Discover rogue DHCP servers on your network in seconds
Features • Installation • Usage • Example • License
A lightweight cross-platform command-line utility that scans your local network for DHCP servers. Useful for network diagnostics, security audits, and detecting unauthorized DHCP servers that could cause network issues.
- Cross-platform — Works on Linux, macOS, FreeBSD, OpenBSD, NetBSD, DragonFlyBSD
- Fast network scanning for DHCP servers
- Displays server MAC address, IP, and offered configuration
- Shows comprehensive DHCP options:
- DNS servers, gateway, subnet mask
- Domain name and hostname
- Lease time (human-readable)
- NTP servers, WINS servers
- Vendor class identifier
- Static routes (CIDR format)
- PXE boot options (TFTP server, bootfile)
- List available interfaces — Shows only interfaces suitable for DHCP scanning
- Minimal dependencies — pure C, no external libraries
- Lightweight and portable
| Platform | Implementation |
|---|---|
| Linux | Raw sockets (PF_PACKET) |
| macOS | BPF (Berkeley Packet Filter) |
| FreeBSD | BPF (Berkeley Packet Filter) |
| OpenBSD | BPF (Berkeley Packet Filter) |
| NetBSD | BPF (Berkeley Packet Filter) |
| DragonFlyBSD | BPF (Berkeley Packet Filter) |
- Linux, macOS, or BSD operating system
- C compiler (GCC, Clang, or system default)
- Make
- Root privileges (required for raw packet access)
git clone https://github.com/fycth/DHCP-server-scanner.git
cd DHCP-server-scanner
makeThe build system automatically detects your platform and compiles the appropriate implementation.
To verify the detected platform:
make infoThe compiled binaries will be available in the bin/ directory.
sudo ./bin/dhcpd-detector-release -i <interface> [-t <timeout>]| Option | Description |
|---|---|
-l, --list |
List available network interfaces for DHCP scanning |
-i, --iface |
Network interface to scan (required) |
-t, --timeout |
Timeout in seconds (default: 3) |
-h, --help |
Show help message |
-V, --version |
Show version |
List available interfaces:
./bin/dhcpd-detector-release -lOutput:
Available interfaces for DHCP scanning:
INTERFACE MAC IP
--------- ----------------- ---------------
en0 62:e7:27:25:07:7f 192.168.0.23
eth0 00:1a:2b:3c:4d:5e 192.168.1.100
Linux:
# Scan on eth0 interface
sudo ./bin/dhcpd-detector-release -i eth0
# Scan on wlan0 with 10 second timeout
sudo ./bin/dhcpd-detector-release -i wlan0 -t 10macOS:
# Scan on en0 interface (usually Wi-Fi or Ethernet)
sudo ./bin/dhcpd-detector-release -i en0
# Scan on en1 with 10 second timeout
sudo ./bin/dhcpd-detector-release -i en1 -t 10Note: Root privileges are required to send and receive raw network packets. The
-loption does not require root.
$ sudo ./bin/dhcpd-detector-release -i eth0
<----- DHCP scan started ----->
DHCP server MAC: 78e7d1f7c56e
DHCP: Received msgtype = 2
Server host name: router.local
DHCP server IP: 192.168.1.1
Offered IP: 192.168.1.105
Subnet mask: 255.255.255.0
Broadcast: 192.168.1.255
Gateway: 192.168.1.1
DNS server 1: 8.8.8.8
DNS server 2: 8.8.4.4
Domain name: home.local
Lease time: 1d 0h 0m 0s (86400 seconds)
NTP server 1: 192.168.1.1
Vendor class: MSFT 5.0
<----- stopped ----->
- Network Troubleshooting — Verify your DHCP server is responding correctly
- Security Audits — Detect rogue DHCP servers on your network
- IT Administration — Quickly identify DHCP server configuration
- Learning — Understand DHCP protocol in action
The scanner works by:
- Sending a DHCP Discover broadcast packet on the specified interface
- Listening for DHCP Offer responses from any servers on the network
- Parsing and displaying the offered configuration
On Linux, this uses raw sockets (PF_PACKET). On macOS and BSD systems (FreeBSD, OpenBSD, NetBSD, DragonFlyBSD), the scanner uses BPF (Berkeley Packet Filter) to access the network at the data link layer.
This project is licensed under the BSD License — see the LICENSE file for details.
Made with C and raw sockets