Script broadcast-dhcp-discover
Script types:
prerule
Categories:
broadcast, safe
Download: https://svn.nmap.org/nmap/scripts/broadcast-dhcp-discover.nse
Script Summary
Sends a DHCP request to the broadcast address (255.255.255.255) and reports the results. By default, the script uses a static MAC address (DE:AD:CO:DE:CA:FE) in order to prevent IP pool exhaustion.
The script reads the response using pcap by opening a listening pcap socket on all available ethernet interfaces that are reported up. If no response has been received before the timeout has been reached (default 10 seconds) the script will abort execution.
The script needs to be run as a privileged user, typically root.
See also:
Script Arguments
- broadcast-dhcp-discover.mac
Set to
randomor a specific client MAC address in the DHCP request. "DE:AD:C0:DE:CA:FE" is used by default. Setting it torandomwill possibly cause the DHCP server to reserve a new IP address each time.- broadcast-dhcp-discover.timeout
time in seconds to wait for a response (default: 10s)
- broadcast-dhcp-discover.clientid
Client identifier to use in DHCP option 61. The value is a string, while hardware type 0, appropriate for FQDNs, is assumed. Example: clientid=kurtz is equivalent to specifying clientid-hex=00:6b:75:72:74:7a (see below).
- broadcast-dhcp-discover.clientid-hex
Client identifier to use in DHCP option 61. The value is a hexadecimal string, where the first octet is the hardware type.
Example Usage
sudo nmap --script broadcast-dhcp-discover
Script Output
| broadcast-dhcp-discover: | Response 1 of 1: | Interface: wlp1s0 | IP Offered: 192.168.1.114 | DHCP Message Type: DHCPOFFER | Server Identifier: 192.168.1.1 | IP Address Lease Time: 1 day, 0:00:00 | Subnet Mask: 255.255.255.0 | Router: 192.168.1.1 | Domain Name Server: 192.168.1.1 |_ Domain Name: localdomain
Requires
Author:
License: Same as Nmap--See https://nmap.org/book/man-legal.html