Find 2 devices with same IP accross WAN

I've had situations where 2 network devices have the same IP address, but they are distributed across WAN:

The device reporting a duplicate IP issue is in Seattle, I - the admin am in San Francisco, but the OTHER device could be anywhere from New York to Nashville.

What technique have you used to track stuff like this down?
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

turn off the computer with problematic IP in Seattle and then
do the traceroute to another machine with the same IP in SF..
well, inside a LAN it's much easier you can track it down by the MAC address.

however in your situation i would probably shut the device off (if possible ) or at least give it a different ip, give it few minutes and then try to track down the live device with the same ip(traceroute)

any chance you have an external switch where that device is connected on with other devices ? i would look first at the same location first, just incase no one plugged in an additional device with the same ip.

another thing , what is this device ? is it a redundant device such as a PIX,router loadbalancer ?
if so, could be that the communication between them broke, and the slave device is trying to take on the primary address , cause they can't exchange status information between them.

hope you'll find the problem, i'd hate to be you with that kind of situation :)


Packet sniffing using a program like Ethereal ( That way you can at least try to get the MAC addresses of the machines in question. Also you can use tracert and watch the different end points... keep track of where the traffic is hopping to. Different paths will help you immediately cut down where to look.
Amazon Web Services

Are you thinking about creating an Amazon Web Services account for your business? Not sure where to start? In this course you’ll get an overview of the history of AWS and take a tour of their user interface.

How is the WAN link configured?  That is, is it a routed link or a bridge?  In order for two devices to have the same IP address over a WAN link it either means that you have the same subnet on two difference sides of a routed link (a big no-no) or that you are briding the links.

How are you assigning the IP addresses?  DHCP or manually hard coded?
That's what I  was thinking giltjr - duplicate IP's across a WAN is the least of the problems - how about duplicate nets!?!

In a bridging situation (about the only one where a dup IP would be a problem) you should be able to look at MAC/forwarding tables from one local segment to the other side of the bridge to the device.

Like this:

Local segment (where THE IP is supposed to be):
Forwarding table:
G0-0D-G0-0D-G0-0D              Port 1 ----------------- This is the MAC of the "Good" device.
BA-DB-AD-BA-DB-AD              Port 33---------------- This is the MAC of the "Bad" Device.

Port 33 is the uplink to the next switch

Next Switch forwarding table
BA-DB-AD-BA-DB-AD              Port 1---------------Connection to Router(Bridge)

Other side of Bridge
BA-DB-AD-BA-DB-AD              Port 2---------------Connection to LAN switch

LAN Switch
BA-DB-AD-BA-DB-AD              Port ----------------Connection to "Bad Device".

Once you track it down - have someone go investigate or disconnect it.
wait, are we talking anout the same things here?
if I'm right, there are two LANs connected into a WAN.
If that's right, how can you get the MAC address of the computers in separate lans ???

it is different if you are looking the packets in your own lan, but if you get the packet
from another lan, the only MAC address you'll see is the MAC address of the ADSL modem
or some device which connects those 2 lans...

shut down your problematic computer, and then with another computer, go to dos prompt
and type 'tracert <problematic_ip>' and send that log to the administrators of the other lan
asking them to see what's going on.

also, the 'ipconfig /all' will help them to analyze the problem.
good luck.
If there are two LANs into a WAN - they should either:
1.) be different IP networks - so no dup.
2.) be natting so no dup.

How could you have a dup ip problem with two different layer 3 lans into a WAN?
If, big if these days, you have real routers and managed switches and you have access to all of the routers and switchs, you can find the MAC address by going into the managment console of the routers/switches and looking for it.  Now, if you are connected using xDSL or Cable via the Internet, well then, you have a problem and finding the MAC address of the PC that has the duplicate IP address would be an issue.

However the basic issue is what I and pseudocyber have stated, it appears that they are using the same IP subnet, or overlaping IP subnets, at two different locations.  

Who cares what specific PC has a duplication IP address of another specific PC?  That does not matter, what matters is the fact that you have overlaping IP subnets.  Finding this out should be simple, as simple as looking at what IP subnets there are by talking to the other sites.  If they know they have the same, or over lapping, subnets, then they should be doing NAT.  If something is slipping though without getting NAT'ed, that is the problem.

There are probably millions of PC's that that duplication IP addresses, how many do you think there are?  However, all of them should be behind something that is NAT'ing and will not cause a problem.

A tracert will NOT work.  The problem is that a tracert will only work for an IP subnet that MUST be routed.  Well if I have a duplcate IP address, then the IP address is on my subnet and I will not route it, so the tracert will go unanswered.  Think about it, I don't route to my local subnet.
if you can ping the computers of the other lan then you CAN send ICMP packets
outside your lan, right? if you can send ICMP, then traceroute works..

however, I think the conversation between administrators of both these lans are
the most important thing here, because somewhere is an obvious mistake which
causes all this, but one side alone is not able to solve it.

so, talk to the people from the other side of the wire :)
If you can ping, you can to tracert, true.  However, I would assume that he would not be able to ping the bad device.  This would cause major problem becuase it would mean that all of their routing tables are hosed up.
since "The device reporting a duplicate IP issue is in Seattle" that means that
device can figure out there are two identical ip addresses, that means he can
send and receive ICMP packets, that means.. believe me, tracert will do the job..

it's just the problem the Author of this question doesn't provide any feedback..
so we can't know exactly what's going on.. :-S
Marketing_InsistsAuthor Commented:
Thanks for your answers, I'm lookin through em.

I neglected to mention tracert is ineffective as their are only 1 intermediary router between each office and it dosn't respond to pings, so it just looks like:

  1    <1 ms    <1 ms    <1 ms
  2     *        *        *     Request timed out.
  3    85 ms    86 ms    86 ms

What I'm guessing is that someone took their printer (the device with the static ip in question) to another city when they relocated and continuted to use it as normal, where as the original office plugged in a new printer and assigned it the same IP.  

I'm trying to get MAC/forwarding tables from router admin now.
What some of us are trying to understand is why this is an issue for you.  Are you bridging your network from one city to another?

 If not, some of us would have multiple sites with the same IP network and would NAT them to each other to overcome the duplicate IP issue.
Marketing_InsistsAuthor Commented:
Offices are connected via point to point vpn.  No bridging.
Marketing_InsistsAuthor Commented:
Sorry, guess not really a WAN in the classical sence.  My geographic view let me choose poor wording.
if ppp connection is the one that connects those 2 LANs, then, they are single LAN, not WAN.
So, precaution must be taken when choosing the IP address for each device connected to
the network.

Also, (although I'm not quite sure) you can see all of the MAC addresses, because, if I'm
not wrong, ppp connection doesn't require any routing, because it is a 2 point connection
and when packet arrives at one adapter it could only come from the other one.

Try installing something like CommView or EtherDetect. They could help you in analyzing
network packet to understand what's going on.
O.K., you can't pick up a device and move it and have it still responed, unless you have the same IP subnets at two different locations.

The 1st step is to find out what all the IP subnets are at all of the locations and then figure out what sites have duplication or over lapping IP subnets.  Clean that up and your problem will go away.

You should be able to figure this out by looking at the routing table on the router at your site, or in this case what ever is the VPN device at your site.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today

From novice to tech pro — start learning today.