I want to write a program to detect rogue DHCP server on my (switched)
network. It would broadcast a "dummy" MAC address and see which DHCP
server responds. My idea is to send a DHCPDISCOVER packet and see
which DHCP server sends an ACK packet (but never acknowledge the ACK
and terminate the connection).
How do I go about writing this in Ruby?
Thanks for any suggestions.
First up grab a copy of RFC 2131 (assuming it's still current, this
isn't my area of expertise) and implement the protocol with Ruby's bit-
struct library (see the Camping presentation linked from my .sig for
some basic info on bit-struct). You'll want to use a raw socket for
sending the DHCPDISCOVER and there's some basic coverage of them in
the Pickaxe but if you're not familiar with network programming a copy
of Stevens' UNIX Networking Programming will come in handy.
In the presentation we also cover the use of libpcap for watching on-
the-wire traffic and that's probably the way to go for detecting the
ACK packet if you have the privileges to put your NIC in promiscuous
mode.
You'll also find a slew of network code of varying quality scattered
through the other linked presentations and some of that may give you
inspiration: the UDP client examples in the "Semantic DNS" and "Shoes"
presentations are particularly lightweight and should (with a big "I'm
guessing without writing the code myself" disclaimer) apply equally to
raw sockets.
Ellie
Eleanor McHugh
Games With Brains
http://slides.games-with-brains.net