Is there any way to detect full DHCP pool just from DHCP traffic??
I assume for simplicity just one DHCP server in network.
I have found in RFC 2131, that DHCP NAK is sent only in this case:
Server to client indicating client's notion of network
address is incorrect (e.g., client has moved to new
subnet) or client's lease as expired.
So I suppose DHCP NAK is not sent, when DHCP pool is full. But definitely it goes with full DHCP pool.
I have also found in this topic
Best practice using Cisco's "ip-helper" for DHCP?
If a DHCP server's scope is full, it won't reply with a DHCPOffer…
So I think when DHCP pool is full, clients will retransmit many DHCP DISCOVER, because of retransmitting algorithm defined in RFC 2131. I don't see better way to detect full DHCP pool from DHCP traffic. If anyone have better idea to detect it just from sent packets I would be really glad. Thanks in advance.
Best Answer
You are correct, just by looking at a bit of DHCP traffic, it is impossible to determine if a server is out of addresses. You cannot distinguish an empty pool from a crashed server, since in both cases the server will not respond to a DHCPREQUEST.
Theoretically, if you have access to all of the server's DHCP traffic from the very start, and have some info about its configuration, you could keep track of all the leases it hands out and completely emulate its bookkeeping. This would allow you to know when the server has allocated all available addresses.
Note that you would need some knowledge about the DHCP pool. A DHCP range is often a subset of a subnet, so you would need to know which addresses are available. Also, when the admin sets up stuff like addresses to be handed out to specific MAC addresses, things become even more complicated.
I'm afraid the best place to determine if a server is out of addresses still is... the server itself.