Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

BAD_ADDRESS in DHCP Leases W2K3 R2 Server - Wireshark

Posted on 2014-03-18
4
Medium Priority
?
723 Views
Last Modified: 2014-03-19
Hi,
We are still seeing this issue and are baffled as to how to determine where the issue is actually coming from.

Does anyone know where to set the filters in Wireshark to find where the issue is coming from? The thought was to set the filters in wireshark and clear out the BAD_ADDRESS from the DHCP lease on the DHCP server and do a /release , /renew and determine what is going on.

My skill set with wireshark is unfortunately very limited and would appreciate some expert advise on this.

Thanks in advance for taking the time to respond back, it is greatly appreciated.

ElliTech
0
Comment
Question by:ellitech
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
4 Comments
 
LVL 47

Expert Comment

by:Craig Beck
ID: 39939191
Have you turned DHCP logging on?  This should tell you what the clients are asking for.

Try turning conflict detection on to see if that helps.
0
 
LVL 43

Accepted Solution

by:
Steve Knight earned 1200 total points
ID: 39939514
Sorry if any of this is obvious, but IMO wireshark probably isn't going to tell you much.

Normally BAD_ADDRESS is because you have conflict detection turned on (good) and it has found an address in it;'s pool already in use.

Would normally be:

Statically assigned address
Second DHCP server with same scope
Router plugged in somwhere with DHCP turned on
Something like a WDS server

If this is multi-subnet network need to look at DHCP helpers etc. on switches, but if this is a flat, one subnet network then your easiest bet IMO would be, look at one of the bad_address entries.  if it pings then find out what machine it is from DNS, connecting with \\x.x.x.x\c$ etc.  then use ipconfig /all you can see the DHCP server that issued that address.... if it isn't your official one there's your culprit.

With wireshark you could look at the broadcast packets to/from the DHCP server and may see other broadcasts using promiscuous mode but on a switched network unless you have a port setup for sniffing all traffic won't see the important bits.

Steve
0
 
LVL 17

Assisted Solution

by:vivigatt
vivigatt earned 300 total points
ID: 39939762
to isolate DHCP traffic in wireshark, filter on UDP ports 67 and 68.
0
 

Author Closing Comment

by:ellitech
ID: 39940570
We found a Enterasys XSR-1700 router that was acting funny and responding to requests from a different subnet, rebooted the router and the problem went away. Strange as that router has been rock solid for quite sometime. Probably a good idea to reboot these routers every 6 months or so.

Thanks for all of your help
0

Featured Post

NFR key for Veeam Backup for Microsoft Office 365

Veeam is happy to provide a free NFR license (for 1 year, up to 10 users). This license allows for the non‑production use of Veeam Backup for Microsoft Office 365 in your home lab without any feature limitations.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

A Cisco router can be configured as a DHCP Server. There are advantages and disadvantages in making your Cisco router work as DHCP Server. Almost all the features for windows DHCP can be configured on Cisco-based DHCP server. Some of the features me…
Configuring network clients can be a chore, especially if there are a large number of them or a lot of itinerant users.  DHCP dynamically manages this process, much to the relief of users and administrators alike!
Video by: ITPro.TV
In this episode Don builds upon the troubleshooting techniques by demonstrating how to properly monitor a vSphere deployment to detect problems before they occur. He begins the show using tools found within the vSphere suite as ends the show demonst…
This is my first video review of Microsoft Bookings, I will be doing a part two with a bit more information, but wanted to get this out to you folks.

660 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question