Rogue DHCP Server is running in a VM

Page 1 of 2 12 LastLast
  1. Bowlsys's Avatar
    Posts : 49
    windows 10
       #1

    Rogue DHCP Server is running in a VM


    I am experiencing a problem where Fing is reporting more than 1DHCP server. When I run ipconfig /all it reports that the DHCP server is 192.168.58.254 , my net is 192.168.0.x.
    The strange thing is that I appear not to have any VMs running (VM Worstation 15 on another machine)

    How can I find out more details and shutdown this VM/DHCP server?

    Any help appreciated
      My Computer

  2. FreeBooter's Avatar
    Posts : 3,995
    Windows 10 Pro 64-bit
       #2

    Windows have DHCP client service, the DHCP server is part of router/switch.
      My Computer

  3. Bowlsys's Avatar
    Posts : 49
    windows 10
    Thread Starter
       #3

    Rogue DHCP Server is running in a VM


    The router is configured to issue the correct IP addresses (192.168.0.200-192-168-0.254). There is another rogue DHCP server whose address is 192.168.58.254 and is reportedly within a Vmware VM.
      My Computer

  4. FreeBooter's Avatar
    Posts : 3,995
    Windows 10 Pro 64-bit
       #4

    The 192.168.58.254 ip address is assign by your router its configured to do so.

    Can you please paste ipconfig /all command output.
      My Computer

  5. Bree's Avatar
    Posts : 18,716
    10 Home x64 (20H2) (10 Pro on 2nd pc)
       #5

    Bowlsys said:
    ... my net is 192.168.0.x.
    Bowlsys said:
    The router is configured to issue the correct IP addresses (192.168.0.200-192-168-0.254)
    The whole of 192.168.x.x is a Private address range available for your router to use. You have the whole of 192.168.0.x assigned to the DHCP pool, but the DHCP server on your router will use a fixed IP address outside this range.

    What is the IP address of your router for web admin? Or the IP address of the default gateway? On my router they are the same as the DHCP server address.
      My Computers

  6. Bowlsys's Avatar
    Posts : 49
    windows 10
    Thread Starter
       #6

    Bree said:
    The whole of 192.168.x.x is a Private address range available for your router to use. You have the whole of 192.168.0.x assigned to the DHCP pool, but the DHCP server on your router will use a fixed IP address outside this range.


    What is the IP address of your router for web admin? Or the IP address of the default gateway? On my router they are the same as the DHCP server address.

    My router- gateway address is 192.168.0.1

    - - - Updated - - -

    Just to explain how I know that this is a rogue DHCP Server, This is the result I receive after typing the Ipconfig commend:-

    C:\Users\BSAdmin\Desktop>ipconfig /all | find /i "DHCP Server" DHCP Server . . . . . . . . . . . : 192.168.58.254

    As you can see this address is not part of my subnet.
      My Computer

  7. Bree's Avatar
    Posts : 18,716
    10 Home x64 (20H2) (10 Pro on 2nd pc)
       #7

    Bowlsys said:
    Just to explain how I know that this is a rogue DHCP Server, This is the result I receive after typing the Ipconfig commend:-
    C:\Users\BSAdmin\Desktop>ipconfig /all | find /i "DHCP Server" DHCP Server . . . . . . . . . . . : 192.168.58.254
    As you can see this address is not part of my subnet.

    Well, the simplest way to track down where this DHCP server is would be to use the TRACERT command. If it takes one hop to find it then it is on your router, as mine is.

    Rogue DHCP Server is running in a VM-image.png
      My Computers

  8. Bowlsys's Avatar
    Posts : 49
    windows 10
    Thread Starter
       #8

    Bree said:
    Well, the simplest way to track down where this DHCP server is would be to use the TRACERT command. If it takes one hop to find it then it is on your router, as mine is.

    Rogue DHCP Server is running in a VM-image.png
    Thanks Bree.
    Tried the tracert and this is what came up:-

    C:\Users\BSAdmin\Desktop>tracert 192.168.58.254Tracing route to 192.168.58.254 over a maximum of 30 hops 1 * * * Request timed out. 2 * * * Request timed out. 3 *
      My Computer


  9. Posts : 770
    Microsoft Windows 10 Pro 64-bit
       #9

    VMware has it's own DHCP server, I think it turns on when you select Host only in the network settings
      My Computer

  10. Bowlsys's Avatar
    Posts : 49
    windows 10
    Thread Starter
       #10

    Digital Life said:
    VMware has it's own DHCP server, I think it turns on when you select Host only in the network settings
    As Requested:-

    C:\Users\BSAdmin\Desktop>ipconfig /all

    Windows IP Configuration

    Host Name . . . . . . . . . . . . : WF1
    Primary Dns Suffix . . . . . . . :
    Node Type . . . . . . . . . . . . : Hybrid
    IP Routing Enabled. . . . . . . . : No
    WINS Proxy Enabled. . . . . . . . : No

    Ethernet adapter Ethernet:

    Connection-specific DNS Suffix . :
    Description . . . . . . . . . . . : Realtek PCIe GbE Family Controller
    Physical Address. . . . . . . . . : 04-D9-F5-CF-78-8D
    DHCP Enabled. . . . . . . . . . . : No
    Autoconfiguration Enabled . . . . : Yes
    Link-local IPv6 Address . . . . . : fe80::457:45bc:fda:3c4d%6(Preferred)
    IPv4 Address. . . . . . . . . . . : 192.168.0.91(Preferred)
    Subnet Mask . . . . . . . . . . . : 255.255.255.0
    Default Gateway . . . . . . . . . : 192.168.0.1
    DHCPv6 IAID . . . . . . . . . . . : 201644533
    DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-25-A2-79-2D-04-D9-F5-CF-78-8D
    DNS Servers . . . . . . . . . . . : 1.1.1.1
    1.0.0.1
    NetBIOS over Tcpip. . . . . . . . : Enabled

    Wireless LAN adapter WiFi:

    Media State . . . . . . . . . . . : Media disconnected
    Connection-specific DNS Suffix . :
    Description . . . . . . . . . . . : Realtek 8811CU Wireless LAN 802.11ac USB NIC
    Physical Address. . . . . . . . . : 1C-BF-CE-22-F7-5A
    DHCP Enabled. . . . . . . . . . . : Yes
    Autoconfiguration Enabled . . . . : Yes

    Wireless LAN adapter Local Area Connection* 1:

    Media State . . . . . . . . . . . : Media disconnected
    Connection-specific DNS Suffix . :
    Description . . . . . . . . . . . : Microsoft Wi-Fi Direct Virtual Adapter
    Physical Address. . . . . . . . . : 1E-BF-CE-22-F7-5A
    DHCP Enabled. . . . . . . . . . . : Yes
    Autoconfiguration Enabled . . . . : Yes

    Wireless LAN adapter Local Area Connection* 2:

    Media State . . . . . . . . . . . : Media disconnected
    Connection-specific DNS Suffix . :
    Description . . . . . . . . . . . : Microsoft Wi-Fi Direct Virtual Adapter #2
    Physical Address. . . . . . . . . : 1C-BF-CE-22-F7-5A
    DHCP Enabled. . . . . . . . . . . : Yes
    Autoconfiguration Enabled . . . . : Yes

    Ethernet adapter VMware Network Adapter VMnet1:

    Connection-specific DNS Suffix . :
    Description . . . . . . . . . . . : VMware Virtual Ethernet Adapter for VMnet1
    Physical Address. . . . . . . . . : 00-50-56-C0-00-01
    DHCP Enabled. . . . . . . . . . . : Yes
    Autoconfiguration Enabled . . . . : Yes
    Link-local IPv6 Address . . . . . : fe80::ccfb:5ed3:bb9c:2e16%9(Preferred)
    IPv4 Address. . . . . . . . . . . : 192.168.58.1(Preferred)
    Subnet Mask . . . . . . . . . . . : 255.255.255.0
    Lease Obtained. . . . . . . . . . : 02 March 2020 13:20:42
    Lease Expires . . . . . . . . . . : 02 March 2020 19:05:42
    Default Gateway . . . . . . . . . :
    DHCP Server . . . . . . . . . . . : 192.168.58.254
    DHCPv6 IAID . . . . . . . . . . . : 822104150
    DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-25-A2-79-2D-04-D9-F5-CF-78-8D
    DNS Servers . . . . . . . . . . . : fec0:0:0:ffff::1%1
    fec0:0:0:ffff::2%1
    fec0:0:0:ffff::3%1
    NetBIOS over Tcpip. . . . . . . . : Enabled

    Ethernet adapter Bluetooth Network Connection 2:

    Media State . . . . . . . . . . . : Media disconnected
    Connection-specific DNS Suffix . :
    Description . . . . . . . . . . . : Bluetooth Device (Personal Area Network) #2
    Physical Address. . . . . . . . . : 00-1A-7D-DA-71-13
    DHCP Enabled. . . . . . . . . . . : Yes
    Autoconfiguration Enabled . . . . : Yes

    C:\Users\BSAdmin\Desktop>
      My Computer


 
Page 1 of 2 12 LastLast

  Related Discussions
Our Sites
Site Links
About Us
Windows 10 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 10" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd
All times are GMT -5. The time now is 16:22.
Find Us




Windows 10 Forums