One of the most frustrating problems a network administrator can come across is an IP address conflict, when two or more machines on a network try to use the same IP. The result is typically that some packets on the network go to one machine, and some packets go to the other – leading to intermittent packet loss and dropped connections.
Luckily, however, resolving IP address conflicts is easy if you know the right tools. This how to will teach you to find and resolve IP address conflicts on your network.
In order to identify the IP address conflict, you are going to need a Linux machine on the subnet that has the conflict, and a copy of arp-scan. You can install arp-scan on Fedora/RedHat or Ubuntu by using the following commands:
sudo yum install arp-scan
sudo apt-get install arp-scan
Once arp-scan is installed, you’re just one step away from identifying (and punishing) the perpetrators!
Finding the IP Conflict
Finding an IP conflict is as simple as a single command, “arp-scan -l”. You may also wish to specify the -I option, which will allow you to pick an interface. Below, I have identified an IP address that is being claimed by two machines:
[[email protected] chankeypathak]# arp-scan -I eth0 -l Interface: eth0, datalink type: EN10MB (Ethernet) Starting arp-scan 1.7 with 256 hosts (http://www.nta-monitor.com/tools/arp-scan/) 192.168.0.1 00:0f:b5:0f:f5:7e NETGEAR Inc 192.168.0.4 00:1d:09:29:77:7f Dell Inc 192.168.0.5 c4:17:fe:8c:5f:de (Unknown) 192.168.0.9 00:21:85:c2:30:6b MICRO-STAR INT’L CO.,LTD. 192.168.0.9 00:20:6b:c6:12:04 Intel Corporate (DUP: 2) 192.168.0.11 00:0d:4b:45:db:b7 Roku, LLC 192.168.0.100 00:14:d1:c5:91:00 TRENDware International, Inc. 7 packets received by filter, 0 packets dropped by kernel Ending arp-scan 1.7: 256 hosts scanned in 1.737 seconds (147.38 hosts/sec). 7 responded
Notice that 192.168.0.9 is being claimed by two machines, and that the second machine is marked as a duplicate. I can tell that one of the machines has a Network Interface Card manufactured by MICRO-STAR and one of the machines has a NIC made by Intel. Using this information, it becomes much easier to track down and fix the IP conflict on my network.
arp-scan is a very powerful tool, and I would definitely encourage network administrators to learn about its many options. Identifying machines that have an IP address conflict is just one use of the arp-scan tool, but it makes it one of my favorite programs in my toolbox.
What about you? What are the networking tools that you couldn’t live without?