Trovare un “rogue” Dhcp con l’utility DHCPLOC

Scaricare l’utility dal sito Microsoft (Link).
Andare in linea di comando come Administrator ed eseguire :
Esempio : dhcploc 172.16.0.123 >20180503_log.txt
L’ip da digitare dopo il comando è il proprio,mentre con > mandiamo il logging sul file prescelto.
Questa è la sintassi: 
dhcploc /p /a:“AlertNameList” /i:AlertInterval ComputerIPAddress [ValidDHCPServerList] 
/p suppresses display of detected packets from any of the authorized DHCP servers specified in ValidDHCPServerList. 
/a:”AlertNameList” sends alert messages to the names in AlertNameList if any unauthorized DHCP servers are found. 
/i:AlertInterval specifies the alert frequency in seconds. 
ComputerIPAddress specifies the IP address of the computer from which you are running DHCPLoc. If the computer has multiple adapters, you must specify the IP address of the adapter that is connected to the subnet you want to test. 
ValidDHCPServerList specifies the IP addresses of any number of authorized DHCP servers. The tool does not send alerts when it detects packets from the servers in this list; however, it displays those packets unless you use the /p parameter.