I am by no means shy about pointing out problems with Windows on this blog but I do try to be objective in my criticism. Today I have the rare pleasure of sharing a Windows command-line tool that I haven’t been able to find an equal to on RedHat Enterprise Linux (RHEL) 4. A few weeks ago a rogue DHCP server caused us some serious problems at work so I was asked to find a simple tool for detecting rogue servers. In theory there are loads of tools for this on Linux but after having tried everything Google was able to find for me (an entire day’s work) I’d still drawn a blank. Everything I tried insisted that our main DHCP server did not exist. What’s more tcpdump showed responses from the DHCP server arriving at the machine but all the tools insisted they got no reply regardless. In my search I did come across dhcploc.exe, a small MicroSoft command-line tool that ships with most versions of Windows. Granted, it’s not part of the default install but it is on the CD none the less and more importantly it works!

[tags]Windows, RedHat, RHEL, DHCP, Rogue DHCP Servers[/tags]

To install dhcploc.exe you have to install the Support Tools which you have to look for on your Windows CD. Once you have this installed you can set it looking for rogue servers with the following command:

dhcploc  

dhcploc.exe will then run continually and display all DHCP responses it sees. It will beep each time a rogue server is seen. You can also get it to only show you rogue traffic with the -p flag.

It’s rare that Windows has more powerful command-line tools than Linux but when it comes to detecting rogue DHCP servers Windows had it nailed with this simple tool that just works! I just hope this tool still exists in Vista!

Update 21 December 2006

I have finally found a tool that works for RHEL and Debian (and probably all Linuxes). It’s a Perl module and accompanying script which can optionally be run as a demon and be setup to email you each time it finds a rogue server. It’s called RogueDetect and is GPL. I have tested version 0.4Alpha2. I’ve also used this code as a basis for a Nagios plugin the code for which I’ll be releasing over the next few days on this blog.