4 Replies Latest reply on Aug 13, 2010 11:25 AM by jawuk

    Rogue System Sensor- DHCP monitoring AND Layer 2 broadcasts?

      Hi there

       

      just to clarify the usage and deployment options for rogue system sensor.

       

      1. If i was to deploy a Rogue System Sensor onto a DHCP server with the DHCP monitoring Enabled, does this also continue to monitor the additional layer 2 broadcast traffic as normal also looking for NIC's?  I have tested it, and it seems to be the case.

       

      2. What part of the DHCP conversation is actually used and defined an established client IP assignment. , such as DHCPDiscover, DHCPOffer DHCPRequest

       

      3. Why does the inclusion of the DHCP Monitoring feature suddently mean it makes sense to install a sensor on a DHCP server? What' ''explicitely'' does enabling the DHCP monitoring bring. Is it just because DHCP servers may typically serve multiple  subnets?

      Becuase before the client has an IP address all DHCP comms are broadcast, arguably any client on that subnet could report back on this infomation,

      Surely the DHCP Monitoring Feature by itself isnt really the game changer as if before this feature existed, you installed a Sensor on ANY server with access to multiple VLANS or full visibility of a physical lan, it would have been just as useful.

       

      I appreciate the keys here are multinetting and vlans.

       

      What am i missing?

       

       

      Regards

       

      James