DHCPLOC Utility – Detect Rogue DHCP Servers on your network

http://technet2.microsoft.com/windowsserver/en/library/8fa42e83-ec08-4a9b-9057-8909f7ed433e1033.mspx?mfr=true
This command-line tool displays the DHCP servers active on the subnet. If it detects any unauthorized DHCP servers, it beeps and sends out alert messages. It also displays packets that it detects from DHCP servers; you can specify whether to display packets from all DHCP servers or only those from unauthorized servers.

You can also use this tool to determine which DHCP servers are available to a DHCP client and to detect unauthorized DHCP servers on a subnet.

Here is the DHCPLOC syntax:

dhcploc /p /a:”AlertNameList” /i:AlertInterval ComputerIPAddress [ValidDHCPServerList]

/p suppresses display of detected packets from any of the authorized DHCP servers specified in ValidDHCPServerList. /a:”AlertNameList” sends alert messages to the names in AlertNameList if any unauthorized DHCP servers are found.

/i:AlertInterval specifies the alert frequency in seconds.

ComputerIPAddress specifies the IP address of the computer from which you are running DHCPLoc. If the computer has multiple adapters, you must specify the IP address of the adapter that is connected to the subnet you want to test.

ValidDHCPServerList specifies the IP addresses of any number of authorized DHCP servers. The tool does not send alerts when it detects packets from the servers in this list; however, it displays those packets unless you use the /p parameter.

Kazmarek Employees can find the utility on the KTS FTP server in the DownloadsMicrosoft Windows – ServerDHCPLoc location

Alternativily the utilty is available in the Support Tools directory on the Windows Server CD.