Using dhclient to locate DHCP Servers on a LAN

On a Linux system, you can use the dhclient command to identify any Dynamic Host Configuration Protocol (DHCP) servers that are available on the local area network (LAN). First, you need to determine a relevant network interface on the system over which an IP address might be acquired via DHCP. You can do so using the ip command. If the -f inet option is given to the command, it will show only IPv4 addresses.

Save on a Computer: Run Windows, Mac, and Linux with VirtualBox
Save on a Computer: Run Windows,
Mac, and Linux with VirtualBox 1x1 px 

# ip -f inet address
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN 
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
2: enp4s0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
    inet 192.168.0.35/24 brd 192.168.0.255 scope global dynamic enp4s0
       valid_lft 156092sec preferred_lft 156092sec
3: virbr0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN 
    inet 192.168.122.1/24 brd 192.168.122.255 scope global virbr0
       valid_lft forever preferred_lft forever
$

Alteratively, you can use the ifconfig command with the -a option to show all network interfaces and any assigned IP addresses for them. I.e., ifconfig -a.

In the example above from a CentOS 7 system, I can see that an IP address is assigned to the enp4s0 network interface and that is the interface I will use for the DHCP query to locate any DHCP servers on the network, which may be legitimate or rogue DNS servers.

To have the dhclient command search for DHCP servers, I'll use the -d and -nw options.

     -d     Force dhclient to run as a  foreground  process.   Normally  the
            DHCP  client  will run in the foreground until is has configured
            an interface at which time it will  revert  to  running  in  the
            background.  This option is useful when running the client under
            a debugger, or when running it out of inittab on System  V  sys‐
            tems.  This implies -v.

     -nw    Become  a  daemon immediately (nowait) rather than waiting until
            an an IP address has been acquired.

The syntax of the command, which should be run from the root account, is dhclient -d -nw <interface> where interface is the relevant network interface, in this case enp4s0.

oreilly.com - Your tech ebook super store 
# dhclient -d -nw enp4s0
Internet Systems Consortium DHCP Client 4.2.5
Copyright 2004-2013 Internet Systems Consortium.
All rights reserved.
For info, please visit https://www.isc.org/software/dhcp/

Listening on LPF/enp4s0/4c:72:b9:9c:b8:3c
Sending on   LPF/enp4s0/4c:72:b9:9c:b8:3c
Sending on   Socket/fallback
DHCPREQUEST on enp4s0 to 255.255.255.255 port 67 (xid=0x3c0096)
DHCPACK from 192.168.0.1 (xid=0x3c0096)
bound to 192.168.0.35 -- renewal in 113327 seconds.
^C
#

To identify DHCP servers look for "DHCPOFFER" or "DHCPACK" lines. E.g., in the case above where the system was using a DHCP address, I can see that there is only one DHCP server and its IP address is 192.168.0.1. You can terminate the command with Ctrl-C to retrun to the shell prompt.

On another system with a static IP address on a different LAN, I saw the following:

# dhclient -d -nw enp1s4
Internet Systems Consortium DHCP Client 4.2.5
Copyright 2004-2013 Internet Systems Consortium.
All rights reserved.
For info, please visit https://www.isc.org/software/dhcp/

Listening on LPF/enp1s4/00:1b:fc:2f:66:fc
Sending on   LPF/enp1s4/00:1b:fc:2f:66:fc
Sending on   Socket/fallback
DHCPDISCOVER on enp1s4 to 255.255.255.255 port 67 interval 3 (xid=0x6f6bda71)
DHCPREQUEST on enp1s4 to 255.255.255.255 port 67 (xid=0x6f6bda71)
DHCPOFFER from 192.168.4.1
DHCPACK from 192.168.4.1 (xid=0x6f6bda71)
bound to 192.168.4.53 -- renewal in 123196 seconds.
^C
#

In the above example, the only DHCP server offering IP addresses is at 192.168.4.1.

 

TechRabbit ad 300x250 newegg.com

Justdeals Daily Electronics Deals1x1 px