Categories
Linux Networking

monitor for dhcp offers on network

sudo ifconfig ethX promisc
tshark -i ethX -n port 68 -R 'bootp.type == 2'

Thanks to http://blog.siufatfat.net/2013/08/25/locating-rogue-dhcp-on-linux/

Categories
Linux Networking

tcpdump notes

sudo tcpdump -i eth0 port 67 or port 68 -nev and “ether host <<MAC ADDRESS>>”

 

ether host <mac address>

verbose:

-vv

 

packet size for full details:

-s 1500

prevent name resolution:

-n