0

Manually I detected an IP address conflict, which was caused by my mistake. I can solve this. But before solving I want to automatic detect an IP address conflict. So next time I do not have to search manually.

On Detect IP Conflicts on Network I found arpwatch could be used.

I found documentation on http://www.linuxcommand.org/man_pages/arpwatch8.html but without an example. This does not help me.

More in detail :

I have a Virtualbox client runing named Vbox1 (one) which is Ubuntu 16.04 The interface file (path /etc/network/interfaces) is : 

# interfaces(5) file used by ifup(8) and ifdown(8)
auto lo
iface lo inet loopback

auto enp0s3
iface enp0s3 inet static

dns-nameservers 192.168.1.70 192.168.1.1
address 192.168.1.66
# remove gateway see why : https://superuser.com/questions/1080675/set-virtualbox-network-for-ubuntu-16-04-client/1081588#1081588
#gateway 192.168.1.1

Ping to gateway :

bernard@vBox1b-client:/var/lib$ ping 192.168.1.1
PING 192.168.1.1 (192.168.1.1) 56(84) bytes of data.
64 bytes from 192.168.1.1: icmp_seq=1 ttl=64 time=0.804 ms

Check MAC address :

bernard@vBox1b-client:/$ ip link show
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: enp0s3: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000
    link/ether 08:00:27:29:98:7c brd ff:ff:ff:ff:ff:ff
3: enp0s8: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000
    link/ether 08:00:27:19:c2:cc brd ff:ff:ff:ff:ff:ff
bernard@vBox1b-client:/$

So MAC addres for enp0s3 is : 08:00:27:29:98:7c and for enp0s8 is 08:00:27:19:c2:cc

Check IPv4 address other than 127.0.0.1 and 192.168.1.66 :

bernard@vBox1b-client:/$ ip -4 addr show
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
2: enp0s3: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
    inet 192.168.1.66/24 brd 192.168.1.255 scope global enp0s3
       valid_lft forever preferred_lft forever
3: enp0s8: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
    inet 10.0.3.15/24 brd 10.0.3.255 scope global dynamic enp0s8
       valid_lft 62134sec preferred_lft 62134sec
bernard@vBox1b-client:/$

Other IP addres is : 10.0.3.15

Check arp 192.168.1.66 should return no entry : bernard@vBox1b-client:/$ arp 192.168.1.66 192.168.1.66 (192.168.1.66) -- no entry bernard@vBox1b-client:/$ This is good.

Check content /var/log/kern.log for messages of enp0s8 :

... Jul 24 12:53:20 vBox1b-client NetworkManager[8046]: [1469357600.7642] domain name 'lan' Jul 24 12:53:20 vBox1b-client NetworkManager[8046]: [1469357600.7847] dhcp4 (enp0s8): state changed bound -> bound ...

Check content /var/log/syslog.log for message of enp0s8 : No syslog.log file for VB-one

ssh to server : 

bernard@vBox1b-client:/$ ssh 192.168.1.65
ssh: connect to host 192.168.1.65 port 22: Connection timed out
bernard@vBox1b-client:/$

Result no response.

On an other Virtualbox named Vbox11 (eleven) which is also Ubuntu 16.04

With the interface file 

# interfaces(5) file used by ifup(8) and ifdown(8)
auto lo
iface lo inet loopback

auto eth1
iface eth1 inet static
dns-nameservers 192.168.1.70 192.168.1.1
address 192.168.1.66
# remove gateway see why : https://superuser.com/questions/1080675/set-virtualbox-network-for-ubuntu-16-04-client/1081588#1081588
#gateway 192.168.1.1

First I did use gateway is the interface file, now I did not. This did not make any difference. In both cases the gateway was not accessible.

Ping to gateway not possible :

bernard@vbox11:~$ ping 192.168.1.1
PING 192.168.1.1 (192.168.1.1) 56(84) bytes of data.
From 192.168.1.66 icmp_seq=1 Destination Host Unreachable 

bernard@vbox11:~$ ip link show
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default 
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000
    link/ether 08:00:27:93:71:92 brd ff:ff:ff:ff:ff:ff
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000
    link/ether 08:00:27:e7:1d:b9 brd ff:ff:ff:ff:ff:ff
bernard@vbox11:~$

So MAC address etho is : 08:00:27:93:71:92 and for eth1 is : 08:00:27:e7:1d:b9

Check IPv4 address other than 127.0.0.1 and 192.168.1.66 :

bernard@vbox11:~$ ip -4 addr show
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default 
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
    inet 10.0.2.15/24 brd 10.0.2.255 scope global eth0
       valid_lft forever preferred_lft forever
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
    inet 192.168.1.66/24 brd 192.168.1.255 scope global eth1
       valid_lft forever preferred_lft forever
bernard@vbox11:~$

Other IP address is : 10.0.2.15

Check arp 192.168.1.66 should return no entry : bernard@vbox11:~$ arp 192.168.1.66 192.168.1.66 (192.168.1.66) -- no entry bernard@vbox11:~$ This is good.

Check content /var/log/kern.log for messages of enth0 :

... Jul 26 04:39:03 vbox11 kernel: [312073.522007] IPv6: ADDRCONF(NETDEV_UP): eth0: link is not ready Jul 26 04:39:03 vbox11 kernel: [312073.522021] IPv6: ADDRCONF(NETDEV_CHANGE): eth0: link becomes ready ...

Check content /var/log/syslog.log for eth0 :

... Jul 25 12:00:39 vbox11 dhclient: DHCPREQUEST of 10.0.2.15 on eth0 to 10.0.2.2 port 67 (xid=0x11a0ba6e) Jul 25 12:00:39 vbox11 dhclient: DHCPACK of 10.0.2.15 from 10.0.2.2 Jul 25 12:00:39 vbox11 dhclient: bound to 10.0.2.15 -- renewal in 37427 seconds. Jul 25 12:00:39 vbox11 NetworkManager[889]: (eth0): DHCPv4 state changed renew -> renew ...

ssh to server : bernard@vbox11:~$ ssh 192.168.1.65 ssh: connect to host 192.168.1.65 port 22: Connection timed out bernard@vbox11:~$

result : no response.

On Virtualbox server (p5)

arp 192.168.1.66 should return result on server : bernard@p5:~$ arp 192.168.1.66 Address HWtype HWaddress Flags Mask Iface 192.168.1.66 ether 08:00:27:e7:1d:b9 C eth0 bernard@p5:~$

This is good.

Summery of diagnostics :

  • VB-one can ping to host 192.168.1.1 VB-eleven can not. VB-eleven should not be configured right, but how should it be configured?
  • The Mac addresses of VB-one are 08:00:27:29:98:7c and 08:00:27:19:c2:cc and for VB-eleven are : 08:00:27:93:71:92 and 08:00:27:e7:1d:b9 So they are different, this is good.
  • Other IPv4 address than 127.0.0.1 and 192.168.1.66 : Yes there are. For VB-one : 10.0.3.15 and for VB-eleven 10.0.2.15
  • arp 162.168.1.66 does not return result on both VM but does on the server. So this is good
  • results of /var/log/kern.log are different on both VM's. VB-one does have content for syslog.log and VB-eleven has not
  • no response for ssh to server

So when both Virtualbox clients are running it is clear VB-one and VB-eleven have both the same IP address : 192.168.1.66

Which statement(s) I have to use to find these duplicate IP address?

Alternative

I also tried to use arp-scan Detect IP Conflicts on Network but this did not work for me either.

Improve this question

1 Answer 1

Reset to default
1

arpwatch should detect the MAC address change if it is listening on the network interface the servers are listening on. It would then send an email to the configured address unless this is disabled.

However, if one of the servers was cloned from the other, they may both have the same MAC address. This will make it impossible to detect using ARP.

Check the MAC address each of these servers report. If it is the same, you will need to alter the MAC address on one of the machines to be able to reliably detect the problem.

On Ubuntu/Debian arpwatch is configured using /etc/default/arpwatch. The database(s) will be in the /var/lib/arpwatch directory.

You may experience issues connecting to the servers if they are both up and using the same MAC address.

Some diagnostic steps:

  • Ping the container from each of the hosts. This should be at 192.168.1.1 from your gateway configuration. If one of the hosts can't ping then there is a problem with its configuration.
  • Check the MAC address reported by ifconfig -a or ip link show on each of the two systems. Each system should have its own interface.
  • Check the IP addresses reported by ifconfig -a or ip -4 addr show on each of the two systems. Are there any IPv4 address other than 127.0.0.1 and 192.168.1.66.
  • Check the ouput of arp 192.168.1.66 from both systems and the container. The two virtual system should return no entry. The container should have one result.
  • Check /var/log/kern.log and /var/log/syslog for messages related to the interface: eth0 or enp0s3.
  • ssh from one virtual server to the container. Check the IP address in the output of who am i. Repeat from the other virtual server.
Improve this answer
11
  • I did not clone the virtual machines, but cloned the interfaces file. The mac address on VB-one and VB-eleven are different. I checked this in Virtualbox-manager Menu->Settings -> Network -> Both adapters (Bridged and NAT)
    – Bernard
    Commented Jul 25, 2016 at 12:06
  • @Bernard If the two servers are on different bridges with NAT they may not really be in conflict. If the are both on the same host and bridge you should be able to detect the issue using ARP tools such as arpwatch. The arpwatch database is plain text so it is easy to scan.
    – BillThor
    Commented Jul 25, 2016 at 12:14
  • Sorry but but I do not understand. What are different bridges with NAT?
    – Bernard
    Commented Jul 25, 2016 at 12:20
  • @Bernard Your servers are connected using a virtual interface called a bridge on the host running them. If they have different bridge interfaces they are isolated from each other. NAT hides their real IP form other hosts, so their IP address would only be seen on the host containing them. Please read up on bridges and NAT.
    – BillThor
    Commented Jul 25, 2016 at 12:24
  • Ok I will. In the mean time I try to open arpwatch database with bernard@vBox1b-client:/var/lib$ cd arpwatch/ bash: cd: arpwatch/: Permission denied bernard@vBox1b-client:/var/lib$ Even with sudo I can not access it.
    – Bernard
    Commented Jul 25, 2016 at 12:27

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .