Skip site navigation (1)Skip section navigation (2)

FreeBSD Manual Pages

  
 
  

home | help
DHCDROP(8)		    System Manager's Manual		    DHCDROP(8)

NAME
       dhcdrop - program for searching and suppress false DHCP servers in Eth-
       ernet.

SYNOPSIS
       dhcdrop [ -h ] [	-D ] [ -t ] [ -y ] [ -r	] [ -b ] [ -a ]	[ -A ] [ -f  ]
       [ -R ] [	-q ]

       [ -m count ] [ -c count ] [ -n hostname ] [ -N clientname ] [ -p	port ]
       [ -P port ] [ -w	seconds	]

       [ -T timeout ] [	-M max-hosts-scan ] [ -l MAC-address ] [ -L network  ]
       [ -S network/mask ] [ -F	from-IP	]

       [ -s server-IP ]	[ -C children count (2 - 32) ]

       [ initial-MAC-address ] < -i interface-name|interface-index >

DESCRIPTION
       Suppressing  DHCP  server  is  made by dhcdrop with a help of an	attack
       DHCP starvation or with a help of flooding with DHCPDISCOVER  messages.
       Look  for  details below. Besides dhcdrop can be	used as	a diagnostical
       tool and	stress-testing when setting and	developing DHCP	servers

OPTIONS
       -h     prints help-message and also codes of program's return.

       -D     list of available	network	interfaces. Format - index:name.

       -t     test mode. Using this mode dhcdrop does not execute  suppression
	      of  server.  DHCPDISCOVER	is being sent.	If the answer comes to
	      it from the non-ignored server then the program is completes re-
	      turning code 200 and printing the	string:

	      DHCP    SRV:    10.7.7.1	  (IP-hdr:    10.7.7.1)	  SRV	ether:
	      00:02:44:75:77:E4, YIP: 10.7.7.205

	      which consists of	the MAC	address	of found false DHCP server.

       -y     answer 'yes' to all questions.

       -r     disable ethernet address randomize. Every	further	source MAC ad-
	      dress differs from previous for 1.

       -b     points  on  necessity  of	 using	flag BROADCAST in DHCP packets
	      sent.

       -a     always wait for server's response	to default  DHCP  client  port
	      (68)  even if a number of	client's port set differs from default
	      value.

       -A     always wait for server's response	from default DHCP server  port
	      (67), even if a number of	client's port set differs from default
	      value.

       -f     flood mode with DHCPDISCOVER requests.  SHOULD  BE  USED	ATTEN-
	      TIVELY.	It is convenient for stress-testing of the server.  In
	      case of using option -r all the packets sent have	the  same  MAC
	      address.

       -R     send  DHCPRELEASE	 from source MAC address specified by <initial
	      MAC address> and IP address specified by	option	-F  to	server
	      specified	by option -s

       -q     quiet mode.

       -m count
	      maximum  number  of attempts to receive answer from DHCP server.
	      (default:	5).

       -c count
	      maximum number of	receiving addresses from DHCP server (default:
	      255).

       -n hostname
	      value of DHCP-option 'HostName' (default:	'DHCP-dropper').

       -N clientname
	      value of DHCP-option 'Vendor-Class' (default: 'DHCP-dropper').

       -p port
	      set client port value (default: 68).

       -P port
	      set server port value (default: 67).

       -w seconds
	      set timeout after	which the process will be restarted when using
	      agressive	mode (see option -L ) (default:	60 secs).

       -T timeout
	      set timeout of waiting server response in	seconds	(default: 3).

       -M maximum-hosts
	      maximum number of	hosts scanned if agressive mode	 used  (option
	      -L).

       -l MAC-address
	      ethernet	address	 of  DHCP server which need to ignore.	May be
	      several servers. Need option -l for each server.

       -L legal-network
	      specify legal network(s) on interfase. May be several  networks.
	      If  this parameter is set, dhcdrop uses agressive	mode: it scans
	      address range assigned by	DHCP server for	searching  hosts  with
	      incorrect	 addresses,  sends  DHCPRELEASE	 to  server from every
	      found host after this it restarts	process	of receiving addreses.
	      Need option -L for each network.

       -S network/mask
	      ARP-scan	for  network  'network'	with network mask 'mask' (CIDR
	      notation).  Source IP address for	scanning specified  by	option
	      -F  If  source IP	is not set - using random IP address from net-
	      work address range.

       -F source-ip
	      source IP	for scanning network or	sending	DHCPRELEASE  (see  op-
	      tion -S and -R ).

       -s server-ip-adress
	      specify DHCP server IP address. Used with	option -R

       -C count
	      children	number	(default:  0,  minimal value: 2, maximum: 32).
	      Compatible only with flag	-f

       initial-MAC-address
	      specify source MAC address for sending first DHCP	 message.   If
	      address not set -	used random value.

       -i interface
	      defines  network	interface,  can	 be  name  or index (cannot be
	      'any').  For listing available interfaces	use option -D

THEORETICAL BASICS
       In DHCP protocol	there is an option which specifies duration of leasing
       an  IP  address (Lease Time). During this time DHCP server gives	IP ad-
       dress for client's use.	After this time	period a client	have  to  make
       an  attempt  to	refresh	 IP  address  for the purpose of extension the
       lease. For the server giving out	IP address in lease means that	during
       the  lease  this	 IP address can	be given only to an owner of the lease
       and nobody else.	Identification of  clients  is	usually	 done  by  the
       server on the ground of MAC address. Usually every server has a pool of
       dynamic IP addresses. These are addresses which	are  not  assigned  to
       concrete	MAC addresses and are given dynamically	after any client's re-
       quest. Pool on SOHO routers with	default	settings is  not  very	big  -
       from  tens to about 200 addresses. In case of using software which per-
       forms the function of DHCP server the size of the pool  is  defined  by
       the one who sets. If the	pool of	addresses is over then DHCP server ig-
       nores the requests from	new  clients  (probably	 documenting  this  in
       logs).  Actually	it's not in action.

       Thereby	in  case of appearance false DHCP they can be supressed	rather
       easy.  It's necessary to	receive	lease for every	IP  address  available
       on  this	 server	 sending  requests from	unique clients every time. The
       more Lease Time is in server settings, the bigger period	of DHCP	server
       suppression  in	case  of  exhaustion of	dynamical pool is. For most of
       SOHO routers Lease time comes to	a number of days  or  even  weeks.  In
       case  of	using WinGate, dhcpd and other similar soft as DHCP server the
       lease time depends on the fantasy of the	man who	 launched  false  DHCP
       server.

PRINCIPLE OF DHCDROP OPERATION
       The program opens the interface specified in command line options using
       promiscuous mode	then forms DHCP	message	 (DHCPDISCOVER)	 using	random
       source MAC address (if another conduct isn't specified) and sends it to
       the interface:

       01:58:04.681600 00:70:de:3b:b9:05 > ff:ff:ff:ff:ff:ff, ethertype	IPv4 (0x0800),
       length 342: (tos	0x10, ttl 64, id 33964,	offset 0, flags	[none],
       proto UDP (17), length 328)
       0.0.0.0.68 > 255.255.255.255.67:	BOOTP/DHCP, Request from 00:70:de:3b:b9:05,
       length 300, xid 0xcc1cfc5c, Flags [none]
		 Client-Ethernet-Address 00:70:de:3b:b9:05
		 Vendor-rfc1048	Extensions
		   Magic Cookie	0x63825363
		   DHCP-Message	Option 53, length 1: Discover
		   Parameter-Request Option 55,	length 3:
		     Domain-Name-Server, Default-Gateway, Subnet-Mask
		   Hostname Option 12, length 12: "DHCP-dropper"
		   Vendor-Class	Option 60, length 12: "DHCP-dropper"
		   Client-ID Option 61,	length 7: ether	00:70:de:3b:b9:05

       After this it starts to wait for	server's answer	 (DHCPOFFER).  If  the
       answer  with  offering  IP address lease	is received then the next DHCP
       message (DHCPREQUEST) is	send to	the interface. On this message	server
       answers with DHCPACK-packet which confirms the possibility of using the
       IP address by a client.	This completes the operation of	 receiving  IP
       address	suggested  by  the server.  The	program	changes	source MAC ad-
       dress and sends DHCPDISCOVER again.  After that all  the	 above	opera-
       tions  of  receiving  the  lease	of a new IP address are	repeated. It's
       worth paying attention that the program changes not only	 the  client's
       MAC  address  in	DHCP message but also the MAC address in the header of
       Ethernet-frame. This possibility	brings the work	of the	program	 maxi-
       mally  nearer to	the work of real DHCP client (and also allows to avoid
       DHCP snooping).

       Cycle of	receiving IP addresses from server comes to an	end  when  the
       maximum number of IP addresses set by the option	is received or in case
       of exhausting dynamical pool of the server.  In	the  second  case  you
       gained  a  victory.  In the first case if you have an aim to reject the
       DHCP server then	there is a point to set	another	value of maximum  num-
       ber of leased address option.

USAGE OF THE PROGRAM
       Interfaces listing

       First  of  all  it's necessary to understand how	the network interface,
       where there is DHCP server, is called. This is easy  to	understand  in
       UNIX-like  OS  by  outputting ifconfig command. But in Windows OS it is
       not so evident.	Because	of this	let's launch the program with  -D  op-
       tion first of all:

       C:>dhcdrop -D
       Available interfaces:
       1:\Device\NPF_GenericDialupAdapter
	 descr:	Adapter	for generic dialup and VPN capture
       2:\Device\NPF_{0C796DB5-22D9-46AB-9301-9C7ADC2304AF}
	 descr:	ZyXEL GN650 1000Base-T Adapter		(Microsoft's Packet Scheduler)
	 iaddr:	192.168.1.2/24	bcast: 255.255.255.255
	 iaddr:	10.7.7.7/24  bcast: 255.255.255.255

       According  to the output	information it's evident that we need the sec-
       ond interface.  As an argument for program's option -i any index	of the
       second	      interface		or	   its	      name	  \De-
       vice\NPF_{0C796DB5-22D9-46AB-9301-9C7ADC2304AF} can be set. To my  mind
       it's more easy to use index and to launch the program with pointing in-
       dex instead of a	name. For example: dhcdrop -i 2

       Interactive mode, by default

       The easiest way of using	the program for	searching and choosing the re-
       jected server manually:

       $ sudo dhcdrop -i eth1
       Using interface:	'eth1'
       Got response from server	10.7.7.1 (IP-header 10.7.7.1), server ethernet address:	00:02:44:75:77:E4, lease time: 1.1h (3960s)
       Got BOOTREPLY (DHCPOFFER) for client ether: 00:16:09:D8:CF:60 You IP: 10.7.7.201/24
       Drop him? [y/n] n
       Searching next server...
       Got response from server	192.168.1.1 (IP-header 192.168.1.1), server ethernet address: 00:1E:2A:52:C8:CA, lease time: 24h (86400s)
       Got BOOTREPLY (DHCPOFFER) for client ether: 00:16:09:D8:CF:60 You IP: 192.168.1.2/24
       Drop him? [y/n] y
       1. Got BOOTREPLY	(DHCPACK) for client ether: 00:16:09:D8:CF:60 You IP: 192.168.1.2/24
       2. Got BOOTREPLY	(DHCPACK) for client ether: 00:A2:FA:12:41:F7 You IP: 192.168.1.3/24
       3. Got BOOTREPLY	(DHCPACK) for client ether: 00:56:EA:F8:1C:B0 You IP: 192.168.1.4/24
       4. Got BOOTREPLY	(DHCPACK) for client ether: 00:EA:91:1A:C8:A8 You IP: 192.168.1.5/24
       5. Got BOOTREPLY	(DHCPACK) for client ether: 00:83:8A:25:C7:1C You IP: 192.168.1.6/24
       6. Got BOOTREPLY	(DHCPACK) for client ether: 00:CA:A7:FF:C1:70 You IP: 192.168.1.7/24
       Wait DHCPOFFER timeout. Resending DHCPDISCOVER.
       Wait DHCPOFFER timeout. Resending DHCPDISCOVER.
       Wait DHCPOFFER timeout. Resending DHCPDISCOVER.
       Wait DHCPOFFER timeout. Resending DHCPDISCOVER.
       Wait DHCPOFFER timeout. Resending DHCPDISCOVER.
       Finished.

       As it's seen from the example when receiving an answer from DHCP	server
       dhcdrop reports information from	the server about given IP address  and
       asks  of	necessity to suppress this server. Receiving a negative	answer
       it goes on searching for	servers	in the	network	 ignoring  the	server
       discovered  before.  In case of receiving a positive answer it starts a
       process for rejecting the server	with a method shown above.

       Automatical suppresion mode of all the servers  except  the  legitimate
       one

       In  case	of knowing (and	usually	we know) MAC address of	the legal DHCP
       server in our network the operation of suppressing illegal servers  can
       be simplified:

       $ sudo dhcdrop -i eth1 -y -l 00:02:44:75:77:E4
       Using interface:	'eth1'
       Got response from server	192.168.1.1 (IP-header 192.168.1.1), server ethernet address: 00:1E:2A:52:C8:CA, lease time: 24h (86400s)
       Got BOOTREPLY (DHCPOFFER) for client ether: 00:37:C5:10:BE:16 You IP: 192.168.1.2/24
       1. Got BOOTREPLY	(DHCPACK) for client ether: 00:37:C5:10:BE:16 You IP: 192.168.1.2/24
       2. Got BOOTREPLY	(DHCPACK) for client ether: 00:94:26:88:33:BD You IP: 192.168.1.3/24
       3. Got BOOTREPLY	(DHCPACK) for client ether: 00:E5:AC:7B:79:BB You IP: 192.168.1.4/24
       <skipped>
       Wait DHCPOFFER timeout. Resending DHCPDISCOVER.
       Finished.

       In  this	 version  of using dhcdrop rejects any server except that ones
       states with -l option without asking additional questions (due to using
       option -y ).

       Test mode

       Test  mode  ( -t	) is comfortable to use	for execution the program from
       code in computer-aided mode.  An	example	of the simplest	code is	below:

       00 #!/bin/bash
       01 LEGAL_SERVER="00:11:22:33:44:55"
       02 DROPPER="/usr/sbin/dhcdrop"
       03 IFNAME="eth1"

       04 $DROPPER -i $IFNAME -t -l $LEGAL_SERVER -m 3

       05 if [ $? = 200	]
       06 then
       07    echo Illegal server found Dropping	him
       08    $DROPPER -i eth1 -l $LEGAL_SERVER -y
       09 else
       10    echo Illegal server not found.
       11 fi

       In the forth line launching of dhcdrop is being executed	in a test mode
       with  setting an	option of legal	DHCP server for	the network ( -l ), an
       option of testing ( -t )	and an option of setting maximum number	of at-
       tempts  of  sending DHCPDISCOVER	in mode	of searching the server	( -m).
       If there	is no answer for all the requests been sent then  the  program
       ends  with  0 code. If there is answer for the server without -l	option
       then the	program	ends with 200 code which leads to the further  launch-
       ing  of	the  program  with  options describing suppression of any DHCP
       server in the network except the	legal one.

       Usage of	aggressive mode	for receiving addresses

       As you can guess	from the description of	DHCP protocol -	 if  a	client
       received	 the  configuration  from  illegal DHCP	server then the	server
       wouldn't	give this configuration	iteratively to	another	 client	 until
       the  period  of lease expires.  So a simple exhaustion of IP addresses'
       pool won't save clients who have	already	received incorrect  configura-
       tion.  The server will give these addresses only	to the clients who re-
       quested them initially and will ignore requests from  dhcdrop  informa-
       tion from illegal DHCP server again and it would	be continued until il-
       legal DHCP server switched off. For solving such	a problem  there  were
       added the aggressive mode of receiving IP addresses in dhcdrop starting
       with version 0.5.  It is	activated with -L option which points a	legit-
       imate IP	subnet for the given Etherner segment of the network.  Here is
       the algorithm of	its operation: dhcdrop launches	an  ordinary  mode  of
       suppression  and	 exhausts the whole IP addresses' pool of illegal DHCP
       server. Analyzes	the first DHCPOFFER received from illegal DHCP,	with a
       help  of	 the  network  mask  and  client's IP address given out	by the
       server receives the address of IP  network  attended  by	 this  server.
       Launches	 ARP-scanning  of  received subnet for the purpose of exposing
       hosts which received  incorrect	configurational	 information,  default
       number  of  scanned hosts is limited to 512 (can	be changed with	-M op-
       tion), some servers gives out configurational set with a	mask /8	 which
       conforms	to approximately 16 million of hosts - scanning	of such	an ad-
       dress range will	take a lot of time. Sends messages DHCPRELEASE to  the
       DHCP  server from every found host (except the server itself). Waits 60
       seconds (default	value can be  changed  with  -w	 option),  after  then
       restarts	 the  process  of receiving IP addresses.  As an example let's
       launch dhcdrop with the same options as in the previous example but ad-
       ditionally state	legal IP network 10.7.7.0:

       $ sudo dhcdrop -i eth1 -y -l 00:02:44:75:77:E4 -L 10.7.7.0
       Using interface:	'eth1'
       Got response from server	192.168.1.1 (IP-header 192.168.1.1), server ethernet address: 00:1E:2A:52:C8:CA, lease time: 24h (86400s)
       Got BOOTREPLY (DHCPOFFER) for client ether: 00:BC:BF:D6:39:2E You IP: 192.168.1.5/24
       1. Got BOOTREPLY	(DHCPACK) for client ether: 00:BC:BF:D6:39:2E You IP: 192.168.1.5/24
       2. Got BOOTREPLY	(DHCPACK) for client ether: 00:FB:E7:A4:19:EC You IP: 192.168.1.6/24
       3. Got BOOTREPLY	(DHCPACK) for client ether: 00:CB:44:F9:A8:6F You IP: 192.168.1.7/24
       Wait DHCPOFFER timeout. Resending DHCPDISCOVER.
       Wait DHCPOFFER timeout. Resending DHCPDISCOVER.
       Wait DHCPOFFER timeout. Resending DHCPDISCOVER.
       Wait DHCPOFFER timeout. Resending DHCPDISCOVER.
       Wait DHCPOFFER timeout. Resending DHCPDISCOVER.
       Trying to use agressive mode.
       Starting	ARP scanning network in	range: 192.168.1.0 - 192.168.1.255...
       Illegal DHCP server perhaps assigned IP adresses	to the following hosts:
       1. Received ARP-reply from: 00:1e:2a:52:c8:ca (192.168.1.1) - itself DHCP server.
       2. Received ARP-reply from: 00:03:ff:15:52:90 (192.168.1.3)
       3. Received ARP-reply from: 00:03:ff:14:52:90 (192.168.1.4)
       4. Received ARP-reply from: 00:a0:c5:30:52:90 (192.168.1.200)
       Sending DHCPRELEASE for invalid clients:
       Send DHCPRELEASE	for host 00:03:ff:15:52:90 (192.168.1.3).
       Send DHCPRELEASE	for host 00:03:ff:14:52:90 (192.168.1.4).
       Send DHCPRELEASE	for host 00:a0:c5:30:52:90 (192.168.1.200).
       Restart dropping	DHCP server after 60 seconds timeout...
       1. Got BOOTREPLY	(DHCPACK) for client ether: 00:BC:BF:D6:39:2E You IP: 192.168.1.5/24
       2. Got BOOTREPLY	(DHCPACK) for client ether: 00:F1:32:14:60:A3 You IP: 192.168.1.3/24
       3. Got BOOTREPLY	(DHCPACK) for client ether: 00:2D:1C:80:ED:12 You IP: 192.168.1.4/24
       Wait DHCPOFFER timeout. Resending DHCPDISCOVER.
       Wait DHCPOFFER timeout. Resending DHCPDISCOVER.
       Wait DHCPOFFER timeout. Resending DHCPDISCOVER.
       Wait DHCPOFFER timeout. Resending DHCPDISCOVER.
       Wait DHCPOFFER timeout. Resending DHCPDISCOVER.

       WARNING:	Failed to take away all	the IP addresses assigned by DHCP server.
       Perhaps DHCP server checks availability of IP addresses by sending ARP-request
       before assigning	them. Try to restart dhcpdrop later. If	it doesn't help
       try to disconnect problem hosts temporarily, then send manually DHCPRELEASE
       from address of this hosts (use option -R) and restart dhcdrop.

       Finished.

       Explanation of the program operation's results.

       After  outputting  the inscription "Trying to use aggressive mode" ARP-
       scanning	of subnet, serviced by	illegal	 DHCP  server  in  the	stated
       range, starts.  As a result 4 hosts are found including the DHCP	server
       itself (the first host).	 Then dhcdrop sends DHCPRELEASE	message	to the
       server  192.168.1.1  from  addresses  (Ethernet	& IP) of all the hosts
       found in	the subnet except DHCP server itself and stops	execution  for
       60  seconds. Timeout is necessary because some DHCP servers hold	giving
       out IP addresses	to a new client	during little period of	time after re-
       ceiving	DHCPRELEASE from a previous client. In case of necessity time-
       out's value can be changed with -w option. On  the  expiry  of  timeout
       dhcdrop	launches  the  process of receiving released IP	addresses.  We
       succeeded in receiving IP addresses 192.168.1.5 (it was	received  ini-
       tially  when  starting  the  program), 192.168.1.3 and 192.168.1.4. The
       last two	addresses were successfully released by	the server  after  re-
       ceiving	DHCPRELEASE  messages  generated by dhcdrop. Failed to receive
       the address 192.168.1.200, in spite of presence of  this	 host  in  the
       network,	 and  the  fact	 that from its address DHCPRELEASE message was
       send. One of the	reasons	of failure was described in warning in the end
       of  the	program's  output: DHCP	server before giving out the addresses
       can check if the	host with the requested	IP address exists and only af-
       ter  this  it  can give out the address if such a host is absent	in the
       network.	If not,	a new lease for	this address will not be given out. In
       this  situation	switching off the problem hosts	fron the network manu-
       ally and	sending	DHCPRELEASE messages from these	 hosts'	 addresses  to
       the server (see an example below) can be	helpful.  After	this it's nec-
       essary to restart the process of	receiving IP addresses.	  But  in  our
       case the	problem	isn't hidden here. The host 192.168.1.200 has a	stati-
       cally set IP address and	because	of this	it  has	 never	requested  the
       configuration  from  DHCP  server.  The necessity itself	of stating the
       legal network for launching the aggressive mode is necessary  to	 check
       of  the	address	range given out	by illegal DHCP	server crosses the ad-
       dress range of the subnet where	it  was	 discovered.  If  the  address
       ranges  cross each other	then ARP-scanning will be done with the	hosts,
       which have the correct configuration and	will output the	incorrect  in-
       formation.  Because  of this in case of discovering crossing of the ad-
       dress ranges aggressive mode will not be	launched.

       Sending DHCPRELEASE message

       You will	probably have a	necessity to send  DHCPRELEASE	message	 manu-
       ally.  For example, because of the reason mentioned in the previous ex-
       ample. You can do it with a help	of -R option:

       $ sudo dhcdrop -i eth1 -R -s 192.168.1.1	-F 192.168.1.4 00:2D:1C:80:ED:12
       Using interface:	'eth1'
       Send DHCPRELEASE	from 00:2D:1C:80:ED:12 client IP 192.168.1.4 to	DHCP server 192.168.1.1
       Finished.

       Option -s sets server's IP address, -F set DHCP	client's  IP  address,
       00:2D:1C:80:ED:12  set  client's	 Ethernet address.  As a result	such a
       sort of packet will be send in the network:

       16:13:43.887735 00:2d:1c:80:ed:12 > ff:ff:ff:ff:ff:ff, ethertype	IPv4 (0x0800), length 342:
       (tos 0x10, ttl 64, id 29807, offset 0, flags [none], proto UDP (17), length 328)
       0.0.0.0.68 > 192.168.1.1.67: BOOTP/DHCP,	Request	from 00:2d:1c:80:ed:12,
       length 300, xid 0xb2f04a28, Flags [none]
	   Client-IP 192.168.1.4
	   Client-Ethernet-Address 00:2d:1c:80:ed:12
	   Vendor-rfc1048 Extensions
	   Magic Cookie	0x63825363
	   DHCP-Message	Option 53, length 1: Release
	   Server-ID Option 54,	length 4: 192.168.1.1
	   Client-ID Option 61,	length 7: ether	00:2d:1c:80:ed:12

       Scanning	the network's segment

       You can use ARP-scanning	of the network for searching clients  who  re-
       ceived  incorrect  configurational  information.	 It is realized	with a
       help of -S option:

       $ dhcdrop -i eth1 -S 192.168.1.0/24
       Using interface:	'eth1'
       Starting	ARP-scanning for subnet	192.168.1.0/24.
       IP address range	192.168.1.0 - 192.168.1.255.
       WARNING:	Source IP is not set (use option -F).
       Using random value for source IP	address: 192.168.1.195
       1. Received ARP-reply from: 00:1e:2a:52:c8:ca (192.168.1.1).
       2. Received ARP-reply from: 00:a0:c5:30:52:90 (192.168.1.200).
       Finished.

       According to the	warning,  which	 was  printed  by  the	program,  when
       launching,  the	source	IP address wasn't set. Because of this dhcdrop
       chooses a random	IP address from	address	range of a stated  subnet.  If
       you  need  to set a source address then use -F option. For this kind of
       scanning	factual	settings of routing in your network aren't  important.
       Interface  set by an option -i will always be used accepting that hosts
       of the mentioned	subnet are in the same Ethernet	segment	with the  host
       where  dhcdrop  is  being launched. Also	this option allows to discover
       duplication of IP addresses in the same segment of the network even  if
       the  scanning is	being done from	the host which IP address is being du-
       plicated	by another host.

AUTHOR
       This program was	written	by Roman Chebotarev <roma@ultranet.ru>

REPORTING BUGS
       Any bugs/remarks/suggestions/wishes concerning this program please send
       to <roma@ultranet.ru>

MAN FILE
       Guidance	 page was made by Andrew Clark <andyc@altlinux.org>, basing on
       the articles of the author of the  program,  web	 page  http://www.net-
       patch.ru/en/dhcdrop.html

TRANSLATION
       The  translation	 from Russian into English was made by Anna Makhtinger
       <mailmnoo@rambler.ru>

				  18/08/2009			    DHCDROP(8)

NAME | SYNOPSIS | DESCRIPTION | OPTIONS | THEORETICAL BASICS | PRINCIPLE OF DHCDROP OPERATION | USAGE OF THE PROGRAM | AUTHOR | REPORTING BUGS | MAN FILE | TRANSLATION

Want to link to this manual page? Use this URL:
<https://www.freebsd.org/cgi/man.cgi?query=dhcdrop&sektion=8&manpath=FreeBSD+12.2-RELEASE+and+Ports>

home | help