[sysmon-help] Monitoring DHCP with sysmon?

Jared Mauch jared at sysmon.org
Wed Mar 7 17:58:19 EST 2007


On Wed, Mar 07, 2007 at 01:46:24PM +0100, Vincent De Keyzer wrote:
> Hello,
> 
>  
> 
> is it possible to monitor a DHCP server with sysmon?
> 
>  
> 
> I'm trying to monitor UDP port 67 on the machine, but I get a "Conn Timed
> Out".

	it just sends a random udp packet so your server could be
saying it's invalidly formatted and ignoring it.  this is likely what
is happening.

	some udp based services send back an "invalid req" packet
so you'd get a "response".

	i can look at adding back in a bootp/dhcp type
request.  would you want to also specify a client-id or mac address
in the configuration file for this type of a test?  what format
of a mac address?  0123.4567.89ab or 01:23:45:67:89:ab or other?

	- jared

-- 
Jared Mauch  | pgp key available via finger from jared at puck.nether.net
clue++;      | http://puck.nether.net/~jared/  My statements are only mine.


More information about the Sysmon-help mailing list