Since long I have been looking for some signature which can tell there are more than 1 dhcp servers in the network.
As we know it has been one of the more frequent reasons for outage.
Typical reasons:
Cable in wrong port of the router.
Someone resetting an AP, which reverts it to default config, starts serving dhcp.
Incidentally i found below post by @slh which gave me an answer.
When you do /etc/init.d/dnsmasq restart
No >1 dhcp server:
udhcpc: started, v1.28.3
udhcpc: sending discover
udhcpc: no lease, failing
When >1 dhcp server:
udhcpc: started, v1.28.4
udhcpc: sending discover
udhcpc: sending select for 192.168.1.2
udhcpc: lease of 192.168.1.2 obtained, lease time 86400
"The dnsmasq initscript does a DHCP request on its own, to check that there if no other DHCP server on your network segment, before starting the dæmon."
Now my question:
Is there a way to find this without restarting dnsmasq?
You might try just broadcasting a DHCP "discover" and seeing what comes back, independent of your running DHCP server. One return from your "expected" server is OK, any from another server is likely bad.
Related and perhaps interesting to you is that some Cisco switches, at least the SG300 series, have a set of features to block DHCP servers on "unauthorized" ports.
Edit: If what jow points out works, that looks rather simple and robust.
For simplest, I'd probably see if socat could do it, then look at Python and scapy (not lightweight), finally it would be down to C code . Whatever was sending the packet would be coupled with tcpdump and probably a shell script to see what comes back.