base/protocols/dhcp/main.bro
-
DHCP
Analyzes DHCP traffic in order to log DHCP leases given to clients. This script ignores large swaths of the protocol, since it is rather noisy on most networks, and focuses on the end-result: assigned leases.
If you’d like to track known DHCP devices and to log the hostname supplied by the client, see policy/protocols/dhcp/known-devices-and-hostnames.bro.
| Namespace: | DHCP |
|---|---|
| Imports: | base/protocols/dhcp/utils.bro |
| Source File: | /scripts/base/protocols/dhcp/main.bro |
Summary
Types
DHCP::Info: record |
The record type which contains the column fields of the DHCP log. |
Redefinitions
Log::ID: enum |
|
connection: record |
|
likely_server_ports: set &redef |
Events
DHCP::log_dhcp: event |
Event that can be handled to access the DHCP record as it is sent on to the logging framework. |
Detailed Interface
Types
-
DHCP::Info Type: - ts:
time&log The earliest time at which a DHCP message over the associated connection is observed.
- uid:
string&log A unique identifier of the connection over which DHCP is occurring.
- id:
conn_id&log The connection’s 4-tuple of endpoint addresses/ports.
- mac:
string&log&optional Client’s hardware address.
- assigned_ip:
addr&log&optional Client’s actual assigned IP address.
- lease_time:
interval&log&optional IP address lease interval.
- trans_id:
count&log A random number chosen by the client for this transaction.
The record type which contains the column fields of the DHCP log.
- ts:
Events
-
DHCP::log_dhcp Type: event(rec:DHCP::Info)Event that can be handled to access the DHCP record as it is sent on to the logging framework.
