Installing dhcp_probe Note that the file INSTALL contains generic build and installation instructions; it supplements this file (specifically, the steps involving 'configure', 'make', and 'make install'). The file PLATFORMS contains platform-specific notes. dhcp_probe is intended for use by a network administrator. Before running dhcp_probe on any network other than one for which you are responsible, contact that network's administrator to learn if it is acceptable for you to run this software on that network. Running this software may violate on a network where you don't have permission to do so may violate that network's acceptable use policy. --- 1. Obtain and install libpcap, the packet capture library. Version 0.8.1 or later is required. It is available from http://www.tcpdump.org More information about which versions of libpcap the program has been successfully used with (and whether any versions should be avoided), may appear in the PLATFORMS file. If libpcap isn't supported on your platform, you can't use dhcp_probe. Libpcap must be installed to compile dhcp_probe; we assume we'll find the libpcap library and header files in either /usr/local or the other usual places the compiler and linker will search. If you've installed it elsewhere, when you run 'configure' below, remember to specify the --with-pcap=DIR option. -- 2. Obtain and install libnet 1.1.x, the packet writing library. It is available from http://packetfactory.openwall.net/projects/libnet/index.html The current version of this program uses the libnet 1.1.x API. It does not support the libnet 1.0.x API. (The last version of this program that supported the libnet 1.0.x API was version 1.0.7.) More information about which versions of libnet the program has been successfully used with (and whether any versions should be avoided), may appear in the PLATFORMS file. If libnet 1.1.x isn't supported on your platform, you can't use dhcp_probe. Libnet must be installed to compile this program; we assume we'll find the libnet library and header files in either /usr/local or the other usual places the compiler and linker will search. If you've installed it elsewhere, when you run 'configure' below, remember to specify the --with-libnet=DIR option. Additionally, if you are using libnet older than version 1.3, you likely need to modify libnet to add a function that we need to use. This function is not present in libnet 1.1.x until version 1.3, so you will need to patch libnet. In the libnet source directory, edit ./src/libnet_cq.c to add the following at the end: u_int32_t libnet_cq_end_loop() { if (! clear_cq_lock(CQ_LOCK_WRITE)) { return (0); } l_cqd.current = l_cq; return (1); } In the libnet source directory, edit ./include/libnet/libnet-functions.h to add the following at the end: u_int32_t libnet_cq_end_loop(); Additionally, if you are using libnet version up through version 1.2rc3, you should modify libnet to fix a bug that we would otherwise trigger when handling SIGHUP. (This bug fix was commited after libnet 1.2rc3, so is expected to be in the next libnet release after that.) In the libnet source directory, edit ./src/libnet_cq.c to modify libnet_cq_destroy() to append the following two statements to the end of the function: l_cq = NULL; memset(&l_cqd, 0, sizeof(l_cqd)); You will need to rebuild and install libnet to incorporate these changes. --- 3. `cd' to the directory containing the package's source code and type `./configure' to configure the package for your system. You may need to specify the --with-pcap=DIR option if configure is unable to locate the libpcap header and library. If the header and library don't share a common parent, the more specific options --with-pcap-include=DIR and --with-pcap-lib=DIR may be useful. You may need to specify the --with-libnet=DIR option if configure is unable to locate the libnet header and library. If the header and library don't share a common parent, the more specific options --with-libnet-include=DIR and --with-libnet-lib=DIR may be helpful. For example, on some platforms, libnet 1.1.x is installed below /usr/include/libnet11/ and /usr/lib/libnet11/. More information about running 'configure' is available in the INSTALL file, and you may type './configure --help' for a summary of options. Additional notes about some platforms may be in the PLATFORMS file. --- 4. Type `make' to compile the package. Ignore the following compiler warning: bootp.c: In function `build_dhcp_payload': bootp.c:80: warning: assignment from incompatible pointer type If you see an error about libnet_cq_end_loop() being unknown, see the earlier step about modifying libnet to add this function. --- 5. Type `make install' to install the package. --- 6. Create a configuration file dhcp_probe.cf in an appropriate location. The default location for this file is /etc/dhcp_probe.cf, but you can put it elsewhere, as long as you specify the new location when you run the program using the appropriate command-line option. A sample configuration file is supplied in the 'extras' directory; you may wish to use it as a template. 7. Verify that the /etc/services file (or NIS 'services' map, whichever is in-use) contains entries for 'bootpc' and 'bootps'. If they are not present, add them: bootps 67/udp # BOOTP/DHCP server bootpc 68/udp # BOOTP/DHCP client --- 8. To get started, try running it in the foreground and seeing if the debug messages seem reasonable to you. E.g. as root: /usr/local/sbin/dhcp_probe -f -d 11 hme0 The -f option prevents it from forking, and also causes all output to be sent to stderr instead of to syslog. Debuglevel 11 will produce maximum debugging. Specify the name of the interface on which to run, e.g. 'hme0'. --- 9. Verify that the probe packets transmitted by dhcp_probe are truly reaching the network. Do so by performing packet capture from another device on the network. Do not skip this step, as it may help you discover whether some problem is silently causing the packets to never reach the network. Do not rely on packet capture performed from the device running dhcp_probe, as such capture will likely see the outgoing packets on their way to the network interface, rather than the actual packets on the network. --- 10. Arrange to have the program started automatically by root when your host starts. Some sample startup scripts are in the extras directory. Never specify the -f flag when starting the daemon from a startup script; this flag should never be specified except for debugging purposes. You'll probably want to reduce the debuglevel; a debuglevel of 0 or 1 is generally a good choice for production use. Output will be directed to syslog (using the facility specified in defaults.h); you'll want to configure syslogd to do something reasonable with it. (You can change the syslog facility name by editing defaults.h and recompiling.) Alternatively, use the -l option to specify a logfile to receive output; this prevents syslog from being used. --- 11. If you want to capture packets received from unknown servers, add the -o option when starting up, to specify a capture file. Be sure to specify a directory for the capture file that no one may write to except root; see the dhcp_probe(8) man page for details. Since the program truncates this file each time it starts, you may want to modify the script you use to start the program, to save the old version of this file before starting the program. --- 12. Any additional tools you may find useful can be found in the 'extras' directory. For example, extras/dhcp_probe_notify2 is a sample notification script that may be called via the 'alert_program_name2' configuration file statement. There are some sample startup scripts in that directory as well. See the README file in that directory. ---