dhclient getting address that (it seems) belongs to another NIC, all packets dropped - BSD

This is a discussion on dhclient getting address that (it seems) belongs to another NIC, all packets dropped - BSD ; I have an IBM X40 with an Intel NIC, shows up as: em0 at pci1 dev 1 function 0 "Intel PRO/1000MT Mobile (82541GI)" rev 0x00: irq 11, address 00:0a:e4:2b:0e:63 I'm in a little NAT'd subnet, controlled by dhcp. So I ...

+ Reply to Thread
Results 1 to 4 of 4

Thread: dhclient getting address that (it seems) belongs to another NIC, all packets dropped

  1. dhclient getting address that (it seems) belongs to another NIC, all packets dropped

    I have an IBM X40 with an Intel NIC, shows up as:
    em0 at pci1 dev 1 function 0 "Intel PRO/1000MT Mobile (82541GI)" rev
    0x00: irq 11, address 00:0a:e4:2b:0e:63

    I'm in a little NAT'd subnet, controlled by dhcp. So I dhclient em0 to
    set it up. This gets an IP address, perfectly fine, and sets up the
    gateway, dns, etc... and I can ping the gateway, and also, the DNS
    resolution is working, as a ping to an external address shows an IP
    it's trying to hit, but no packets ever come back. tcpdump shows only
    outgoing, never anything coming back.

    dmesg shows:
    duplicate IP address 10.1.10.199 sent from ethernet address
    00:02:a5:26:fc:b3

    which makes me thing that this IP address seems to have been also
    assigned to another computer/device

    Now I'm really wondering, why is this happening? booting up in a linux
    livecd gets the same IP, but it works perfectly fine.

    is there something I'm doing wrong? This is extremely frustrating
    (having to cart around a big pccard NIC kind of takes away from the
    subnotebook effect)....


  2. Re: dhclient getting address that (it seems) belongs to another NIC, all packets dropped

    dbpatterson wrote:
    > I have an IBM X40 with an Intel NIC, shows up as:
    > em0 at pci1 dev 1 function 0 "Intel PRO/1000MT Mobile (82541GI)" rev
    > 0x00: irq 11, address 00:0a:e4:2b:0e:63
    >
    > I'm in a little NAT'd subnet, controlled by dhcp. So I dhclient em0 to
    > set it up. This gets an IP address, perfectly fine, and sets up the
    > gateway, dns, etc... and I can ping the gateway, and also, the DNS
    > resolution is working, as a ping to an external address shows an IP
    > it's trying to hit, but no packets ever come back. tcpdump shows only
    > outgoing, never anything coming back.
    >
    > dmesg shows:
    > duplicate IP address 10.1.10.199 sent from ethernet address
    > 00:02:a5:26:fc:b3
    >
    > which makes me thing that this IP address seems to have been also
    > assigned to another computer/device
    >
    > Now I'm really wondering, why is this happening? booting up in a linux
    > livecd gets the same IP, but it works perfectly fine.
    >
    > is there something I'm doing wrong? This is extremely frustrating
    > (having to cart around a big pccard NIC kind of takes away from the
    > subnotebook effect)....


    You should be looking up what lives on 10.1.10.199, 00:02:a5:26:fc:b3.
    If there's actually something there, OpenBSD is right, the DHCP server
    is configured wrong [1], and Linux just happened to work for the time
    you tried.

    For what it's worth, 00:02:a5:26:fc:b3 is assigned to Compaq, and it is
    not entirely unlikely that you'll find a Compaq-made card in a
    Compaq-made computer.

    net/arping can verify that the MAC address is in use; net/nmap might
    give a clue about what services and possible OS is running on this
    machine. Try getting a non-duplicate IP and then running, as root, nmap
    -T4 -A 10.1.10.199 [2]. This should give a result like

    # nmap -T4 -A 192.168.14.2

    Starting Nmap 4.20 ( http://insecure.org ) at 2007-08-20 11:31 CEST
    Interesting ports on melpomene.jschipper.dynalias.net (192.168.14.2):
    Not shown: 1694 closed ports
    PORT STATE SERVICE VERSION
    22/tcp open ssh OpenSSH 4.6 (protocol 2.0)
    25/tcp open smtp
    6000/tcp open X11 (access denied)
    1 service unrecognized despite returning data. If you know the
    service/version, please submit the following fingerprint at
    http://www.insecure.org/cgi-bin/servicefp-submit.cgi :
    SF-Port25-TCP:V=4.20%I=7%D=8/20%Time=46C95FBF%P=i386-unknown-openbsd4.1%r(
    SF:NULL,5C,"220\x20melpomene\.jschipper\.dynalias\.net\x20ESMT P\x20server\
    SF:.\x20Welcome!\x20Abuse\x20will\x20get\x20you\x2 0in\x20trouble\.\r\n")%r
    SFHelp,85,"220\x20melpomene\.jschipper\.dynalias\.net\x20ESMT P\x20server
    SF:\.\x20Welcome!\x20Abuse\x20will\x20get\x20you\x 20in\x20trouble\.\r\n502
    SF:\x205\.5\.2\x20Error:\x20command\x20not\x20reco gnized\r\n");
    Device type: general purpose
    Running (JUST GUESSING) : OpenBSD 3.X|4.X (96%)
    Aggressive OS guesses: OpenBSD 3.9 - 4.0 (96%), OpenBSD 4.0 (x86) (92%),
    OpenBSD 4.0 (CURRENT) macppc (89%), OpenBSD 4.0 (sparc64) (89%), OpenBSD
    3.4 (x86) (87%)
    No exact OS matches for host (test conditions non-ideal).
    Network Distance: 0 hops
    Service Info: OS: Unix

    OS and Service detection performed. Please report any incorrect results
    at http://insecure.org/nmap/submit/ .
    Nmap finished: 1 IP address (1 host up) scanned in 78.050 seconds

    which can tell you quite a bit. In this case, we even find the hostname
    as reverse DNS works ('Interesting ports on
    melpomene.jschipper.dynalias.net (192.168.14.2)'); however, as this
    might not be the case, do note that there are other ways of discovering
    the hostname.
    Many services will (might) give out the hostname when you connect; if
    SSH works and you can log in, that's probably easiest, but you can get
    hostnames from protocols like FTP, SMTP, and sometimes HTTP as well (try
    looking for http://10.1.10.199/any-nonexistent-page). In this case, my
    custom mail server header confused nmap, but the hostname is easily
    found - the 'unrecognized fingerprint' reads
    "melpomene.jschipper.dynalias.net ESMTP server. Welcome! Abuse will get
    you in trouble.".

    OS detection is imperfect - this machine runs -current, aka OpenBSD
    4.2-beta - but it did get the 'OpenBSD' part right.

    Of course, it *is* possible that there is some horrible OpenBSD bug that
    makes OpenBSD believe that the address is in use when it's not. But that
    is not the most likely scenario...

    Joachim

    [1] Or the people setting up the DHCP server don't know about
    10.1.10.199, which some guy might have set up with a static IP for some
    reason.
    [2] This almost certainly won't crash the host, your network, or kill
    kittens. but you do get to keep the pieces. System administrators tend
    to be nervous when seeing nmap, as quickly taking stock of a network is
    something that crackers like to do, too. If you don't want to or can not
    use nmap, 'nc 10.1.10.199 ', from another IP, is a bit less
    convenient but gives the same result.
    Also, -T4 specifies that nmap should scan pretty quickly. If you want to
    ease network load, use a lower number.

  3. Re: dhclient getting address that (it seems) belongs to another NIC, all packets dropped

    Hmm, okay I ran the scan (when on a different network card with a
    different IP), and I get 0 ports open, basically no information except
    that it is indeed up. (and that it is a card registered to compaq).

    what's funny is this seems like it is obviously wrong, and something
    is up, but every time I start up in linux it works perfectly. Perhaps
    the linux box is managing to take over that IP with some kind of ARP
    magic, I'm not sure.

    knowing this (which I had kind of suspected), is the best solution to
    just do a static configuration with a known free IP (the one that is
    saved for my pc card NIC) ? or is there some way to force the server
    to give me a unique IP?

    anyway, thanks for the help.


  4. Re: dhclient getting address that (it seems) belongs to another NIC, all packets dropped

    dbpatterson wrote:
    > Hmm, okay I ran the scan (when on a different network card with a
    > different IP), and I get 0 ports open, basically no information except
    > that it is indeed up. (and that it is a card registered to compaq).
    >
    > what's funny is this seems like it is obviously wrong, and something
    > is up, but every time I start up in linux it works perfectly. Perhaps
    > the linux box is managing to take over that IP with some kind of ARP
    > magic, I'm not sure.
    >
    > knowing this (which I had kind of suspected), is the best solution to
    > just do a static configuration with a known free IP (the one that is
    > saved for my pc card NIC) ? or is there some way to force the server
    > to give me a unique IP?


    If you cannot find the device which causes the problems, the best bet
    would probably be configuring the DHCP server not to hand out that
    particular address (configuring your new machine with a static address
    is a temporary solution at best, and likely to break at an inconvenient
    time).

    This, of course, depends on the DHCP server you use; if you use
    OpenBSD's, dhcpd.conf(5) documents the 'range' option, which may
    apparently be given multiple times. This would allow you to isolate the
    IP in question. (The 'host' directive may or may not work, either, but
    I'm not sure that's less ugly.) Do read the docs before configuring, as
    I'm not particularly experienced with tricky DHCP setups.

    Joachim

+ Reply to Thread