Discover a rogue DHCP Server (credit to MindTap)

 You are the security analyst for a small corporate network. Several employees have reported that they are unable to connect to the network. They all seem to be getting bad IP address information from a rogue DHCP server.

In this lab, your task is to identify the rogue DHCP server using Wireshark:

• Use Wireshark to capture and filter DHCP traffic.
• Disable and enable the enp2s0 network interface to request a new IP address from DHCP.
• Find the rogue and legitimate DHCP servers.
• Answer the questions.

Use bootp in Wireshark to isolate DHCP traffic.

Complete this lab as follows:

1. Use Wireshark to capture and filter DHCP traffic.
   1. From the Favorites bar, select Wireshark.
   2. Under Capture, select enp2s0.
   3. Select the blue fin to start a Wireshark capture.
   4. In the Apply a display filter field, type bootp and press Enter.
2. Disable and enable the enp2s0 network interface.
   1. From the Favorites bar, select Terminal.
   2. At the prompt, type ip addr show and press Enter to view the current IP configuration.
   3. Type ip link set enp2s0 down and press Enter.
   4. Type ip link set enp2s0 up and press Enter to enable the interface and request an IP address from the DHCP server.
3. Locate the rogue and legitimate DHCP servers.
   1. Maximize the Wireshark window for better viewing.
   2. In Wireshark, under the Source column, find the IP addresses of the rogue and legitimate DHCP servers that sent the DHCP Offer packets.
   3. In the top right, select Answer Questions.
   4. Answer the questions.
   5. Select Score Lab.