[Webinar] Streamline your web hosting managementRegister Today


Can't find IP Conflict

Posted on 2010-04-01
Medium Priority
Last Modified: 2012-06-22
I recently was notified of an address conflict on a new Win2k3 server I setup. The IP was obtained via DHCP, however when I look in my DNS leases, there is only one lease for the conflicted IP. Also, the MAC address that my server is reporting it is conflicting with does not show up when I do an IP scan to obtain all the MAC addresses.

All the switches in my network are HP ProCurve 2810's (48 and 24 port models), but I can't figure out how to use them to trap any traffic, specifically any related to the mac address in question.

Question by:alan2938
LVL 13

Accepted Solution

GuruChiu earned 2000 total points
ID: 29357144
Things you described can happen for combination of reasons:

There is a device have its IP address statically setup. This won't show up in DHCP lease.

There is a device failure which cause it to response to IP address not belong to it. This is rare, and when it happen, usually it will response to any IP address.

IP Scan usually use ping, which many devices do not response.

There is a loop in the network.

That address is a virtual address, which share by more than one devices and each have their own real iP address.

To investigate the problem further, you should look at the ARP table at the router. This should give you the MAC address of the offending device. For the procurve, you can also use the command:
sh mac-address xxxxxx-xxxxxx

Which will give you the port which that last seen packets from such MAC address. You can use it to track down the offending device.

Good luck.
LVL 21

Expert Comment

ID: 29357214
You should be able to look in the forwarding database of each switch to see what port that mac is active on.

With wireshark on any port in the same VLAN if you have them you can filter on that mac and see any broadcasts that come from it.
LVL 28

Expert Comment

ID: 29360083
If possible, take down the server or change it's IP.  Then see if you can still Ping the IP.  If you can, try accessing it via telnet or from a Browser.  If the device is something like a printer or other non-PC device, one of these suggestions may allow you access to the device so that you can ID it.
Evaluating UTMs? Here's what you need to know!

Evaluating a UTM appliance and vendor can prove to be an overwhelming exercise.  How can you make sure that you're getting the security that your organization needs without breaking the bank? Check out our UTM Buyer's Guide for more information on what you should be looking for!


Author Comment

ID: 29368792
Hoookay, this just got complicated. I found the port with the MAC address and traced it to one of my three ESX hosts. I'm running VSphere 4.0. The server reporting the IP address conflict is on the ESX host that I traced the problem to. A quick look at my virtual inventory shows that the only machine with that IP address is the one reporting the problem. It appears that it thinks it's conflicting with itself. Could this be possible?
LVL 13

Expert Comment

ID: 29369918
This is possible if there is some kind of network loop, or mis configured virtual IP address.

Author Comment

ID: 29370086
Not sure how a loop could have occured. Physically, nothing was changed. I virtualized a physical machine, kept it running, and renamed the virtual version of the physical machine. They now have separate mac addresses, separate IPs, and separate domain accounts. The virtual IP address was obtained through DHCP, which is not assigned to any other system. The DHCP range does not overlap with my static IP range.
LVL 13

Expert Comment

ID: 29376169
Are you running any Windows clustering on any of the VM? Also check your ESX virtual switch configuration.

One final note, make sure you are not using one of those multicast IP address.

Featured Post

Learn to develop an Android App

Want to increase your earning potential in 2018? Pad your resume with app building experience. Learn how with this hands-on course.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This installment of Make It Better gives Media Temple customers the latest news, plugins, and tutorials to make their VPS hosting experience that much smoother.
This installment of Make It Better gives Media Temple customers the latest news, plugins, and tutorials to make their Grid shared hosting experience that much smoother.
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…
Monitoring a network: why having a policy is the best policy? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the enormous benefits of having a policy-based approach when monitoring medium and large networks. Software utilized in this v…
Suggested Courses

590 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question