Is it possible to check the things the dhcp-server delivers?
When I configure my dhcp-server I tell it what file to boot from, ex: pxelinux.0
, and where it should find it, ex: 192.168.0.112
.
Could I verify that this is whats delivered from the dhcp-server somehow without having to actually netboot a machine? I think I'm searching for a some commandline trick here, something like:
I have read this https://serverfault.com/a/875791/243665 but it does not tell me everything. The bootfile name is shown, but the location of the pxeserver (192.168.0.112
) is missing. Ex:
$ sudo nmap --script broadcast-dhcp-discover
Starting Nmap 7.60 ( https://nmap.org ) at 2019-12-02 08:49 CET
Pre-scan script results:
| broadcast-dhcp-discover:
| Response 1 of 1:
| IP Offered: 192.168.0.36
| DHCP Message Type: DHCPOFFER
| Server Identifier: 192.168.0.1
| IP Address Lease Time: 5m00s
| Subnet Mask: 255.255.255.0
| Router: 192.168.0.1
| Domain Name Server: 192.168.100.10, 192.168.100.11
| Domain Name: ulfexample.com
| Renewal Time Value: 2m30s
| Rebinding Time Value: 4m22s
|_ Bootfile Name: /pxelinux.0
Best Answer
uses the script
broadcast-dhcp-discover
found here:https://svn.nmap.org/nmap/scripts/broadcast-dhcp-discover.nse
you should replace:
with:
Alternatively you could also use
the script is:
https://svn.nmap.org/nmap-exp/patrik/nmap-brute/scripts/dhcp-discover.nse
you should replace:
with:
in both cases you should be able to get the PXE info if the NBP is stored in the
file
field of the DHCP offer and the TFTP server IP is stored in thesiaddr
field of the DHCP offer