[sysmon-help] Monitoring DHCP with sysmon?

Vincent De Keyzer vincent at dekeyzer.net
Thu Mar 8 05:44:00 EST 2007


> 	it just sends a random udp packet so your server could be
> saying it's invalidly formatted and ignoring it.  this is likely what
> is happening.
> 
> 	some udp based services send back an "invalid req" packet
> so you'd get a "response".
> 
> 	i can look at adding back in a bootp/dhcp type
> request.  would you want to also specify a client-id or mac address
> in the configuration file for this type of a test?  what format
> of a mac address?  0123.4567.89ab or 01:23:45:67:89:ab or other?

Slight preference for the first format (less typing ;), but I'm a network
guy and not a systems guy.

You probably also
* want to be able to monitor a DHCP server that is not on the same subnet as
the sysmon server (DHCP relay)
* don't want to block an IP address from the pool just for monitoring, so
sysmon could release the IP just after it has obtained its lease

Maybe I'm asking too much? (I'd of course be honoured to assist you within
the limits of my little knowledge, if required.)

Vincent



More information about the Sysmon-help mailing list