base/protocols/dhcp/main.bro

DHCP

Analyzes DHCP traffic in order to log DHCP leases given to clients. This script ignores large swaths of the protocol, since it is rather noisy on most networks, and focuses on the end-result: assigned leases.

If you’d like to track known DHCP devices and to log the hostname supplied by the client, see policy/protocols/dhcp/known-devices-and-hostnames.bro.

Namespace:DHCP
Imports:base/protocols/dhcp/utils.bro
Source File:/scripts/base/protocols/dhcp/main.bro

Summary

Types

DHCP::Info: record The record type which contains the column fields of the DHCP log.

Events

DHCP::log_dhcp: event Event that can be handled to access the DHCP record as it is sent on to the logging framework.

Detailed Interface

Types

DHCP::Info
Type:

record

ts: time &log

The earliest time at which a DHCP message over the associated connection is observed.

uid: string &log

A unique identifier of the connection over which DHCP is occurring.

id: conn_id &log

The connection’s 4-tuple of endpoint addresses/ports.

mac: string &log &optional

Client’s hardware address.

assigned_ip: addr &log &optional

Client’s actual assigned IP address.

lease_time: interval &log &optional

IP address lease interval.

trans_id: count &log

A random number chosen by the client for this transaction.

The record type which contains the column fields of the DHCP log.

Events

DHCP::log_dhcp
Type:event (rec: DHCP::Info)

Event that can be handled to access the DHCP record as it is sent on to the logging framework.


Copyright 2016, The Bro Project. Last updated on December 13, 2017. Created using Sphinx 1.5.2.