Detect double DHCP server in network

Since long I have been looking for some signature which can tell there are more than 1 dhcp servers in the network.
As we know it has been one of the more frequent reasons for outage.
Typical reasons:

  1. Cable in wrong port of the router.
  2. Someone resetting an AP, which reverts it to default config, starts serving dhcp.

Incidentally i found below post by @slh which gave me an answer.

When you do /etc/init.d/dnsmasq restart

No >1 dhcp server:

udhcpc: started, v1.28.3
udhcpc: sending discover
udhcpc: no lease, failing

When >1 dhcp server:

udhcpc: started, v1.28.4
udhcpc: sending discover
udhcpc: sending select for
udhcpc: lease of obtained, lease time 86400

"The dnsmasq initscript does a DHCP request on its own, to check that there if no other DHCP server on your network segment, before starting the dæmon."

Now my question:
Is there a way to find this without restarting dnsmasq?

You might try just broadcasting a DHCP "discover" and seeing what comes back, independent of your running DHCP server. One return from your "expected" server is OK, any from another server is likely bad.

Related and perhaps interesting to you is that some Cisco switches, at least the SG300 series, have a set of features to block DHCP servers on "unauthorized" ports.


What would be the simplest way to do that?
I want to do this on the router itself.

See here:;a=blob;f=package/network/services/dnsmasq/files/dnsmasq.init;h=1054f7a12a15618a869f2f68b97276f50eebc5a4;hb=4fc0a61ed3da96330d30703a2a039a6a06dc0b2f#l98

if udhcpc -n -q -s /bin/true -t 1 -i "$ifname" >&-; then
    echo "Another DHCP server is running on $ifname"

Edit: If what jow points out works, that looks rather simple and robust.

For simplest, I'd probably see if socat could do it, then look at Python and scapy (not lightweight), finally it would be down to C code . Whatever was sending the packet would be coupled with tcpdump and probably a shell script to see what comes back.

1 Like

Awesome, thanks.
I replaced ifname=br-lan as I bridge eth2 and eth3 to br-lan.

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.