1. Overview
The Dynamic Host Configuration Protocol (DHCP) plays a crucial role in network administration. In particular, it automatically assigns IP addresses and configuration parameters to devices on a network.
In this tutorial, we explore various command-line tools to test whether a DHCP service is running on a network. Thus, by using these tools, network administrators can ensure the network’s connectivity. Eventually, they can diagnose and resolve issues efficiently.
In this case, we test using a Ubuntu 22.04 Linux system.
2. Why Test a DHCP Server?
Checking available DHCP servers is essential for several reasons:
- on a network with multiple DHCP servers, clients can decide which server to connect to
- it helps to verify if the server is functioning correctly, offering IP addresses and configuration parameters as expected
- it helps maintain network security by detecting rogue DHCP servers
Moreover, proactive testing can uncover potential issues with the DHCP server before it’s deployed in the production environment.
3. Lab Environment Setup
Before diving into specific tools, let’s set up a lab environment for testing purposes. Markedly, this setup typically includes some Linux machines and tools:
- one or more Linux servers running the DHCP service (i.e., the dnsmasq server in this case)
- one client machine to simulate DHCP requests
- a network switch or virtual network to connect the server and clients
Together with the above setup, the above machines are set up using VirtualBox and Vagrant. For this tutorial, we use dnsmasq as the DHCP server:
$ sudo apt install dnsmasq
Furthermore, we configure a DHCP server by editing the /etc/dnsmasq.conf config file:
$ cat /etc/dnsmasq.conf
interface=eth1
dhcp-range=192.168.50.100,192.168.50.150,12h
dhcp-option=option:router,192.168.50.1
dhcp-option=option:dns-server,192.168.50.21
port=5533
Let’s break down the above contents:
- interface=eth1: specifies that dnsmasq should listen for DHCP requests on the eth1 network interface
- dhcp-range=192.168.50.100,192.168.50.150,12h: sets the DHCP range for IP address allocation with lease time set to 12 hours
- dhcp-option=option:router,192.168.50.1: sets the default gateway (router) IP address for the DHCP client
- dhcp-option=option:dns-server,192.168.50.21: sets the DNS server IP address for DHCP clients
- port=5533: configures dnsmasq to listen on port 5533 for DNS queries
Finally, we restart the service to make the changes work:
$ sudo systemctl restart dnsmasq
The above configuration sets up a basic DHCP server on the eth1 interface.
4. Basic Tools for Testing DHCP
Linux offers a variety of command-line utilities that can be used for testing DHCP services. Accordingly, we check out some basic tools and explore their functionalities.
4.1. Using nmap
The nmap network scanner can be used with the –script broadcast-dhcp-discover option to send a simulated DHCP DISCOVER packet.
This way, if a DHCP server is listening on the network, nmap might see a DHCP OFFER packet.
Further, we can specify an interface that we want to listen to on the client via the -e option:
$ sudo nmap --script broadcast-dhcp-discover -e eth1
...
Pre-scan script results:
| broadcast-dhcp-discover:
| Response 1 of 1:
| IP Offered: 192.168.50.141
| DHCP Message Type: DHCPOFFER
| Server Identifier: 192.168.50.21
| IP Address Lease Time: 2m00s
...
Notably, in cases of multiple DHCP servers, the above script only shows the first responding DHCP server and ignores others.
In addition, we can employ another script, dhcp-discover. This is a unicast version of the above script. It retrieves local configuration from the remote target host without adding a new address:
$ sudo nmap -sU -p67 --script dhcp-discover 192.168.50.21
...
67/udp open dhcps
| dhcp-discover:
| DHCP Message Type: DHCPACK
| Server Identifier: 192.168.50.21
| IP Address Lease Time: 11h56m30s
| Subnet Mask: 255.255.255.0
| Broadcast Address: 192.168.50.255
| Domain Name Server: 192.168.50.21
...
In essence, the above script sends a DHCP INFORM message (UDP) on port 67 to host 192.168.50.21.
Thus, we accurately detect whether the target server is running a DHCP service.
4.2. Using dhcpcd
dhcpcd (DHCP Client Daemon) is also a popular DHCP client for Linux systems. We can use it for requesting and managing DHCP leases for network interfaces.
Let’s install dhcpcd on the system:
$ sudo apt install dhcpcd5
Next, we use dhcpcd for testing DHCP. For this, we run dhcpcd in test mode using the -T option on the eth1 interface:
$ sudo dhcpcd -T eth1
...
DUID 00:04:89:0d:ba:e6:56:f7:f9:43:a2:2e:44:65:03:f1:ac:0c
eth1: IAID 27:f3:27:23
eth1: soliciting a DHCP lease
eth1: offered 192.168.50.108 from 192.168.50.21
interface='eth1'
pid='2912'
protocol='dhcp'
reason='TEST'
...
In test mode, dhcpcd attempts to obtain an IP address from the DHCP server. It then displays the results on the interface.
Notably, we can see the DHCP server IP, offered IP, and related information in the output. Again, dhcpcd can’t search for multiple DHCP servers on the network. It only shows the first server it gets a response from.
4.3. Using dhcping
dhcping is a specialized tool for testing DHCP servers. It simulates DHCP client requests and analyzes the server responses.
Let’s install the dhcping package using the apt package manager:
$ sudo apt install dhcping
The basic format of dhcping takes some arguments:
- IP of the machine we want to test
- client IP address
- MAC address of the client
With the above requirements in place, let’s test for a DHCP server:
$ sudo dhcping -c 192.168.50.10 -s 192.168.50.21 -h "08:00:27:f3:27:23"
Got answer from: 192.168.50.21
In the above command, option -c specifies the client IP, while option -s indicates the server IP. Similarly, option -h is for the client MAC address.
Next, the output Got answer from: 192.168.50.21 shows that the target DHCP server is functional. Otherwise, if we see the output as no answer, that means the DHCP server isn’t responding.
Notably, dhcping checks only a specific machine instead of searching a whole network. Because of this, like the above two tools, it can’t discover multiple DHCP servers.
5. Advanced Traffic Analysis and Automated Monitoring
While basic tools offer quick insights, more complex DHCP analysis often requires advanced testing and monitoring approaches.
In this section, we delve into using tcpdump and a Nagios script to check the availability of multiple DHCP servers on a network.
5.1. Using dhclient and tcpdump
The combination of dhclient and tcpdump provides a more comprehensive testing approach.
dhclient can be used to request a lease renewal from a DHCP server, while tcpdump captures network traffic. This enables us to analyze the DHCP communication between the client and server.
For that, we first open a session on the client machine and start tcpdump:
$ sudo tcpdump -i eth1 port 68 -n
tcpdump: verbose output suppressed, use -v[v]... for full protocol decode
listening on eth1, link-type EN10MB (Ethernet), snapshot length 262144 bytes
...
Here, tcpdump is listening on the eth1 interface. Moreover, it captures the communication on port 68.
Next, leaving the tcpdump command running, we start another terminal session on the client machine. Now, we use the dhclient tool to request IP addresses from the DHCP server machine:
$ sudo dhclient -r eth1
Eventually, the -r option releases the current lease on the interface eth1. tcpdump then captures the DHCP traffic on the specified interface (eth1 in this example).
We can see the output in the tcpdump terminal:
$ sudo tcpdump -i eth1 port 68 -n
...
05:02:59.710833 IP 192.168.50.21.67 > 192.168.50.112.68: BOOTP/DHCP, Reply, length 300
05:03:02.725129 IP 192.168.50.22.67 > 192.168.50.198.68: BOOTP/DHCP, Reply, length 300
...
tcpdump filters DHCP server-related port 68 to focus on DHCP transactions. Thus, we can see the DHCP-related messages in the output.
Notably, this method can detect multiple DHCP servers advertising on the network.
5.2. Using Nagios Script
Nagios is a popular and fairly comprehensive monitoring system. It includes a plugin called check_dhcp for monitoring DHCP servers.
Let’s install the nagios-plugins package:
$ sudo apt install nagios-plugins
Interestingly, we don’t need to install the whole Nagios package to use the script.
Next, we locate the check_dhcp script. Generally, it’s located under /usr/lib/nagios/plugins:
$ ls /usr/lib/nagios/plugins
check_apt check_hpjd check_nntp...
check_dhcp...
...
Further, we use the check_dhcp script to test the server manually:
$ sudo ./check_dhcp -s 192.168.50.21 -i eth1
OK: Received 1 DHCPOFFER(s), 1 of 1 requested servers responded, max lease time = 43200 sec
Since we got a DHCP OFFER message from the server, a DHCP service seems to be active on it. Also, the above script can only check if a given server is a DHCP server instead of checking a whole network.
However, just like tcpdump, Nagios offers a more accurate approach for detecting a DHCP server when more than one server is advertising.
6. Conclusion
In this article, we learned about some command-line tools to test if a DHCP service is running on a system or within a network.
First, we set up a lab environment to use the tools. Then, we started with the nmap tool to scan for the available DHCP servers on the network. Next, we used the dhcpcd client in test mode. Further, we used dhclient and tcpdump simultaneously for capturing DHCP server packets.
Finally, we used the Nagios check_dhcp script, which offered a quick but fairly comprehensive solution for checking if a server is offering DHCP services.