Checking if there is unauthorized DHCP servers in a LAN
I have found a very nice tool to probe for unauthorized DHCP servers in a network. In Debian, you can use aptitude or apt-get to install it.
I hope it will be useful for more people.
#apt-get install dhcp_probe #dhcp_probe -f -o /home/user/caps/dhcp.pcap eth0 note: starting, version 1.3.0 warn: received unexpected response on interface eth0 from BootP/DHCP server with IP source 192.168.0.1 (ether src 70:ca:9b:15:e1:9). warn: received unexpected response on interface eth0 from BootP/DHCP server with IP source 192.168.0.1(ether src 70:ca:9b:15:e1:9). warn: received unexpected response on interface eth0 from BootP/DHCP server with IP source 192.168.0.2 (ether src 70:ca:9b:15:e1:2).