Which of the two scripts to use depends on your specific situation. If the DHCP server is local to the scanner, or you want to follow the current DHCP relay agent path, then broadcast-dhcp-discover is likely a better choice. If you want to target a specific, non-default DHCP server then dhcp-discover might work for you.
As for Nmap 7.80, the command sudo nmap -sU -p 67 --script broadcast-dhcp-discover --script-args broadcast-dhcp-discover.mac=randsudo nmap -sU -p 67 --script broadcast-dhcp-discover --script-args broadcast-dhcp-discover.mac=rand and sudo nmap -sU -p 67 --script broadcast-dhcp-discover --script-args broadcast-dhcp-discover.mac=random result in using the actual MAC address and IP of the machine running it. In other words, the source address randomization seems not working.
In other words, the source address randomization seems not working.
I have re-validated that both scripts are working as expected. The DHCP server is correctly picking up and responding to this random MAC address. Please make sure that you are inspecting field bootp.hw.mac_addr, not eth.src (in Wireshark-speak).
...the UDP package is sent with source address 0.0.0.0. However, it's has been changed to the actual IP when captured on the Wireshark.
Please create a new issue. Do not treat this closed issue as a catch-all.
I am trying to test a DHCP server to see if a specific MAC address receives the correct IP address assignment.
Would it be possible to add a command line argument option to allow a MAC address to be specified?
nmap -sU -p 67 --script=dhcp-discover -m '80:ce:62:e4:6e:f5'
The text was updated successfully, but these errors were encountered: