Rogue DHCP Server Detector
From Association for Computing Machinery
This program detects rogue DHCP servers. It monitors traffic on an Ethernet interface (configured in rogueDHCP.conf) and examines DHCP replies. If it notices a DHCP reply from an Ethernet address that is not in its known list of DHCP servers (also configured in rogueDHCP.conf), it informs the user of the situation by printing a message, along with some of the DHCP options in the DHCP reply, to standard output. The DHCP options that are printed if found in the DHCP reply are:
- DHCP message type
- Server identifier
- Address lease time
- Subnet mask
- Broadcast address
- Router
- Domain name
- Domain name servers
The code is C/C++ and aims to be compact, requiring libpcap as the only third-party library. It has been tested with GCC and 4.2 and 4.3, on FreeBSD and GNU/Linux, and on 32- and 64-bit and little- and big-endian processors.
Download: Rogue DHCP Server Detector 1.0.0
