A A
RSS

Identifying and Resolving IP Address Conflicts with Linux

Thu, Jun 10, 2010

Tweet this!

How I feel when I have an IP conflict on my network; attribution http://www.flickr.com/photos/couragextoxlive/3054488331/One of the most frustrating problems a network administrator can come across is an IP address conflict, when two or more machines on a network try to use the same IP. The result is typically that some packets on the network go to one machine, and some packets go to the other – leading to intermittent packet loss and dropped connections.

Luckily, however, resolving IP address conflicts is easy if you know the right tools. This how to will teach you to find and resolve IP address conflicts on your network.

Tools

In order to identify the IP address conflict, you are going to need a Linux machine on the subnet that has the conflict, and a copy of arp-scan. You can install arp-scan on Fedora/RedHat or Ubuntu by using the following commands:

Fedora/RedHat Ubuntu
sudo yum install arp-scan sudo apt-get install arp-scan

Once arp-scan is installed, you’re just one step away from identifying (and punishing) the perpetrators!

Finding the IP Conflict

Finding an IP conflict is as simple as a single command, “arp-scan -l”. You may also wish to specify the -I option, which will allow you to pick an interface. Below, I have identified an IP address that is being claimed by two machines:

[root@pioneer jdeprizi]# arp-scan -I eth0 -l
Interface: eth0, datalink type: EN10MB (Ethernet)
Starting arp-scan 1.7 with 256 hosts (http://www.nta-monitor.com/tools/arp-scan/)
192.168.0.1 00:0f:b5:0f:f5:7e NETGEAR Inc
192.168.0.4 00:1d:09:29:77:7f Dell Inc
192.168.0.5 c4:17:fe:8c:5f:de (Unknown)
192.168.0.9 00:21:85:c2:30:6b MICRO-STAR INT’L CO.,LTD.
192.168.0.9 00:20:6b:c6:12:04 Intel Corporate (DUP: 2)
192.168.0.11 00:0d:4b:45:db:b7 Roku, LLC
192.168.0.100 00:14:d1:c5:91:00 TRENDware International, Inc.

7 packets received by filter, 0 packets dropped by kernel
Ending arp-scan 1.7: 256 hosts scanned in 1.737 seconds (147.38 hosts/sec). 7 responded

Notice that 192.168.0.9 is being claimed by two machines, and that the second machine is marked as a duplicate. I can tell that one of the machines has a Network Interface Card manufactured by MICRO-STAR and one of the machines has a NIC made by Intel. Using this information, it becomes much easier to track down and fix the IP conflict on my network.

Conclusion

Arp-scan is a very powerful tool, and I would definitely encourage network administrators to learn about its many options. Identifying machines that have an IP address conflict is just one use of the arp-scan tool, but it makes it one of my favorite programs in my toolbox.

What about you? What are the networking tools that you couldn’t live without?
Image attribution http://www.flickr.com/photos/couragextoxlive/3054488331/

Like this post?

2 Responses to “Identifying and Resolving IP Address Conflicts with Linux”

  1. Amos says:

    I haven’t got around to use it like this but there is also arpwatch which I think alerts about MAC changes for same IP address.

  2. igiron says:

    Thanks for the tip!

    I read your post yesterday and today I had to troubleshoot a problem in the network. A user changed his box IP and he didn’t tell the network admin.

    Regards

Leave a Reply

Weekly Poll

What's the best Linux distribution for desktops?

View Results

Loading ... Loading ...

Search TechThrob

Advertisement