Tool to detect DHCP requests in the network.
Runs in a docker container connected to the host's network.
The detected requests are parsed and published via MQTT.
Example of published message:
{
"time": "Thu Jul 2 15:36:28 UTC 2020",
"mac": "22:11:00:cc:bb:aa",
"ip": "172.16.0.1",
"hostname": "unknown"
}
Build the docker image using:
docker build -t dhcp-detector .
Running the image as a container:
docker run -it -e MQTT_BROKER=mybroker -e MQTT_TOPIC="my/cool/topic" --network=host --rm dhcp-detector
Get the docker image from DockerHub and run it
docker run -d --restart unless-stopped --network=host bioboost/dhcp-detector:v1.1
Make sure to connect the container to the host's network.
The broker and topic can be configured via environment variables:
docker run -it -e MQTT_BROKER=mybroker -e MQTT_TOPIC="my/cool/topic" --network=host --rm bioboost/dhcp-detector:v1.1
The script can also be run without docker. Just make sure to install it's dependencies first:
apt install -y gawk tcpdump jq mosquitto-clients
To configure the broker and topic one can pass these as arguments to the script:
./detector -b mybroker -t some/cool/topic
or as environment variables MQTT_BROKER
and MQTT_TOPIC
:
MQTT_BROKER=mybroker MQTT_TOPIC=some/cool/topic ./detector
The arguments passed to the script take precedence over the environment variables.