How to Find a Duplicate IP Address

By Vince Sparlow

Duplicate IP addresses usually occur between machines on the same LAN segment.
i network image by Allyson Ricketts from <a href=''></a>

In a TCPIP network, no two machines are supposed to have the same IP address at the same time. But there are several ways a "duplicate IP address" error can occur. In most cases, the duplicate IP addresses can be detected using the DHCP servers and checking the configuration of the machines on the LAN segment. In extreme cases, Address Resolution Protocol (ARP) messages have to be monitored to determine which machines are in conflict.

Step 1

Verify that two DHCP servers do not have overlapping IP address ranges. For DHCP servers that are using either dynamic or automatic allocation of IP addresses, this is simply a matter of comparing all of the servers' IP address ranges, looking for overlaps. However, for DHCP servers using static allocation, you will need to review each hard-coded IP address assignment. Because these are manually entered, it is easy for an administrator to make a mistake in an IP address assignment.

Step 2

Check each machine on the LAN segment that has the duplicate IP address to ensure that it does not have the duplicate IP address statically entered. It is not uncommon for an end user to statically define the IP address for their machine based on a previously assigned DHCP address. If you find a machine that has been statically configured with the duplicate IP address, there are two options. The first option is to reconfigure the machine to use DHCP so it will be assigned a new address. The second option is to configure the DHCP server to stop assigning the duplicate IP address. This is useful if the machine with the static configuration is a well known server in the environment and cannot have its address changed.

Step 3

If there are no address range overlaps in your DHCP servers and no machine can be found with a statically defined duplicate IP address, find the two conflicting machines using a network sniffer. There are many free network sniffers including the Microsoft Network Monitor, ngrep, and snoop. Use your network sniffer to monitor ARP message traffic, looking for the ARP messages that use two different MAC addresses for the same IP address. Once the two conflicting MAC addresses are found, you can find the two conflicting machines on the network that have those MAC addresses. You then need to clear each machine's ARP cache and force each machine to release its IP address and lease a new one from the DHCP server. On Windows machines, this is done with the ipconfig command.