ip address conflict

/
/

IP ( Internet Protocol ) Address conflict occurs when two different devices in local network are using the same IP address, It can happen due to the mistakes from engineers or rogue DHCP server. However once the IP conflict happened in a critical devices we want to find out the device in few minutes. In large networks it is difficult to find out the source of the device with same IP address. Here I am explaining some methods to find out the source of IP conflict device

Error :  “ip address conflict with another system on the network”

Even if it is not 100 % solution this may help you to find some identification parameters of the source device.


1, Disable the network of original device The first thing I recommend is to disable the network of the Original device. It will help us to avoid some confusion about the original device and the new device. And do other testing from a third person’s PC.


2, Ping the IP address and Find out the TTL Value

ping_thumb

This will give you an idea about the OS/Device. For Eg, If you are getting reply with ttl 128 It may be a Windows PC. And if it is 64 it may be a Linux OS (Or Linux based Box)

(Some devices/software firewall disable the ICMP, That case don’t think it is down. Try Port scans)


3, Find the manufacturer from MAC address.

2

You can find the MAC address of the device with any scanning tools like NMAP. See above figure. you can find the source mac address from windows event viewer also. Check the event viewer of the infected system ( Windows )

3

Mac Address is a unique address for all the network device. we can Identify the manufacturer for the device from the MAC address. The first three set (6 digits) known as OUI (Organizationally Unique Identifier)

Eg MAC address 00-00-0C-11-22-33

In this MAC address First three set is “00-00-0C” and it is from CISCO SYSTEMS

Here is the list of OUI with manufactures list

http://standards.ieee.org/regauth/oui/oui.txt

http://anonsvn.wireshark.org/wireshark/trunk/manuf

http://www.coffer.com/mac_find/


4, Scan for opened Ports


By scanning the opened ports, you can identify the services running in that BOX.

See above image, SSH, HTTP and HTTPS are opened there


5, Open IP address in browser if Port 80 is opened (http://192.168.0.1)

Most devices like Wi-Fi routers, Network printers, firewalls, storages there will be a web based interface. This will give you additional information about the box.


6, Search for shared folders

You will get some important folder names If it is a file server or a desktop with file sharing enabled.

You can identify the windows username if you are getting the access to \\ipaddress\c$\Documents and Settings


7, Find hostname from IP address

Use “Ping -a” to resolve the hostname. Hostnames can give a better identification


8, Find Switch port from MAC address table

4

Login to your switch and search for the Mac address of the device. From there you can find which port is physically connected to that device.

This will give an idea about the physical location.

Command: #Show MAC address-table

Use syntax “i” (Include) for filter the specific MAC address

/
/
, ,
AjSmart Tehnology geek

Sole blogger :(

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)