Find out if >1 dhcp server on small network

blun

blun

blun

Associate
Joined
18 Oct 2002
Posts
1,689
Location
North West England
Hi,

I set up a network for a small business a few years ago, based around a Draytek Vigor 2820 wireless router. They have about 15 client PCs, plus various iphones / blackberry's etc, a nework printer, and some VOIP phones. So, say 50 devices in total connected using either cable or wifi.

They've started seeing issues where laptops won't connect to the network over cable or wifi (the router doesn't give out an IP address to the device). Rebooting the router tends to fix this, but obviously isn't very practical.

I've been told that people have been getting IP address conflict warnings in Windows occasionally.

I'm wondering if there's another device other than the router on the network that's trying to hand out IP addresses. If two DHCP servers exist on the same small network in the same IP range, I assume they will conflict with eachother ? Would the symptom be on some occasions no IP address being given and on others, and IP being duplicated?

Finally, does anyone know a simple way to test for the existance of more than one DHCP server on a network?

Thanks in advance :)
 
You can run ipconfig/all and look at the IP of the DHCP server which assigned the IP to the computer you run the command on.

You could also run Wireshark although if you're not familiar with it then it may be hard to understand it's output.
 
I'm guessing there is enough address's in your DHCP pool for all the devices to use at the same time? Rebooting the router could be freeing up some IP's which have been leased but are not in use anymore.
 
If you can get into the business after hours, just turn off the router for a few minutes and reboot a few PCs, If you can renew your IP addresses then you have a rogue.
 
Could always change subnets and see if hosts still get IP addresses from the old range? That would be an easy way to spot a rogue DHCP server.
 
ots3go said:
Could always change subnets and see if hosts still get IP addresses from the old range? That would be an easy way to spot a rogue DHCP server.
Click to expand...

^This. Most basic routers use 192.168.0.x or 192.168.1.x range. So, maybe put your subnet on 192.168.2.x range and then check on the people who get issues.
 
Coldzero said:
I'm guessing there is enough address's in your DHCP pool for all the devices to use at the same time? Rebooting the router could be freeing up some IP's which have been leased but are not in use anymore.
Click to expand...

My guess is that this is the problem. What is the pool size set to?
 
Deception said:
^This. Most basic routers use 192.168.0.x or 192.168.1.x range. So, maybe put your subnet on 192.168.2.x range and then check on the people who get issues.
Click to expand...

If someone did this in a business you're an idiot. You can't go playing around with settings as big as this just to find a DHCP server. Altering subnets could have all untold repercussions on a lot of systems impacting the business because you're being a lazy administrator.
 
ecksmen said:
If someone did this in a business you're an idiot. You can't go playing around with settings as big as this just to find a DHCP server. Altering subnets could have all untold repercussions on a lot of systems impacting the business because you're being a lazy administrator.
Click to expand...

Actually, depending on the size of the business. It's not actually idiotic, also can be done on the weekend or after hours when no one is in. So maybe before you call someone a 'lazy administrator', at least know their thinking behind it. :)
 
Last edited:
Deception said:
Actually, depending on the size of the business. It's not actually idiotic, also can be done on the weekend or after hours when no one is in. So maybe before you call someone a 'lazy administrator', at least know their thinking behind it. :)
Click to expand...

You've just proven the point even more, changing one scope to another is just absolutely mental diagnostic step and potentially breaking more systems with foul DNS records, arp entries and the like.
 
ecksmen said:
You've just proven the point even more, changing one scope to another is just absolutely mental diagnostic step and potentially breaking more systems with foul DNS records, arp entries and the like.
Click to expand...

Like I said, if done properly, it wont cause any issues like you mention above. When I made the post, I didnt mean just go do it in the middle of the day and see what happens.
 
Last edited:
Surely the easiest method is turn off your known DHCP server, renew your client IPs and see what IP is under DHCP server after an IPConfig?
 
Liquidfox said:
Surely the easiest method is turn off your known DHCP server, renew your client IPs and see what IP is under DHCP server after an IPConfig?
Click to expand...

This, could even be done in the middle of the day with minimum impact for an hour as the chances of a significant number of clients needing a new IP during this time is minimal with such a small pool.

I still think the most likely cause is the router running out of addresses so check the pool size there, it's probably only recently become an issue due to the increasing number of mobile devices.
 
You must log in or register to reply here.
Back
Top Bottom