Categories: broadcast, safe
Sends a DHCP request to the broadcast address (255.255.255.255) and reports the results. By default, the script uses a static MAC address (DE:AD:CO:DE:CA:FE) in order to prevent IP pool exhaustion.
The script reads the response using pcap by opening a listening pcap socket on all available ethernet interfaces that are reported up. If no response has been received before the timeout has been reached (default 10 seconds) the script will abort execution.
The script needs to be run as a privileged user, typically root.
randomor a specific client MAC address in the DHCP request. "DE:AD:C0:DE:CA:FE" is used by default. Setting it to
randomwill possibly cause the DHCP server to reserve a new IP address each time.
time in seconds to wait for a response (default: 10s)
Client identifier to use in DHCP option 61. The value is a string, while hardware type 0, appropriate for FQDNs, is assumed. Example: clientid=kurtz is equivalent to specifying clientid-hex=00:6b:75:72:74:7a (see below).
Client identifier to use in DHCP option 61. The value is a hexadecimal string, where the first octet is the hardware type.
sudo nmap --script broadcast-dhcp-discover
| broadcast-dhcp-discover: | Response 1 of 1: | Interface: wlp1s0 | IP Offered: 192.168.1.114 | DHCP Message Type: DHCPOFFER | Server Identifier: 192.168.1.1 | IP Address Lease Time: 1 day, 0:00:00 | Subnet Mask: 255.255.255.0 | Router: 192.168.1.1 | Domain Name Server: 192.168.1.1 |_ Domain Name: localdomain
License: Same as Nmap--See https://nmap.org/book/man-legal.html