How Somebody Helped Kill dhcpd on Our Network

Tim Peiffer peiffer at
Mon Jul 31 15:16:04 UTC 2006

Then the way to go is to run snoop,tcpdump, etc on the vlan that the 
dhcpd is connected to looking for responses from 68/udp, and run through 
a decode mechanism such as dhcpdump  Then you will need to maintain a 
list of who the legit dhcpd servers are and make decisions on whom/what 
to kill.   Things to consider are DHCP relay agents which communicate 
from 68/udp to 68/udp, Novell servers, JumpStart, PXE boot, etc, for 

tcpdump -s1500 -lenx -X src port 68 | dhcpdump

Tim Peiffer

Martin McCormick wrote:
> Tim Peiffer writes:
>> I apologize for the mis-config.  Access_IN is our standard access list 
>> naming and I called the filter No_DHCP_SERVER to be more descriptive..
> 	Thanks for the good information.  Cisco is where we are
> going but unfortunately we haven't replaced everything yet.

More information about the dhcp-users mailing list