Re: Problem using the dhcp-discover script for Nmap

[Ron <ron () skullsecurity net>]

On Wed, 13 Jul 2011 14:22:53 +0200 Paul Courbis <paul () courbis com> wrote:
> Hi
>
> I'm sorry to bother you about this but I can't figure out how to make
> your script work.
>
> I have a network with a DHCP server (actually a "Livebox", an ADSL
> box frow Orange/France Telecom). It works quite well and returns IPs
> when using dhclient for example.
>
> I try ro use your script. As far as I understand, when doing
> something like "nmap -sV --script=dhcp-discover <DHCP server IP
> address>" I should received some information such as descrbed in
> http://nmap.org/nsedoc/scripts/dhcp-discover.html (ie IP offered,
> etc...)
>
> I try to run this on my openSuse 11.4 linux (using both the lastest
> stable or beta version of nmap) but after a long time it gives
> nothing. The udp/67 port is even not listed.
>
> I also tried to do something like "nmap -sU -p67
> --script=dhcp-discover x.x.x.x" but I just get the fact that 67/udp
> is "open|filtered" but nothing more.
>
> What am I doing wrong ?
>
> Thanks in advance
>
> Best regards
>
> Paul
> -- 
> Paul Courbis

Hey Paul, 

The protocol for dhcp is a little messed up. I've noticed that certain implementations will only respond if it receives 
a request on the broadcast address rather than a standard UDP/67 connection. 

I think we should add a prerule to the dhcp-discover script to do a broadcast. I'm CCing nmap-dev for opinions - I 
don't have time to do it right now, but hopefully somebody else can kick in and write it?

Ron
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/