1. Introduction
Here, we introduce how to use Wireshark to detect local IP conflicts in the network. An IP conflict generally occurs within a local area network when, for example, two hosts use the same IP address. This can be further divided into personal host IP conflicts and server host IP conflicts. Our analysis will focus specifically on starting from the local personal computer.
2. Personal host IP conflict
Phenomenon: First of all, the personal hosts we are talking about include PCs such as laptops and mobile devices such as mobile phones. Then, we are in the same LAN environment (generally speaking, connected to the same WIFI, campus network, company intranet), and then, personal host A and personal host B are assigned the same IP address, which we assume is 192.168.5.31. As for why two hosts use the same IP? There are many reasons: 1. Personal host B manually assigned its own IP: 192.168.5.31, but this IP has been assigned to host A by DHCP before. So there is an IP conflict.
In the same LAN (WIFI, campus network, company intranet), there are too many users accessing, resulting in IP reallocation. That is, there are many users accessing, and IP addresses are not enough. For example, 192.168.5.31 has been assigned to host A, but host A is offline. Host B is online, but at this time, there are too many users accessing, and the DHCP pool has no IP addresses to allocate. At this time, some IP addresses have been allocated, but the hosts with the allocated IP addresses are offline. At this time, the IP will be reclaimed and allocated to host B. Due to the problem of DHCP update, host A can still use the original address. This causes an IP conflict. There are many other reasons that will not be introduced here one by one.
Let us briefly analyze the causes of these problems.
Local host A is: 192.168.5.31
Set the wireshark display filter to: !dns and ip.addr == 192.168.5.31
Or!(dns and arp) and tcp.port == 80 or tcp.port == 443
Other settings: [View]â[Explain Name]â[Explain Network Address], [Explain Physical Address]<<â (check)
Judgment basis: First, close the network connection of local host A as much as possible [browser, download, various network communications â QQ, WeChat, etc.], so that the local host is in a disconnected state
We then observe the traffic captured in it.
Phenomenon 1: If many other network connections appear at this time (Baidu, Taobao, etc. or some other websites), it proves that another host with the same IP address in the LAN is accessing the Internet, thus proving the IP conflict.
Phenomenon 2: If there are not many other connections at this time, it proves that another host with the same IP address in the LAN is not connected to the Internet or the network traffic is very small, which proves the IP conflict.
Phenomenon 3: For the source host with the website IP, there will be two return connections, and the lengths are the same. This proves that another host with the same IP in the LAN is surfing the Internet, thus proving the IP conflict.
3. Server IP conflict
192.168.5.31, the container is JETTY, of course other containers are also possible, then the address we access the server on the personal host is: http://192.168.5.31:8000/
Phenomenon: We visit http://192.168.5.31:8000/ and find that sometimes we can access the webpage, but sometimes we cannot. Or we can access this address, but the access speed is very slow.
Note: Because there is no ready-made case, this is temporarily handled as a personal host IP conflict. In fact, the analysis method and phenomenon of packet capture at the server gateway are exactly the same as those of personal host IP conflict. However, from the perspective of the personal host, the analysis is much more difficult. It is as difficult as the ancient Chinese medicine doctorâs pulse diagnosis.
Let us briefly analyze the causes of these problems.
The serverâs A is: 192.168.5.31
Server B is: 192.168.5.31
Set the wireshark display filter to: !dns and ip.addr == 192.168.5.31
Other settings: [View]â[Explain Name]â[Explain Network Address], [Explain Physical Address]<<â (check)
Judgment basis:
Phenomenon 1: If many other network connections appear at this time (Baidu, Taobao, etc. or some other websites), it proves that another host with the same IP address in the LAN is accessing the Internet, thus proving the IP conflict.
Phenomenon 2: If there are not many other connections at this time, it proves that another host with the same IP address in the LAN is not connected to the Internet or the network traffic is very small, which proves the IP conflict.
Phenomenon 3: For the source host with the website IP, there will be two return connections, and the lengths are the same. This proves that another host with the same IP in the LAN is surfing the Internet, thus proving the IP conflict.
4. Summary
This content provides a guide on using Wireshark to detect local IP conflicts within a network. It begins by explaining that IP conflicts occur when two devices within a LAN (such as on a WiFi network, campus network, or company intranet) are assigned the same IP address. These conflicts can happen due to manual IP assignments that clash with DHCP allocations when a device is offline or due to insufficient IP addresses. The guide covers two main scenarios: personal host IP conflicts and server IP conflicts. For personal devices, the guide suggests filtering traffic in Wireshark using specific IP settings to identify overlapping activities, indicating an IP conflict. Signs of conflict include unexpected network connections, slow access speeds, and duplicate return connections. The server conflict scenario involves accessing a server address that sometimes fails or slows down due to IP overlap, with troubleshooting techniques similar to those for personal devices. The document includes illustrative images and concludes with techniques to identify and resolve IP conflicts, emphasizing the importance of correct IP management to prevent such network issues. Keywords such as âDetect local IP conflictsâ are central to the content, aligning with the focus on networking and computer diagnostics.