I am investigating some odd behaviour on a sub-net, where host registration doesn’t list some of the IPs that some users report having. Now that I’ve seen evince, i want to passively scan for the presence of a rouge DHCP server, not listed in my domain.
How might I do that?
Or rather, are there any Linux tools to list the DCHP servers within a domain?
(I might write a script to search randomly, as I suspect the rouge DHCP server is not on all the time, or perhaps not acting as a DHCP server all the time.)