[afnog] Windows IP Conflict

Stephane Bortzmeyer bortzmeyer at nic.fr
Mon Dec 19 12:26:52 EAT 2005


On Mon, Dec 19, 2005 at 07:24:42AM +0000,
 Maggie Yamfwa <m_yamfwa at yahoo.co.uk> wrote 
 a message of 42 lines which said:

> Can anyone help me.  I am running a windows 2000 DHCP server.  I
> have excluded a range of IP address which I have manually assigned to
> servers and the rest are automatically assigned.  But some computers
> on the network are still picking the IP addresses from the excluded
> range and giving a conflict.

Run tcpdump on your network and you will discover which of Joseph's
hypothesis was true. Since DHCP is not authenticated, rogue servers,
for instance, are quite common.

The proper command-line is:

tcpdump -n -e -i eth0 port bootps or port bootpc
              ^^^^
              Replace it with the right interface name   

An example of the result:

10:24:01.859999 00:04:76:a2:58:73 > ff:ff:ff:ff:ff:ff, ethertype IPv4 (0x0800), length 342: 0.0.0.0.68 > 255.255.255.255.67: BOOTP/DHCP, Request from 00:04:76:a2:58:73, length: 300
10:24:01.861069 00:06:5b:3c:17:7e > 00:04:76:a2:58:73, ethertype IPv4 (0x0800), length 342: 192.134.7.250.67 > 192.134.7.248.68: BOOTP/DHCP, Reply, length: 300

Here, you can see 00:04:76:a2:58:73 starting (probably a boot), with
no IPv4 address yet (source is 0.0.0.0) and 00:06:5b:3c:17:7e /
192.134.7.250 replying to it and giving it the IPv4 address
192.134.7.248.



More information about the afnog mailing list