There are two common scenarios in which IT administrators find themselves trying to find “unknown” DHCP server on their network:
Aa hacker may install a DHCP server on your network to allow them to specify their own DNS server. DNS (Domain Name Service) is a phone book for the internet; people use names but computers only use numbers, so if you control DNS, you can redirect users to any site you want. For example, a ‘real’ DNS server will associate URTech.ca to 74.124.219.234 but what if the DNS tells your computer URTech.ca is actually at 104.215.148.63, you be sent to Microsoft.com.
You might think this is impossible but it is not. It is quite easy to setup DHCP on your firewall, switches, Linux servers and Windows Servers. That is a very bad thing and will cause you no end of grief.
Next to using one of the free utlities above, the easiest way to find DHCP server on your network is:
ipconfig /all
press the ENTER key:If you find DHCP ENABLED (as it is on 99% of computers) and you see something other than AUTOCONFIGURATION IPV4 ADDRESS you should then find the DHCP Server IP.
If you see something like this screen shot, your computer was unable to locate a DHCP server on your network.
If you are only worried about Windows based DHCP servers you can easily determine what servers are authorized to provide DHCP by opening a PowerShell and typing Get-DhcpServerInDC
During boot a computer broadcasts packets on the network asking for DHCP server information. If that computer receives a response, it will then ask for an address from the DHCP server.
Free utilities like Wireshark, WinDump and many others will easily collect all of the packets floating through your network and allow you to search for the DHCP server responses which use UDP on port 67.
There are many many professional tools from reliable name brands like Solar Winds to help you find authorized and unauthorized rogue DHCP servers on the network.
This website uses cookies.