How to Find a Duplicate IP Address
By Vince Sparlow
In a TCPIP network, no two machines are supposed to have the same IP address at the same time. But there are several ways a "duplicate IP address" error can occur. In most cases, the duplicate IP addresses can be detected using the DHCP servers and checking the configuration of the machines on the LAN segment. In extreme cases, Address Resolution Protocol (ARP) messages have to be monitored to determine which machines are in conflict.
Verify that two DHCP servers do not have overlapping IP address ranges. For DHCP servers that are using either dynamic or automatic allocation of IP addresses, this is simply a matter of comparing all of the servers' IP address ranges, looking for overlaps. However, for DHCP servers using static allocation, you will need to review each hard-coded IP address assignment. Because these are manually entered, it is easy for an administrator to make a mistake in an IP address assignment.
Check each machine on the LAN segment that has the duplicate IP address to ensure that it does not have the duplicate IP address statically entered. It is not uncommon for an end user to statically define the IP address for their machine based on a previously assigned DHCP address. If you find a machine that has been statically configured with the duplicate IP address, there are two options. The first option is to reconfigure the machine to use DHCP so it will be assigned a new address. The second option is to configure the DHCP server to stop assigning the duplicate IP address. This is useful if the machine with the static configuration is a well known server in the environment and cannot have its address changed.
If there are no address range overlaps in your DHCP servers and no machine can be found with a statically defined duplicate IP address, find the two conflicting machines using a network sniffer. There are many free network sniffers including the Microsoft Network Monitor, ngrep, and snoop. Use your network sniffer to monitor ARP message traffic, looking for the ARP messages that use two different MAC addresses for the same IP address. Once the two conflicting MAC addresses are found, you can find the two conflicting machines on the network that have those MAC addresses. You then need to clear each machine's ARP cache and force each machine to release its IP address and lease a new one from the DHCP server. On Windows machines, this is done with the ipconfig command.
- Configure your client machines to broadcast a "gratuitous ARP" message when they initialize to minimize the chances of duplicate IP addresses due to out of date ARP caches.
Vince Sparlow has been writing technical white papers, user manuals and academic papers since 1987. His work has appeared in Electronic Commerce Research journal and New Security Paradigms journal. He has also been producing radio shows and podcasts since 2003. Sparlow holds a Bachelor of Science in computer science from Texas A&M University