How to Identify and Troubleshoot an IP Conflict

What’s an IP Conflict?

An IP conflict occurs when two or more hosts in the same subnet are configured with the same IP address. When this happens, communications with the two conflicting hosts are mixed up. One host may receive packets that belong to the other one, and vice versa.

As result, IP conflicts have very unpredictable consequences on the affected hosts. Hosts may experience continuous connections and disconnections. This is something that should be addressed as soon as the problem arises.

What are the causes of an IP conflict?

IP conflicts happen for different reasons. In one scenario, one (inexperienced) user may assign a static IP address that is part of a DHCP pool to his computer. If that same IP address is then dynamically assigned to another computer by the DHCP server, an IP conflict will occur.

Fortunately, this problem can be avoided by denying users permission to set the IP settings on their computer. Unfortunately, this something that is not always possible in all network environments (e.g. Bring Your Own Device).

In another scenario, a computer is assigned an IP from the DHCP server; this computer then goes offline. As the lease timeout expires, the DHCP server may assign that IP address to another computer.

Now, let’s imagine the computer that first received the DHCP lease comes back online; for some reason, the computer isn’t able to reach the DHCP server. The computer will now self-assign the IP address using the DHCP lease saved in the cache (a behavior that is common on Linux hosts). This computer is now causing an IP conflict. This scenario is more difficult to troubleshoot than the previous one, but still possible, in my experience.

The last scenario could be caused by human error. For example, an operator may assign an existing IP address to a network device, like a router or switch. When the misconfigured device is then connected to the network, it creates an IP conflict. This scenario is avoidable by implementing peer review of network configuration changes.

How to detect an IP conflict

Both Windows and Macintosh operating systems notify the user via pop-up notification when an IP conflict is detected with another computer. Here’s an example of a Windows IP conflict notification …

Detecting an IP conflict is even more difficult if it’s affecting remote network devices that are not end-user workstations. It’s more difficult because you don’t have local access to the host and you are not able to have a stable remote session.

In this scenario, one way to detect an IP conflict is to first ping the remote IP address. If the ping test returns high packet loss, then it’s worth the continued troubleshooting.

To troubleshoot this problem you should:

1) Get access to the router that serves as the default gateway of the subnet where the conflict is happening.

2) Inspect the router’s ARP cache and check if the MAC address associated to the conflicting IP changes frequently. To verify this, you have to execute every two or three seconds the command that returns the ARP cache.

If the MAC address does change then, congratulations! … you have an IP conflict.

How to fix an IP conflict?

If you have detected an IP conflict in your network, you’ll need to correct the IP settings of the device that is “squatting”. Ideally, you or someone else on your team has access to the device, to ensure that the correct IP settings can be set. If there’s no way for you to locally access the problematic host, then you have few options.

One option is to remove the host from the network by shutting down the switch port that it’s connected to. Make sure that you do this off hours when there are no users on the network. Also, make sure that your changes won’t cause any further damage to applications or network services. Please don’t shut down a trunk port. In any case, it’s highly recommended that you review your specific case with your team and act accordingly.

I hope this article provided some guidance on how to deal with IP conflicts. If you have any feedback or questions, please do so in the comments section. Cheers!

WiFi Monitoring Client Perspective