A PowerShell script to send a DHCP Discover request and listen for DHCP Offer responses, it can be used for finding DHCP servers (including rogue servers), or for testing DHCP servers and relays. The output from this script is an object containing a decode of the DHCP packet and a number of options.

By default the script uses a spoofed MAC address of AA:BB:CC:DD:EE:FF to send the offer, a specific MAC address can be specified using the MacAddressString parameter.

The script can listen for DHCP offers for a specified number of seconds by using the DiscoverTimeout parameter, by default the script listens for 60 seconds. Note that a timeout is set for the ReceiveFrom method, this is set to 10 seconds in the script and applies to each receive attempt. If the connection times out the script will stop listening for offers regardless of the value for DiscoverTimeout.

This script has only been tested using PowerShell 2.0.

6 Comments

  1. Nice script !
    It works fine with PowerShell 2.0, but not with PowerShell 1.0 (as I expected).

    Reply

  2. Hi Chris,

    Just tried this out, a really useful script, saves me having to download wireshark to find out where those rogue DHCP services are running from!! I’ve found DHCP servers running on printers in my time, so a really nice script.

    Shaun

    Reply

  3. Thanks!

    saved me a lot of work!

    Serg

    Reply

  4. pandafs2@twitter

    OMFG!
    Working with network low-level with PoSh!

    Reply

  5. Thanks so much, I’ve modified it to suit my needs but it works a treat!

    Reply

  6. Patrick Sczepanski

    Hello
    Thank you for the cool script. Was searching since quite some time to find something to check if a DHCP server is alive.

    There is a little bug in the regex in line 111:
    $MacAddressString -Replace “-|:|.”
    The . represents any character and effectively removes any string. So $MacAddress will be empty.

    At least PowerShell 4 (and probably 3) moans about an exception parsing an empty string.
    The rest of the script work even with this tiny bug but may not have spoofed the MAC.

    Patrick

    Reply

Leave a Reply

Your email address will not be published. Required fields are marked *