please help with bad dhcp

kevinh139

Reputable
Mar 27, 2014
3
0
4,510
hello all,
I have a small network that i manage at my work. it consists of a comcast business class router (10.0.10.1),a verizon dsl router (192.168.1.1) and a wrt-54g configured for dual wan load balance with fail over 192.168.30.1). the three are using dhcp on their on unique ip addresses and subnets. the router that connects the network to this system is 192.168.2.1 and its dhcp server hands out ip address to all of the computers and wifi clients. there are also some static address carved out of that subnet for printers.

my problem is that recently with increased frequency wired and wired clients alike are issued an ip from the subnet 192.168.3.x. i have no such subnet anywhere on my network.

if i type 192.168.3.1 in any browser on any camputer wether or not its on that subnet i get a white screen with the message "it works!" in the upper left corner.

please give me some insight into what this issue is
 
Solution
You need to find the MAC address of the DHCP server. In Windows at a command prompt you can type ARP -a to see a list of Ip addresses mapped to Mac addresses on your subnet. Not sure what command you use in MAC OSX. Once you know the MAC address you can google it and usually find the manufacturer of the product. That may help narrow down the device.
On the computer that is getting a 192.168.3 address bring up a command prompt and type in ipconfig /all. The output should tell you the ip address of the DHCP server. That may help you track down the device, maybe with a lookup so you can get the name of the device. There are also free scanners out there that you can use to scan your network and if they can't tell you the name of the device they can usually tell you enough about the ethernet port (actually the MAC address) of the device to be able to track it down.
 

kevinh139

Reputable
Mar 27, 2014
3
0
4,510


bailey thank you for the reply

i tried that from a pc and it shows me the mac of the pc card and the ip of the dhcp dns and gateway being 192.168.3.1. i have used network utility in mac osx and nothing stands out as to being the culprit.
 
You need to find the MAC address of the DHCP server. In Windows at a command prompt you can type ARP -a to see a list of Ip addresses mapped to Mac addresses on your subnet. Not sure what command you use in MAC OSX. Once you know the MAC address you can google it and usually find the manufacturer of the product. That may help narrow down the device.
 
Solution
Someone setup a Server that is handing out DHCP. Can be a Samba Server, Linus, even Windows. they went with the defaults, and when you type it in that is the website for it. most likely someone setup a 'Web Server' but just 'clicked through' the install process which installed ALL the options including DHCP.

Your best method from a computer that is getting the 192.168.3.x addressing is tracert in CMD back to there, and you can see where the DHCP is coming form as it shows the PATH, and you can narrow it down to which 'network' it is on. Then just a matter of either waiting after hours and looking at the 'switch' to see what 'on' computers are doing traffic, especially if you do a Ping 192.168.3.1 -a (resolve host name of the computer) or Ping 192.168.3.1 -t and cause that port to suddenly increase the data traffic.

The most obvious way is to ping the DHCP server, once you know what switch it is on, and start unplugging the most 'traffic' (blinking light) drops, till the PING stops. Then you know the drop and where it is in the building, either you will get a call from the person or you can walk up to them which they will be having problems, and you can address the issue at that point (might be a Manager needed to resolve this issue , had that many times with Developers pulling the 'important' card).
 

kevinh139

Reputable
Mar 27, 2014
3
0
4,510


i never thought of that. turns out it was a dual port 1gb ethernet card in my computer acting as a dhcp server. never would have imagined that. thank you for all of your assistance