[NTLUG:Discuss] Service snooping
Chris Cox
cjcox at acm.org
Fri Jan 18 20:39:08 CST 2002
Courtney Grimland wrote:
>
> I've been having problems on my network with dhcp
> clients (not) getting an address assigned to them, and
> I think I might have pinpointed the cause (or maybe
> I'm way off, I don't know).
>
> An nmap scan on 172.16.0.150 (I have a 172.16.0.0/16
> network that I'm working with here) shows that there
> is a service running on udp port 67 (the dhcp server
> port), and that it appears to be a Win2k OS. If this
> is in fact a rogue dhcp server running on my network,
> that very well could explain the problems I've been
> having. I'd like to be sure that this is a dhcp
> server running before I confront the potential
> offender.
>
> Is there a Linux tool that someone can recommend that
> can probe this port or otherwise determine what exact
> service I see running?
Here are some you can build:
http://www.mavetju.org/unix/general.php
I used dhcpdump in my presentation on dhcp-ddns.
>
> __________________________________________________
> Do You Yahoo!?
> Send FREE video emails in Yahoo! Mail!
> http://promo.yahoo.com/videomail/
>
> _______________________________________________
> http://www.ntlug.org/mailman/listinfo/discuss
More information about the Discuss
mailing list