People have asked me to talk a bit about the DHCP Servers. As you probably know, DHCP is used on networks to automatically assign IP addresses to client computers (or devices) that connect to the network.
When a client without an IP address starts up on the network, it sends a DHCP_DISCOVER message. The DHCP server replies with a DHCP_OFFER to that client. The client then sends back a DHCP_REQUEST and the server acknowledges with a DHCP_ACK. Once this sequence is complete, the client can use that IP address for the duration of the time period contained in the offer packet.
Our DHCP Server Discovery Tool sends the DHCP_DISCOVER message and displays the returning DHCP_OFFERs. That means if you have more than one DHCP server on your network, you can see all of them and the information they are offerring.
Why is it important to see all the DHCP servers? Several reasons.
One is accidental conflicts. Two DHCP servers might be offerring overlapping ranges of IP addresses. This is not a good situation and could happen if a new device is put into the network that contains an active DHCP server that is active by default. Actiontec DSL routers, Windows Servers and Linux systems can all run DHCP servers.
Another similar situation that might occur is when a new device with an active DHCP server is added to a network by being moved from a previous location (a recycled device) and that device had a DHCP server offering a range of IP addresses from a different subnet than the subnet it is being moved to. Devices requesting new IP addresses might be offered an IP for a different (incorrect) subnet by the second DHCP server. This would mean that any device successfully obtaining an IP address from the new server would be prevented from talking on the network it is attached to because the IP address it has obtained is not within the subnet. This could be classified as a rogue server.
Another more dangerous scenario is when a "rogue" server is added for the specific purpose of offering legitimate IP addresses, while at the same time offering the IP address of a malicious DNS or router. The DHCP_OFFER packets contain more than just the offered IP address, they contain many other optional fields like DNS and router IPs.
Our DHCP Server Discovery Tool shows all the responding servers and the information they are offering including the IP address, subnet mask, DNS IPs, Router IPs, lease times etc. This way you can see the parameters and decided for yourself whether the information is correct -- especially if you find a second DHCP server on your network.
No comments:
Post a Comment