Analysis of DHCP Log Files for Registration of Diferent Events in Network

For the analysis of streams of the traffic technology Netflow is used. But Netflow works at a level of the ip-protocol and save the information on the traffic using for network units as identifiers ip addresses. However, ip address is not fix to network unit and can belong during the various moments of time to various network units.

For solving this problem in local network we pay attention to DHCP server. Using dhcpd.leases log file and dhcpd.conf, we can compare moment of time, ip-address and MAC-address. MAC-address is network adapter address, also called LAN-address, or Ethernet-address. It is fix to network adapter and in some approach can serve as the unique identifier of network unit.

Also during research we have found out, that by means of a DHCP-server it is possible to register other events. For example:

1. Connection of a host to a network.
2. Correct disconnection of a host to a network.
3. Incorrect disconnection of a host to a network.
4. Connection of forbidden host to a network.
5. Collision ip-addresses.