ex_dhcp v0.1.5 mix snoop View Source

A tool for snooping on DHCP transactions that are passing by this particular connected device.

Usage

Run this mix task on a device on the same layer-2 network as the network where you'd like to watch DHCP packets go by. It's probably a good idea to not have this be the same machine that you're using to serve DHCP.

mix snoop

Defaults to listening to UDP ports 67 and 68. In order to use this feature on most Linux machines, you'll need give your erlang virtual machine permission to listen on (< 1024) port numbers. You can do this with the following command as superuser:

setcap 'cap_net_bind_service,cap_net_raw=+ep' /usr/lib/erlang/erts-10.6.1/bin/beam.smp

Note that the path to your beam.smp might be different.

Ctrl-c will exit out of this mix task

Using without setcap

You can use this program without changing the permissions on beam.smp. Instead, supply the --port or -p parameter to the mix task, like so:

mix snoop -p 6767

And you'll want to forward UDP port activity from 67 and 68 to the snoop port 6767, you may use iptables as superuser to achieve this. Note that these changes may not persist on certain network activity (such as (libvirt)[https://libvirt.org/] creating or destroying a network), and certainly not on reboot. Instrumenting these settings as permanent is beyond the scope of this guide.

iptables -t nat -I PREROUTING -p udp --dport 67 -j DNAT --to :6767
iptables -t nat -I PREROUTING -p udp --dport 68 -j DNAT --to :6767

This will cause DHCP packets streaming to be logged to the console.

Options

• --bind <device> or -b <device> binds this mix task to a specific network device.
• --save <prefix> or -s <prefix> saves packets (as erlang term binaries) to files with the given prefix