Subscriber Discussion

Network Tool That Scans For IP Conflicts?

Avatar
Sean Nelson
Mar 10, 2017
Nelly's Security

Is their any type of network tool that will scan for IP conflicts. Meaning will it actually show me 2 or more devices that have the same IP address. I know Angry IP scanner scans the network for all IP's but It wont show duplicate IP's.

Avatar
Brian Karas
Mar 10, 2017
IPVM

Not sure such a thing could work reliably.

For the scanning device, its ARP table would likely only have 1 MAC/IP combo.

It might work if the conflicting devices supported some kind of broadcast discovery and response where you could do a broadcast asking devices to report back their current IP's and they would reply with a broadcast response. I could see this working best if the conflicting devices were both from the same vendor. But you would need a tool that knows how to broadcast and listen for a very wide variety of products (cameras, printers, PCs, etc.)

Bigger question: what scenario are you running into so frequently that you need such a tool?

 

(1)
Avatar
Sean Nelson
Mar 10, 2017
Nelly's Security

not just cameras. Everything. In our own network. we have many different devices on our network that has grown over time and we had no real intelligent way of assigning IP addresses so every now and then we get IP conflicts and we cant for the life of us find out where it is.

Avatar
Brian Karas
Mar 10, 2017
IPVM

IMO you are going about it wrong.

Create a shared spreadsheet on Google docs (or whatever). Put 1-255 down the first column (to correspond to last octect of your subnet) and start filling out what each IP should be assigned to (.1 for router, .2 for first managed switch, whatever).

If you are going to assign static IP's to things you have to keep it documented or you are just forever chasing weird flaky problems. I try to break a subnet into logical IP groups (.1-.10 for main infrastructure, .11-.20 for cameras or servers or whatever, and so on). Then make sure your DHCP server is set to serve IP's out of a different range. If something that has a DHCP IP needs to stay around, move it to an IP in the static group and label it.

An alternative is to set your DHCP pool to something like .5 to .255 and use DHCP reservations for static IPs and leave everything DHCP. Then your master list of IPs is in your DHCP server.

If you have managed switches you can look at ARP info for each port and see where IP addresses are, chase the cable down, and find the device.

But what you need for your solution is a document, not a tool, IMO.

 

(2)
(2)
Avatar
John Scanlan
Mar 10, 2017
IPVM • IPVMU Certified

maybe in lieu of a scanner, an IP scheme and documentation would help.  for our network we keep a password protected spreadsheet that is accessible from the web (we work from home and the office).

We group our devices in IP ranges by device type e.g.

.1 - .10 = infrastructure (routers / switches / APs /etc)

.11 - .30 = DHCP, we statically address most devices, so we do not need more than 20 address

.100 - .120 = Servers, test machines, our workstations

We might not be using .115 - .120, but we still those addresses earmarked for future servers, test machines, workstations so that all like devices will be logically addressed.

Also, we have a lot cameras...hundreds.  While they are not online at the same time we still want dedicated addresses for those.  We borrowed a bit to get more host addresses before we used: 172.20.128.1 - 172.20.128.255 with a 255.255.255.0 subnet mask providing us with 254 IP addresses.  We moved to 172.20.128.1 - 172.20.129.255 by using a 255.255.254.0 subnet mask.

this gives us over 500 addresses, so we have enough addresses for all of our equipment - even though 90% of that equipment is offline at any given time.

This doesn't need to be a major project, start documenting / organizing each time you work on a device.  It can be taken care of gradually

(2)
Avatar
Sean Nelson
Mar 10, 2017
Nelly's Security

we have DHCP assigning certain IP addresses based on MAC addresses. Their is somewhere along the line where we messed up and I was just trying to find a quick way of finding the duplicate before going through alot of work to re-do everything.

(1)
Avatar
Brian Karas
Mar 10, 2017
IPVM

In your situation, I'd look at ARP tables on the switches.

Also if you have an IP conflict and you know at least one of the devices, turn that one off, flush ARP tables on a PC, and then ping that IP again, then look at ARP table for MAC address, which you can correlate to vendor to help hunt down the other device. Might also try hitting that IP's web port to see if it is something with a web UI that you can use to figure out where/what it is.

 

MC
Marty Calhoun
Mar 10, 2017
IPVMU Certified

Ubiquiti Unifi works well, not sure if you can use it without their devices. It spits out everything you could need to deploy a system correctly

UI
Undisclosed Integrator #1
Mar 10, 2017

Something like this would be helpful when adding cameras to someone else's network that did a poor job of documenting devices. 

I had a campground that consisted of half a dozen or more buildings connected by fibre and they gave us a block of ips that we could put the cameras on. Their network started going haywire as we added cameras where there were already devices but we weren't exactly sure which cameras were causing the problem. 

 

Avatar
Ricardo Souza
Mar 11, 2017
Motorola Solutions • IPVMU Certified

Solarwinds can create this kind of report for you.

it is a paid tool but you can download a trial on their website. it is a great network monitoring tool.

(1)
(1)
UE
Undisclosed End User #2
Mar 12, 2017

Specifically SolarWinds ipam can track ip usage and detect conflicts though it can't help you find where the specific device is in the network.to find specifically what port the rogue device is plugged into you need solarwinds user device tracker.  If you need a ip address management tool for cheap windows server 2012 has a role you can install for it.  Hope that helps.

(2)
UM
Undisclosed Manufacturer #3
Mar 12, 2017

https://www.netbraintech.com/

Avatar
Gavin Hill
Mar 14, 2017

Managing a large number of subnets with different parameters and configurations in a spreadsheet becomes time consuming and messy.  Look at a dedicated IPAM tool like the commercial ones from Solarwinds or one of the open source tools such as phpIPAM https://github.com/phpipam/phpipam

 

jw
jim warner
Mar 14, 2017

Several have commented on record keeping.

Duplicate detection is covered in IETF RFC 5227. Devices are expected to test their address using ARP to make sure that it is available before they use it. The important sentence in the RFC is

   The configuring
   software may choose to cease network operation, or it may
   automatically select a new address so that the host may re-establish
   IP connectivity as soon as possible.

If hosts are following the standard, there cannot be two using the same
IP simultaneously. So directly detecting them is not possible.


(1)
New discussion

Ask questions and get answers to your physical security questions from IPVM team members and fellow subscribers.

Newest discussions