From owner-freebsd-questions  Thu Apr 11 11:58: 4 2002
Delivered-To: freebsd-questions@freebsd.org
Received: from nwc.com (mail.nwc.com [128.230.97.51])
	by hub.freebsd.org (Postfix) with ESMTP id 5905037B404
	for <freebsd-questions@freebsd.org>; Thu, 11 Apr 2002 11:58:00 -0700 (PDT)
Received: from [24.49.198.38] (account mfratto HELO SCREAM.nwc.com)
  by nwc.com (CommuniGate Pro SMTP 3.5.4)
  with ESMTP-TLS id 1449108; Thu, 11 Apr 2002 13:57:59 -0500
Message-Id: <5.1.0.14.2.20020411144553.02a9ec10@mail.nwc.com>
X-Sender: mfratto@mail.nwc.com
X-Mailer: QUALCOMM Windows Eudora Version 5.1
Date: Thu, 11 Apr 2002 14:56:56 -0400
To: "mike ndabarasa" <freebsd@nur.ac.rw>,
	freebsd-questions@freebsd.org
From: Mike Fratto <mfratto@nwc.com>
Subject: Re: dhcp question
In-Reply-To: <web-3090971@pumba.nur.ac.rw>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"; format=flowed
Sender: owner-freebsd-questions@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-questions.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-questions>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-questions>
X-Loop: FreeBSD.ORG

At 06:23 PM 4/11/2002 +0000, mike ndabarasa wrote:

>here is my question:
>====================
>how do i know who in my network is making dhcp offers so
>that i can recognize officials dhcp from un-officials.
>i understant one way is to check running processes on every
>machine but this may be a daunting task.
>i want a tool that i may use from my desktop before i go
>down to the identified troublemaker.


One way to do that is to get the mac address of your "authorized" dhcp 
server and use that in TCPDUMP to capture all DHCP responses EXCEPT from 
your mac address.


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message