November 15, 2018, 07:55:51 PM

Author Topic: Ability to detect if an address is DHCP or Static  (Read 625 times)

aeccles

  • Member
  • *
  • Posts: 7
Ability to detect if an address is DHCP or Static
« on: August 13, 2018, 11:51:03 AM »
It would be great if there was a way to identify if a device's IP address was static or DHCP.

Possible process:
Discover a subnet
get a powershell dump of DHCP leases
Compare to identify which active addresses are static vs. dhcp


Komodo Support

  • Administrator
  • Member
  • *****
  • Posts: 808
  • Dayton, Ohio, USA
    • Komodo Laboratories LLC
Re: Ability to detect if an address is DHCP or Static
« Reply #1 on: August 13, 2018, 01:32:15 PM »
Hi there!  Our deep scanning software, NEWT Pro, will show whether a PC or server is set to DHCP or Static.  Having credentials is the one reliable method, but then you have non-PC devices that would be much more difficult to get the info directly, to the point of it not being worth it.

One could guess which devices are DHCP/static by repeatedly and continuously scanning and determining which devices move to other IPs or stay the same.  This is something we'd like to add in v2.0 since automated/scheduled scanning is planned.  Is that what you meant in your last suggestion?

aeccles

  • Member
  • *
  • Posts: 7
Re: Ability to detect if an address is DHCP or Static
« Reply #2 on: August 15, 2018, 10:57:20 AM »
Great to know that this can be found on PCs & Servers via NEWT Pro.  For the situation I am currently facing, it's a couple hundred non-pc/servers that I'd like to know about.

My last suggestion is about comparing a Siltheris Discovery to an output of active DHCP leases that could be obtained from a DHCP server.  If you put the results of each into a database/excel, you could compare IPs and MAC addresses and determine which systems got their IPs via DHCP.

Komodo Support

  • Administrator
  • Member
  • *****
  • Posts: 808
  • Dayton, Ohio, USA
    • Komodo Laboratories LLC
Re: Ability to detect if an address is DHCP or Static
« Reply #3 on: August 15, 2018, 01:37:00 PM »
And NEWT Pro would also give you some more information about the NIC as well, such as MTU, etc.

Are you saying to some how allow a user to enter active leases themselves?  I don't think there's a practical way to pull this info automatically.  Maybe we're not quite understanding.  Could you elaborate a little more on how you'd see this being done?  That would help a lot.

aeccles

  • Member
  • *
  • Posts: 7
Re: Ability to detect if an address is DHCP or Static
« Reply #4 on: August 15, 2018, 02:24:02 PM »
Export DHCP leases through a powershell command:  https://docs.microsoft.com/en-us/powershell/module/dhcpserver/export-dhcpserver?view=win10-ps


Here's how I see it working:
Complete a subnet scan in Slitheris (or maybe this is better for NEWT given current capabilities)
Slitheris/NEWT send a remote powershell command to the DHCP server to export the DHCP leases from the same scope.
Slitheries/NEWT imports those leases into the Slitheris/NEWT database
Slitheries/NEWT compares the MAC/IP address info discovered by Slitheris/NEWT to the MAC/IP info from the DHCP Server
The items that match up could be confirmed as being a DHCP address.
Those that don't match would have a very high probability of being static.
Slitheries/NEWT shows these results in the GUI... a column title DHCP Address and show "YES" for matches?

Komodo Support

  • Administrator
  • Member
  • *****
  • Posts: 808
  • Dayton, Ohio, USA
    • Komodo Laboratories LLC
Re: Ability to detect if an address is DHCP or Static
« Reply #5 on: August 21, 2018, 12:46:23 PM »
Apologies for the delay!

We found this idea very interesting and we'll definitely keep it in mind when we get to that point.  There are so many other issues we need to tackle, it may be some time before we're ready to delve into this much further.  It is a really good idea though.  Thank you!