teancom · March 16, 2026 21:05
diff --git a/dhcp_sniff.sh b/dhcp_sniff.sh
 #!/bin/bash
 # Simple DHCP hostname sniffer for macOS
 # Usage: sudo ./dhcp_sniff.sh
 # Then reboot the device you want to identify.

 if [ "$EUID" -ne 0 ]; then
    echo "This needs to run as root to see network traffic."
    echo "Run it like this:  sudo $0"
    exit 1
 fi

 # Find the active network interface (usually en0 for WiFi on Mac)
 IFACE=$(route get default 2>/dev/null | awk '/interface:/{print $2}')
 if [ -z "$IFACE" ]; then
    IFACE="en0"
 fi

 echo "=== DHCP Hostname Sniffer ==="
 echo "Listening on: $IFACE"
 echo ""
 echo "Reboot your Litter-Robot now and wait about 30 seconds."
 echo "Any DHCP hostnames seen on the network will appear below."
 echo "Press Ctrl+C when done."
 echo ""
 echo "--- Waiting for DHCP traffic ---"

 # Show all DHCP traffic with verbose output so we can see hostname options.
 # The -v flag makes tcpdump decode DHCP options including Hostname (option 12).
 # We filter to just lines containing "Hostname" for clean output, but also
 # show a dot for every DHCP packet so you know it's working.
 tcpdump -l -i "$IFACE" -n -v 'udp port 67 or udp port 68' 2>/dev/null \
    | while IFS= read -r line; do
        if echo "$line" | grep -qi "hostname"; then
            # Extract the hostname value — format varies but is typically:
            #   Hostname Option 12, length N: "somehostname"
            #   or: Hostname "somehostname"
            hostname=$(echo "$line" | grep -oE '"[^"]+"' | tr -d '"')
            if [ -n "$hostname" ]; then
                echo "$(date '+%H:%M:%S') >>> Hostname: $hostname"
            else
                # Couldn't parse it cleanly, show the raw line
                echo "$(date '+%H:%M:%S') >>> $line"
            fi
        fi
    done
	#!/bin/bash
	# Simple DHCP hostname sniffer for macOS
	# Usage: sudo ./dhcp_sniff.sh
	# Then reboot the device you want to identify.

	if [ "$EUID" -ne 0 ]; then
	echo "This needs to run as root to see network traffic."
	echo "Run it like this: sudo $0"
	exit 1
	fi

	# Find the active network interface (usually en0 for WiFi on Mac)
	IFACE=$(route get default 2>/dev/null \| awk '/interface:/{print $2}')
	if [ -z "$IFACE" ]; then
	IFACE="en0"
	fi

	echo "=== DHCP Hostname Sniffer ==="
	echo "Listening on: $IFACE"
	echo ""
	echo "Reboot your Litter-Robot now and wait about 30 seconds."
	echo "Any DHCP hostnames seen on the network will appear below."
	echo "Press Ctrl+C when done."
	echo ""
	echo "--- Waiting for DHCP traffic ---"

	# Show all DHCP traffic with verbose output so we can see hostname options.
	# The -v flag makes tcpdump decode DHCP options including Hostname (option 12).
	# We filter to just lines containing "Hostname" for clean output, but also
	# show a dot for every DHCP packet so you know it's working.
	tcpdump -l -i "$IFACE" -n -v 'udp port 67 or udp port 68' 2>/dev/null \
	\| while IFS= read -r line; do
	if echo "$line" \| grep -qi "hostname"; then
	# Extract the hostname value — format varies but is typically:
	# Hostname Option 12, length N: "somehostname"
	# or: Hostname "somehostname"
	hostname=$(echo "$line" \| grep -oE '"[^"]+"' \| tr -d '"')
	if [ -n "$hostname" ]; then
	echo "$(date '+%H:%M:%S') >>> Hostname: $hostname"
	else
	# Couldn't parse it cleanly, show the raw line
	echo "$(date '+%H:%M:%S') >>> $line"
	fi
	fi
	done
No results found