This utility also serves as a great security application as it can detect the presence of unauthorized DHCP servers on your network. This is a great way of eliminating rogue routers and access points that may be sourcing DCHP packets.
Here is the DHCPLOC syntax:
dhcploc /p /a:"AlertNameList" /i:AlertInterval ComputerIPAddress [ValidDHCPServerList]
/p suppresses display of detected packets from any of the authorized DHCP servers specified in ValidDHCPServerList.
/a:"AlertNameList" sends alert messages to the names in AlertNameList if any unauthorized DHCP servers are found.
/i:AlertInterval specifies the alert frequency in seconds.
ComputerIPAddress specifies the IP address of the computer from which you are running DHCPLoc. If the computer has multiple adapters, you must specify the IP address of the adapter that is connected to the subnet you want to test.
ValidDHCPServerList specifies the IP addresses of any number of authorized DHCP servers. The tool does not send alerts when it detects packets from the servers in this list; however, it displays those packets unless you use the /p parameter.
As an example, by walking into a network and running dhcploc by typing dhcploc (your-ip-address) you will generate output similar to the following:
17:36:38 (IP)18.104.22.168 ACK (S)22.214.171.124
This tells you that there is a dhcp server located at 126.96.36.199.
The DHCPLOC.exe utility can be found installed by running the \support\tools\suptools.msi file on your Windows XP CD-ROM.
Chris Sanders is the network administrator for one of the largest public school systems in the state of Kentucky. Chris's specialties include general network administration, windows server 2003, wireless networking, and security. You can view Chris' personal website at www.chrissanders.org.