Categories: broadcast, safe
Sends a DHCP request to the broadcast address (255.255.255.255) and reports the results. The script uses a static MAC address (DE:AD:CO:DE:CA:FE) while doing so in order to prevent scope exhaustion.
The script reads the response using pcap by opening a listening pcap socket on all available ethernet interfaces that are reported up. If no response has been received before the timeout has been reached (default 10 seconds) the script will abort execution.
The script needs to be run as a privileged user, typically root.
time in seconds to wait for a response (default: 10s)
sudo nmap --script broadcast-dhcp-discover
| broadcast-dhcp-discover: | IP Offered: 192.168.1.114 | DHCP Message Type: DHCPOFFER | Server Identifier: 192.168.1.1 | IP Address Lease Time: 1 day, 0:00:00 | Subnet Mask: 255.255.255.0 | Router: 192.168.1.1 | Domain Name Server: 192.168.1.1 |_ Domain Name: localdomain
Author: Patrik Karlsson
License: Same as Nmap--See https://nmap.org/book/man-legal.html