Would it be possible to implement detection of (roque) DHCP-Servers in the network?
Or is this already possible to actualize this via a specific Port?

Will there be a 64bit Version of the network scanner? I would really appreciate it

Hey Jake, this is my thread, open your own!

Quote:

Would it be possible to implement detection of (roque) DHCP-Servers in the network?

Yes, it'll be added shortly. Stay tuned.

Quote:

Will there be a 64bit Version of the network scanner?

Some day, in the future

Andrew Wrote:
-------------------------------------------------------
> Would it be possible to implement detection of
> (roque) DHCP-Servers in the network?
>
> Yes, it'll be added shortly. Stay tuned.
>

Oh great!
Can't wait to get it!

By the way, you have a great peace of Software here and you're doing a great job keeping it up-to-date and putting requests into effect!

Thumbs up!

DHCP server discovery is now available in this build (see under Actions in the main menu)

(netscan 4 4 9 prelim)

Error 10048.

Tried with different DHCP servers, all got 10048.

You mean you ran the application a DHCP server not on a client machine? If so, please provide a complete output of the netstat -na command launched at a command prompt at the server.

Sorry for being imprecise.

I ran netscan 4_4_9 prelim on a client (Win7 64bit).

In my home network of twelve machines I have five that could be
DHCP servers plus an assortment of routers, etc that could be
the active DHCP server on the network.

What I meant was that the DHCP discovery on the net as is failed, so
I switched different servers/etc into DHCP mode. (There can only be one,
as we all know).

So, no matter what platform the DHCP server was running on (FreeBSD,
linuxes, proprietary router OSs) the client instance of netscan 4_4_9 prelim
failed on the DHCP server discovery function.

Just re-ran a test.
DHCP server is IPCop 1.4.21 (linux 2.4.36)
client 1 Win7 64 bit
client 2 winXp SP3

DHCP server running with no DHCP clients.
Both Win7 & XP runs DHCP discovery without the 10048 error.
Neither XP nor Win7 reported any running instances of a DHCP server.

DHCP server running with one DHCP client.
XP runs the DHCP discovery without error, but still does not report
any instances of a DHCP server on the net.
Win7 fails with the 10048 error.


When I ran the first test there were DHCP clients so the Win7 fail
seems consistent.

Why Win7 throws a 10048 when there is a DHCP client is a mystery to me.

I isolated the local net from the world and reduced the firewall settings and other security
measures on the DHCP server to nothing. Ran same clients with same results.

I'll try other configurations during the day and if anything different shoews up I'll report it.

Also please try this build where error 10048 should be fixed.

netscan2.exe 10048 error

This build did stop Win7 etc. from throwing 10048 from DHCP
discovery function.

Still no DHCP servers detected though.

In this case I'd like to see what's happening on your system. If possible, please capture a flow of packets using any sniffer like Wireshark or our Protocol Analyzer. Basically, I just need to see the DHCP query sent out by the network scanner and replies received from DHCP servers (if any).

OK

Will use Wireshark later today to try to capture DHCP discovery.

Seems like a normal transaction but no data displayed by the 'actions' pop up
screen.

The 192.168.1.12 Lite-On nic asks for any DHCP servers and 192.168.1.4
offers 192.168.1.203

192.168.1.4 is IpCop

Aything more?
Attachments: screenshot.2.png (17.7KB)  

Please attach the actual capture file, so we can check the packet(s) against the network scanner's DHCP parser, perhaps it's buggy.

OK

Can't attach a .pcap file so I'll have to zip it.


DONE
Attachments: dhcp_discovery_netscan_449.zip (1.2KB)  

Thank you, I had checked it out, but was unable to determine what went wrong.

Could you please run this build and see what it prints (there will be a console log window)?

Can't get past error 10048.

If it will help, I'll run a packet sniff on this later today.

Sorry, that's because the previous fix was not in this build. Please re-download the file here and try again.

no error
no data displayed

zipped pcap attached
Attachments: dhcp_discovery_netscan3_449.zip (1.2KB)  

Nothing displayed in the console window at all?

No, I meant no results.
Your messages about sending query/ waiting/ finished
appear, but nothing else. (see attached pngs)
Attachments: screenshot.3.png (605 bytes)   screenshot.5.png (15.7KB)  

I think I have figured it out. Normally the DHCP server broadcasts a DHCP offer to the client. For some reason, your specific implementation sends it directly to the client. It falls flat as the network scanner uses a bogus MAC address in the query 0A:0B:0C:0D:0E:0F, so the offer is rejected by the network card as it assumes the packet is not destined to it. I will add a workaround shortly.

That makes sense as I use a best practice standard of employing MAC based ACLs.

Spurious or spoofed MACs won't get anywhere on my systems.

(I even filter on MAC for DHCP)

Please try out this build. It should work normally

1. winHTTP Proxy Auto discovery Service must be diabled

and, then

2. DHCP Client Service must be switched off.

With the above netscan4.exe picks up two out of four
DHCP servers on the network.
(Specifically it detects two old Linksys routers
netscan4.exe fails to detect a PcLinuxOS and a IPCop DHCP server)

The MicroSoft DHCP Team published a Rouge DHCP Server Detector..
This tool found all four DHCP servers on the network.

[blogs.technet.com]

What's the difference between netscan and MS DHCP Team's RogueChecker ?

Well, we had been asked to add DHCP discovery in netscan, so we have implemented it. Technically these tools are similar, although I believe we can make ours more convenient.

We've made some further changes to the DHCP discovery feature to make it more standard-compliant. Please try the new build here. If it also fails to find all the 4 servers, please let me know whether you have more than one network interface on that machine, so that machine is multihomed.

OK

Will download netscan5 and reply.

Yes, Three machines in the current configuration of the network are laptops
with both ethernet and wireless iinterfaces. Usually they are all 'either/or'
nics, but I've noticed that sometimes Win7 and WinXP "forget" to ignore
the inactive interface. I.E., some apps (like netscan ??? ) don't differentiate
between nics in use and 'inactivated' nics - so the apps will willy nilly think one
or another is active without real world checking. (Even in the case where a wireless
interface has it's radio switched off manually).

There must be a lookup table that enumerates potential interfaces that is being referenced
without any reality checking.

Success.

All DHCP servers found.

I switched the net config around a bit to try variations and
netscan functioned for DHCP discovery in all I tried.

Now, UDP?

Glad to hear that it's working finally. Not sure what you mean by the 'Now, UDP?' question though.