Usual disclaimers: I'm not a doctor, legal professional or financial advisor. This article is for information/education only and reflects my own opinions. It should not be taken as financial, legal or medical advice. Do your own research and never invest anything you cannot afford to lose (including your time).

13 November 2007

OpenreceiveSocket failed 10049

Remember, remember, this message in November. Yes I came across this one today while trying to set up DHCP relay on a Linksys WRVS4400N wi-fi router. As usual it turns out to be the local network security guru's making life hard while leaving the system vulnerable. Let me explain.

Assuming someone else has set up a DHCP server on your network, you may want to find it using a program called DHCPloc which is on your windows XP installation disk (in \Support\Tools - install the SUPTOOLS.MSI and it installs a bunch of programs into c:\program files\support tools and one of these programs is called DHCPloc.exe).

To use DHCPloc you would normally type in:

DHCPloc 127.0.0.1 (just substitute in your actual IP address here).

Of course Network-God-Overload-Numptyface expects you to do this and so he/she has set up a group policy which prevents you from running the DHCPloc program. Now although this is prevented from running by group policy, MS decide not to tell you this and instead provide you with the meaningful error message:

"OpenreceiveSocket failed 10049".

What all hackers probably already know, and unenlightened sys-admins NEED to know is that if you rename DHCPloc.exe to DHCPfind.exe, you can actually make the program work. If your sysadmin has already read this blog and added DHCPfind.exe to the list of banned programs you will still get this message but do not despair. You can resurrect functionality by renaming DHCPloc.exe to KevinSpacey.Exe, EnglebertHumperdinck.Exe or my personal favourite; that-network-security-guy-is-paid-way-too-much-more-than-me.Exe.

Try it and see. You should find that XP comes up with a firewall block/unblock message and within a few minutes you should be able to find the IP address of your DHCP server.

Update:
If you are still having problems with rogue DHCP servers appearing at random on your network and you are unable to trace them you may want to check if anyone is using an iPhone with an unlocking chip. More details here: http://www.experts-exchange.com/OS/Microsoft_Operating_Systems/Server/SBS_Small_Business_Server/Q_24068432.html