Untuk mengetahui IP address dan MAC address dari sebuah DHCP server bayangan (baca:unauthorized) di
sebuah LAN, bisa digunakan modul scapy bahasa pemrograman python.
┌─(root@pcxthinkslack)
└─(:))(#)─> scapy
INFO: No IPv6 support in kernel
WARNING: No route found for IPv6 destination :: (no default route?)
Welcome to Scapy (2.0.1)
>>> conf.checkIPaddr = False
>>> fam,hw = get_if_raw_hwaddr(conf.iface)
>>> dhcp_discover =
>>> Ether(dst="ff:ff:ff:ff:ff:ff")/IP(src="0.0.0.0",dst="255.255.255.255")/UDP(sport=68,dport=67)/BOOTP(chaddr=hw)/DHCP(options=[("message-type","discover"),"end"])
>>> ans, unans = srp(dhcp_discover, multi=True)
Begin emission:
Finished to send 1 packets.
\*................................................................................................................^C
Received 113 packets, got 1 answers, remaining 0 packets
>>> ans.summary()
Ether / IP / UDP 0.0.0.0:bootpc > 255.255.255.255:bootps / BOOTP / DHCP ==> Ether / IP / UDP
172.16.0.3:bootps > 172.16.1.191:bootpc / BOOTP / DHCP
>>> for p in ans: print p[1][Ether].src, p[1][IP].src
...
00:23:8b:64:87:44 172.16.0.3
>>>Dari script diatas ditemukan satu ‘machine’ yang menjalankan DHCP server dengan alamat IP 172.16.0.3 dan MAC address 00:23:8b:64:87:44.
=-=-=-=-=
Powered by Blogilo