LinuxCommandLibrary

dhcpig

Send DHCP requests to test DHCP servers

TLDR

Exhaust all of the available DHCP addresses using the specified interface

$ sudo [path/to]/pig.py [eth0]
copy

Exhaust IPv6 addresses using eth1 interface
$ sudo [path/to]/pig.py [[-6|--ipv6]] [eth1]
copy

Send fuzzed/malformed data packets using the interface
$ sudo [path/to]/pig.py [[-f|--fuzz]] [eth1]
copy

Enable color output
$ sudo [path/to]/pig.py [[-c|--color]] [eth1]
copy

Enable minimal verbosity and color output
$ sudo [path/to]/pig.py [[-c|--color]] [[-v|--verbosity]] 1 [eth1]
copy

Use a debug verbosity of 100 and scan network of neighboring devices using ARP packets
$ sudo [path/to]/pig.py [[-c|--color]] [[-v|--verbosity]] 100 [[-n|--neighbors-scan-arp]] [eth1]
copy

Enable printing lease information, attempt to scan and release all neighbor IP addresses
$ sudo [path/to]/pig.py [[-n|--neighbors-scan-arp]] [[-r|--neighbors-attack-release]] [[-o|--show-options]] [eth1]
copy

SYNOPSIS

dhcpig [-i interface] [-f pcapfilter] [-v] [-d] [-l logfile] [-u uid] [-g gid] [-s num_spoofs] [-r] [-h]

PARAMETERS

-i interface
    Specify the network interface to bind to (e.g., eth0). Required for operation.

-f pcapfilter
    libpcap filter expression for incoming packets (e.g., 'udp port 67').

-v
    Enable verbose output for detailed packet information.

-d
    Daemonize the process to run in the background.

-l logfile
    Log output to the specified file instead of stdout.

-u uid
    Drop root privileges to the given user ID after binding.

-g gid
    Drop root privileges to the given group ID after binding.

-s num_spoofs
    Number of random MAC addresses to spoof (default: 1, increases discovery coverage).

-r
    Resolve and display IP addresses as hostnames where possible.

-h
    Display help and usage information.

DESCRIPTION

dhcpig is a powerful Linux command-line tool for information gathering on DHCP servers within a network segment.

It operates by crafting and transmitting DHCP DISCOVER packets, often with spoofed source MAC addresses, to provoke responses from all listening DHCP servers. This reveals critical details such as server IP addresses, offered subnets, lease times, vendor-specific options, DNS servers, gateways, and fingerprintable characteristics.

Primarily used in penetration testing, network auditing, and security assessments, dhcpig helps identify legitimate, rogue, or hidden DHCP infrastructure. It supports packet capture filtering via libpcap, verbose logging, daemonization for background operation, and privilege dropping for safer execution.

The tool is lightweight, efficient for layer 2 broadcasts, and excels in environments with multiple DHCP servers (e.g., failover setups or misconfigurations). Output includes parsed DHCP options in human-readable format, aiding quick analysis.

Requires root privileges for raw socket access and promiscuous mode. Misuse can flood networks or interfere with legitimate DHCP operations, so caution is advised in production environments.

CAVEATS

Requires root privileges (sudo) for raw sockets and promiscuous mode.
Can generate significant broadcast traffic; avoid in production networks.
Limited to local broadcast domain (layer 2). No IPv6 support.

EXAMPLE USAGE

Basic discovery:
sudo dhcpig -i eth0 -v

With MAC spoofing:
sudo dhcpig -i wlan0 -s 10 -f 'udp port 68'

OUTPUT SAMPLE

Typical output shows:
Server: 192.168.1.1 (00:11:22:33:44:55)
Subnet: 192.168.1.0/24
DNS: 8.8.8.8
Vendor: ISC dhcpd 4.4.1

HISTORY

Developed by Jason Gillam in 2007 as part of his network security toolkit. Hosted on SourceForge; last major update around 2010. Remains popular in Kali Linux for pentesting despite age.

SEE ALSO

dhcpdump(1), dhclient(8), nmap(1), ettercap(8)

Copied to clipboard