Question : Static IP Issues on Windows Network

We have a statically configured network here so all of the workstations/servers/printer etc have a manually assigned IP address. Yesterday I replaced one of the computers in accounting. I unjoined the old one from the domain, unplugged it, plugged the new one in, and gave it the same IP configuration as the old one. No problems. About 3 hours later the user called me saying that she was getting a message popping up saying there was an IP conflict with another device on the network. Her IP address is 150.50.1.103 and I know for a FACT there are no other devices on the network with that address. So i went into the DNS server and manually removed the A record and PTR record, went down to her PC, did an ipconfig /flushdns and an ipconfig /registerdns. Still didn't seem to help. So just out of curiosity i moved her pc to the closest available address which was 150.50.1.101. then did the same dns stuff and removed the dns entries associated with 103. now shes on 101, and everything is working fine. but heres the funny thing. I can still ping 150.50.1.103 even though there is no device anywhere with that ip address. if i do an NSLOOKUP it says it doesn't exist but when i ping it i get replies.

What am i missing here? Why is 103 still hanging around and more importantly WHERE is it hanging around? Is it on the domain controller somewhere? is it somewhere on the DNS server i don't know about?

Answer : Static IP Issues on Windows Network

As has been previously mentioned you can check the MAC address against the arp tables on the switches to identify the port, and therefore the physical location of the machine. Either

ping 150.50.1.103
arp -a

or you can (not sure if this works in windows) :

arping 150.50.1.103

then look up the mac address on your switches.....

You also may be able to identify the machine by trying

start->run

\\ipaddress\C$

and seeing whether there are any administrative shares on the machine. Further identification can be carried out by going into the Documents and Settings folder (if the machine is on XP) and seeing whether there are any cached user settings....

Another alternative (if the machine is not a windows box or administrative shares are firewalled/disabled) is to try using nmap from http://insecure.org and doing an OS and service version scan....the syntax of which is

nmap -sS -sV -O x.x.x.x

(where x.x.x.x denotes the ip address of the machine)

For example, here:

PORT STATE SERVICE VERSION
80/tcp open http Boa HTTPd 0.94.11
MAC Address: 00:0F:B5:9D:83:E1 (Netgear)
Device type: general purpose
Running: Linux 2.4.X
OS details: Linux 2.4.18 - 2.4.32 (likely embedded)
Uptime: 2.508 days (since Fri Jun 5 20:53:38 2009)
Network Distance: 1 hop

Is a switch....

A Windows PC is:

PORT STATE SERVICE VERSION
53/tcp open domain?
135/tcp open msrpc Microsoft Windows RPC
139/tcp open netbios-ssn
445/tcp open microsoft-ds Microsoft Windows XP microsoft-ds
5000/tcp open upnp?
5001/tcp open commplex-link?
5800/tcp open vnc-http RealVNC 4.0 (Resolution 400x250; VNC TCP port: 5900)
5900/tcp open vnc VNC (protocol 3.8)
No exact OS matches for host (If you know what OS is running on it, see http://nmap.org/submit/ ).
TCP/IP fingerprint:
OS:SCAN(V=4.68%D=6/8%OT=53%CT=1%CU=35553%PV=Y%DS=1%G=Y%TM=4A2CC70D%P=i386-r
OS:edhat-linux-gnu)SEQ(SP=CC%GCD=1%ISR=CE%TI=Z%II=I%TS=A)SEQ(SP=CC%GCD=2%IS
OS:R=CE%TI=Z%TS=A)OPS(O1=M5B4ST11NW7%O2=M5B4ST11NW7%O3=M5B4NNT11NW7%O4=M5B4
OS:ST11NW7%O5=M5B4ST11NW7%O6=M5B4ST11)WIN(W1=16A0%W2=16A0%W3=16A0%W4=16A0%W
OS:5=16A0%W6=16A0)ECN(R=Y%DF=Y%T=98%W=16D0%O=M5B4NNSNW7%CC=N%Q=)T1(R=Y%DF=Y
OS:%T=98%S=O%A=S+%F=AS%RD=0%Q=)T2(R=N)T3(R=N)T4(R=Y%DF=Y%T=98%W=0%S=A%A=Z%F
OS:=R%O=%RD=0%Q=)T5(R=Y%DF=N%T=80%W=0%S=Z%A=S+%F=AR%O=%RD=0%Q=)T6(R=Y%DF=N%
OS:T=80%W=0%S=A%A=O%F=R%O=%RD=0%Q=)T7(R=N)U1(R=Y%DF=N%T=80%TOS=0%IPL=B0%UN=
OS:0%RIPL=G%RID=G%RIPCK=G%RUCK=G%RUL=G%RUD=G)IE(R=Y%DFI=S%T=80%TOSI=Z%CD=Z%
OS:SI=S%DLI=S)

Uptime: 14.814 days (since Sun May 24 13:36:37 2009)
Network Distance: 1 hop
Service Info: OS: Windows

Host script results:
|_ Discover OS Version over NetBIOS and SMB: Windows XP

Random Solutions

Groupwise client in direct mode

Using Vodafone(Delhi) sim to access GPRS through a GSM/GPRS Modem

how to forward email from pipe alias

DNS Loopback Problem on Watchguard Firebox - 500

VPN stopped working: Could change in W2K Domain or DC be the culprit?

WinXP VPN connection - DNS queries are sent to wrong DNS server

kindly give the steps to generate ssl certificate in apache webbrowser in windows 2003 server

What SCSI Card to Use with HP ML350 G5 and Netware 6.5

Track bandwith usage on Cisco pix 515e firewall

cisco network simulation