If a rogue DHCP server crops up on your network it can cause all sorts of problems. Many different kind of devices include a DHCP Server so this can happen by mistake very easily.
Microsoft created a tool called Rogue Checker which can make finding the unwanted DHCP server much easier. You can no longer download it from them, so I am making it available here:
The tool is very easy to use, simply run it and click on “Detect Rogue Servers” and it send out a DHCP request and show you the responses:
Find the hardware address of the unauthorised DHCP server
Knowing the IP address of the offending server is a useful start. By finding the the MAC Address you can also determine the manufacturer of the device. After you have run the detection tool your machine will have stored the hardware addrress of the DHCP server in it’s ARP cache. You can find the hardware address by running “arp -a” from a command line:
Now use a mac vendor lookup tool to figure out who the device is made by and that will give you another clue where to look.