:00 | Subnet Mask: 255.255.255.0 | Router: 192.168.1.1 | Domain Name Server: 192.168.1.1 |_ Domain Name: localdomain
License: Same as Nmap--See https://nmap.org/book/man-legal.html