[afnog] Windows IP Conflict
Stephane Bortzmeyer
bortzmeyer at nic.fr
Mon Dec 19 12:26:52 EAT 2005
On Mon, Dec 19, 2005 at 07:24:42AM +0000,
Maggie Yamfwa <m_yamfwa at yahoo.co.uk> wrote
a message of 42 lines which said:
> Can anyone help me. I am running a windows 2000 DHCP server. I
> have excluded a range of IP address which I have manually assigned to
> servers and the rest are automatically assigned. But some computers
> on the network are still picking the IP addresses from the excluded
> range and giving a conflict.
Run tcpdump on your network and you will discover which of Joseph's
hypothesis was true. Since DHCP is not authenticated, rogue servers,
for instance, are quite common.
The proper command-line is:
tcpdump -n -e -i eth0 port bootps or port bootpc
^^^^
Replace it with the right interface name
An example of the result:
10:24:01.859999 00:04:76:a2:58:73 > ff:ff:ff:ff:ff:ff, ethertype IPv4 (0x0800), length 342: 0.0.0.0.68 > 255.255.255.255.67: BOOTP/DHCP, Request from 00:04:76:a2:58:73, length: 300
10:24:01.861069 00:06:5b:3c:17:7e > 00:04:76:a2:58:73, ethertype IPv4 (0x0800), length 342: 192.134.7.250.67 > 192.134.7.248.68: BOOTP/DHCP, Reply, length: 300
Here, you can see 00:04:76:a2:58:73 starting (probably a boot), with
no IPv4 address yet (source is 0.0.0.0) and 00:06:5b:3c:17:7e /
192.134.7.250 replying to it and giving it the IPv4 address
192.134.7.248.
More information about the afnog
mailing list