• 0

Odd Network Trouble, What Could Be The Problem?


 Share

Question

I have a client with a small network.

 

Their DHCP is handled by their SBS 2011 server, their are two Belkin wireless devices set up as access points, and there is one tp-link un-managed switch. Other than that there is a Linksys firewall device (gateway) between their network and a cable modem.

 

The issue is that occasionally two specific workstations will drop off the network and I will find their IP addresses to be on the 192.168.99.x range, instead of the 192.168.100.x range. When I look at the network connection on the affected workstations, instead of seeing their domain name in the connection I see 'innotech.com'. This makes no sense to me since no one knows of any other hardware in the building. When the computer get's it's lease from the 192.168.99.x range, it cannot access the resources on their network and I can connect to a gateway on '192.168.99.1' over http and I receive a login prompt, which none of their documented passwords work with.

 

What should I do? How can I find out what device is giving these workstations DHCP leases on the 192.168.99.x range.

Link to comment
Share on other sites

9 answers to this question

Recommended Posts

  • 0

Good news! But having a smart switch would of allowed you to figure out which port it was without having to walk around the building and trace a wire.

Might be something to look into for making your network better.. They are not very costly, give you lots of troubleshooting tools, ability to vlan in the future, rate control of connections quite likely.

Not saying you need a full managed switch like a 2k$ cisco - but a $200 smart makes a lot of sense in a small office vs just a simple dumb switch you would run in your house with a few connections.

Link to comment
Share on other sites

  • 0

Seems the Linksys device is providing a DHCP service or some other "rouge" device smuggled on the network is causing it. Some people bring their wireless routers from home and plug them into network jacks in their office which causes headaches as a result because they don't configure the DHCP service to off!

 

Also don't use the 100.x range as cable modems use that to connect to their web interface.

Link to comment
Share on other sites

  • 0

I have a client with a small network.

 

Their DHCP is handled by their SBS 2011 server, their are two Belkin wireless devices set up as access points, and there is one tp-link un-managed switch. Other than that there is a Linksys firewall device (gateway) between their network and a cable modem.

 

The issue is that occasionally two specific workstations will drop off the network and I will find their IP addresses to be on the 192.168.99.x range, instead of the 192.168.100.x range. When I look at the network connection on the affected workstations, instead of seeing their domain name in the connection I see 'innotech.com'. This makes no sense to me since no one knows of any other hardware in the building. When the computer get's it's lease from the 192.168.99.x range, it cannot access the resources on their network and I can connect to a gateway on '192.168.99.1' over http and I receive a login prompt, which none of their documented passwords work with.

 

What should I do? How can I find out what device is giving these workstations DHCP leases on the 192.168.99.x range.

 

Just off the top of my head do an ipconfig /all and get the DHCP server IP. If it's wireless, forget the network. Recommend static IPs.

Link to comment
Share on other sites

  • 0

As SHoTTa35 mentioned, it sounds like a rogue.  Is it a SMART switch, or completely un-managed?

 

Have you tried removing them from the domain, then re-adding them?

 

Have you switched ports those machines are on, or maybe the NIC settings?

Link to comment
Share on other sites

  • 0

'ipconfig /all' on the DHCP server turns up no other interfaces with the offending IP range.

 

I'm not sure why the Linksys device would cause 'innotech.com' to show up in the network properties when the affected machine get's the IP from 192.168.99.1. So I do not think it could be that, especially since the linksys device is the known gateway for the network and it's IP is 192.168.100.1.

 

Not worried about the cable modem being a source of the issue, since it's not a consumer product, and it's in front of the gateway device.

 

The switch is completely un-managed.

 

I don't know what to do other than to do a physical sweep of the office looking for undocumented devices.

Link to comment
Share on other sites

  • 0

"'ipconfig /all' on the DHCP server turns up no other interfaces with the offending IP range."

Im not sure what that is suppose to mean? He was asking you if this was a wireless or wired connection. If wireless they could just be connecting to a different wireless network than yours. If its on their wired interface then yeah you have something connected to your network running dhcp.

if wireless, just setup your wireless clients not to connect to that network. Since you mention 2 AP on your own network, I am thinking maybe its just wireless.

But if wired, what is the mac address? You can then look this up and see what type of device it is..

You say you can access a webgui on it.. at 192.168.99.1 when from these devices - so look in their arp table "arp -a" and get the mac

http://www.coffer.com/mac_find/

http://www.macvendorlookup.com/

That might help you spot it.

If not I would suggest you get yourself a smart switch that can list what ports a mac is listed on..

example

C:\Windows\system32>arp -a

Interface: 192.168.1.100 --- 0xb

Internet Address Physical Address Type

192.168.1.7 00-0c-29-dd-02-ba dynamic

192.168.1.8 00-0c-29-57-41-d5 dynamic

192.168.1.25 00-13-b6-02-6c-09 dynamic

192.168.1.40 2c-76-8a-ad-f6-56 dynamic

192.168.1.50 00-15-99-21-1c-a0 dynamic

192.168.1.97 00-1c-c3-09-05-7a dynamic

192.168.1.220 7f-bf-a9-aa-29-5b dynamic

192.168.1.253 00-50-56-00-00-02 dynamic

192.168.1.255 ff-ff-ff-ff-ff-ff static

224.0.0.251 01-00-5e-00-00-fb static

255.255.255.255 ff-ff-ff-ff-ff-ff static

post-14624-0-50689500-1377602874.png

So for example I look at this one

192.168.1.40 2c-76-8a-ad-f6-56

So if I look 2c-76-8a up I get

http://www.coffer.com/mac_find/?string=2c-76-8a

Tells me its an HP.. while that makes sense since its my HP Microserver. Now you see from the switch listing its mac table that its connected to port 4.. So I could trace out the wire to what is connected port 4 and find it.

So you will notice more than 1 mac on a specific port.. Those are downstream switches that are connected to those ports. So your smart switch lists all the mac that are on the that downstream switch. This would tell you at list what switch your connected too if you have more than 1.

But sounds like you only have 1 switch, so you could replace it. Or when a box gets that wrong address.. Run a constant ping on the IP of the dhcp server IP that hands it out, and then from your switch start pulling every other wire 1 at a time (other than the workstation that has the wrong ip) and find out what wire your device is connected too.

But a smart switch would be less intrusive method ;) You can can get a smart switch for really cheap these days. What size switch and speed do you have currently?

You sure you doublechecked your AP?? Those seem like likely candidates for having their dhcp servers turned back on.

Link to comment
Share on other sites

  • 0

Here is the deal, as I have resolved the issue.

 

I went to the office and did some sleuthing, I found their VOIP phone system box in a closet. It was labeled 'innomedia' not innotech (sorry, was quoting from memory). Aside from having it's own modem, it had a 'LAN' connection that ran into the ceiling. I traced it to the drop by the network switches and unplugged it. All DHCP resolution issues have been resolved, there has been no impact on the phone system.

 

It must have gotten plugged in at some point, so I wrapped it up away from the switch to avoid any further confusion.

Link to comment
Share on other sites

This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    No registered users viewing this page.

  • Similar Content

    • By Usama Jawad96
      Compute and storage updates are available for mission-critical applications on Azure
      by Usama Jawad

      Microsoft has unveiled several capabilities and updates for its Azure platform, focusing on making it easier for customers to deploy end-to-end solutions. Some of these include updates to compute and storage solutions for mission-critical applications hosted on Azure.

      Server image via Shutterstock With respect to compute optimizations, on-demand capacity reservations for Azure Virtual Machines (VMs) with service-level agreements (SLAs) will arrive as a preview in April. In the same vein, customers can now scale their VMs without redeploying their scale set, with better control over cost management too. For workloads that are memory- and CPU-intensive, new Mv2 Azure VMs are available in preview as well.

      On the storage end of things, multiple capabilities have been announced, once again in preview. Among these are new Azure Premium and Standard SSDs for increased data protection in case of zonal failures. Microsoft is also offering new performance tiers for customers who want higher sustained performance on Premium SSDs without having to resize it. Finally, auto-key rotation for customer-managed encryption keys (CMEKs) are live which removes some of the management burden on the customer. Backup Center has hit general availability too, this allows backup management in unified view across multiple VMs and database servers. Archive support for Azure VMs and SQL server running on Azure VMs using PowerShell is available in "limited preview" too.

      Speaking of better management on cloud platforms, enhancements are available for Azure Monitor. These enable developers building Node.js applications on Linux App Services to utilize Application Insights using auto-instrumentation. Similarly, new features have been added to Azure Automanage, which is currently in preview. IT admins can now deploy security patches to Windows Server VMs in a matter of seconds.

      To enable faster app development and management, Azure Arc-enabled Kubernetes has hit general availability. It allows customers to manage and deploy to Kubernetes clusters efficiently via the Azure Portal and GitOps respectively. Moreover, Azure Arc-enabled machine learning is currently in preview and allows developers to build AI models in Azure Machine Learning and targeting Kubernetes clusters without having to learn Kubernetes.

      Microsoft has also released a host of new services and tools to make it easier for customers to migrate their workloads to the cloud. These include enablement programs like Azure Migration Program (AMP) and FastTrack for Azure, and documentation such as the Microsoft Cloud Adoption Frameworks. Azure Migrate has new updates in preview to enable customers to easily migrate their solutions to the cloud. These include the Azure Migrate Azure PowerShell module through which customers can migrate their servers to Azure VMs in an automated way via cmdlets.

      Finally, on the networking side, new options are available in Azure Load Balancer. For customers who want to upgrade and retain the same IPs, Azure Public IP SKU upgrade is now generally available. The same is the case with Azure Networking routing preference; as the same suggests, it allows customers more flexibility in deciding how their traffic is routed between Azure and the internet.

      For hybrid networking scenarios, Azure Route Server, ExpressRoute Gateway metrics, Virtual WAN Remote User VPN Features, and Azure Virtual WAN are currently available in preview. Meanwhile, Scalable Bastion Gateway, advanced VPN diagnostic features, and ExpressRoute IPv6 support will be rolled out in preview soon. Over on the network security side of things, Azure Front Door and Firewall Premium have been upgraded with new capabilities and are now available in preview.

      Check out our other Ignite 2021 coverage right here.

    • By News Staff
      Network Automation Cookbook ($27.99 Value) - free download
      by Steven Parker

      Claim your complimentary eBook (worth $27.99) for free, before the offer expires on 02/03.



      Network Automation Cookbook is designed to help system administrators, network engineers, and infrastructure automation engineers to centrally manage switches, routers, and other devices in their organization's network.

      This book will help you gain hands-on experience in automating enterprise networks and take you through core network automation techniques using the latest version of Ansible and Python.



      With the help of practical recipes, you'll learn how to build a network infrastructure that can be easily managed and updated as it scales through a large number of devices. You'll also cover topics related to security automation and get to grips with essential techniques to maintain network robustness. As you make progress, the book will show you how to automate networks on public cloud providers such as AWS, Google Cloud Platform, and Azure. Finally, you will get up and running with Ansible 2.9 and discover troubleshooting techniques and network automation best practices.

      By the end of this book, you'll be able to use Ansible to automate modern network devices and integrate third-party tools such as NAPALM, NetBox, and Batfish easily to build robust network automation solutions.

      This free offer expires on Feb 3.

      How to get it
      Please ensure you read the terms and conditions to claim this offer. Complete and verifiable information is required in order to receive this free offer. If you have previously made use of these free offers, you will not need to re-register. While supplies last!

      >> Network Automation Cookbook ($27.99 Value) - free download <<
      Offered by Packt Publishing, view their other free resources. Expires 02/03/21.

      Not for you?
      That's OK, there are other free eBooks on offer you can check out here.



      Home Gym Giveaway | Ultimate Gaming Giveaway (feat. PlayStation 5 & Xbox Series X) Ivacy VPN - 5 year subscription for just $1 per month NordVPN - 2 year subscription at up to 68% off Private Internet Access VPN - subscriptions at up to 71% off Unlocator VPN or SmartDNS - unblock Geoblock with 7-day free trial Neowin Store for our preferred partners. Subscribe to Neowin - for $14 a year, or $28 a year for Ad-Free experience Disable Sponsored posts · Neowin Deals · Free eBooks · Neowin Store

      Disclosure: A valid email address is required to fulfill your request. Complete and verifiable information is required in order to receive this offer. By submitting a request, your information is subject to TradePub.com's Privacy Policy.

    • By News Staff
      Save 95% off this Complete Computer Networking eBook & Video Course Bundle
      by Steven Parker

      Today's highlighted deal comes via our Online Courses section of the Neowin Deals store where you can save 95% off this Complete Computer Networking eBook & Video Course Bundle. Attain systems efficiency & security with 14+ hours of video content and 5 comprehensive e books on DevOps, Programming, AWS, CCNA, and more.



      This bundle consists of the following courses:

      The Ultimate Kubernetes Bootcamp by School of Devops [Video]
      Prepare for the CKA Exam — Master Container Orchestration with Kubernetes One Step at a Time AWS Certified Advanced Networking: Specialty Exam Guide [eBook]
      Build Your Knowledge & Technical Expertise as an AWS-Certified Networking Specialist Hands-On Network Programming with C [eBook]
      Learn Socket Programming in C & Write Secure and Optimized Network Codes Analyzing Network Traffic with Wireshark 2.6 [Video]
      Delve Into Network Traffic & Analyze Individual Protocol Data Units Active Directory Administration Cookbook [eBook]
      Actionable, Proven Solutions to Identity Management & Authentication on Servers and in the Cloud Hands-On PowerShell for Active Directory [Video]
      Use PowerShell for Active Directory to Eliminate Manual Labor with Quick Automation Tasks & Functions Effective Jenkins: Getting Started with Continuous Integration [Video]
      Learn Continuous Integration, Automate Your Jenkins Projects & Get Continuous Feedback for Your Upstream/Downstream Projects Hands-On Kubernetes Networking [Video]
      Unravel the Mystery of Networking in Your Kubernetes Cluster in a Pragmatic Manner CCNA Cyber Ops SECOPS: Certification Guide 210-255 [eBook]
      Develop Your Cybersecurity Knowledge to Obtain CyberOps Certification Hands-On Linux for Architects [eBook]
      Design & Implement Linux-Based IT Solutions Good to know
      Updates included Length of time users can access after purchase: lifetime Redemption deadline: redeem your code within 30 days of purchase For a full description, specs, and author info please click here.

      Here's the deal:
      This Complete Computer Networking eBook & Video Course Bundle normally costs* $746 but it can be yours for just $29.99 for a limited time, that's a saving of $716.01 (95%) off the price.

      >> Get this deal, or learn more about it here <<
      See all Online Courses on offer. This is a time limited deal.
      Get $1 credit for every $25 spent · Give $10, Get $10 · 10% off for first-time buyers.

      Not for you?
      If this offer doesn't interest you, why not check out the following offers:



      The Win Your Dream 2020 Tesla Model 3 Giveaway Ivacy VPN - 5 year subscription for just $0.99 per month NordVPN - 2 year subscription at up to 68% off +3 months for free! Private Internet Access VPN - subscriptions at up to 71% off Unlocator VPN or SmartDNS - unblock Geoblock with 7-day free trial Subscribe to Neowin - for $14 a year, or $28 a year for Ad-Free experience Disable Sponsored posts · Neowin Deals · Free eBooks · Neowin Store

      Disclosure: This is a StackCommerce deal or giveaway in partnership with Neowin; an account at StackCommerce is required to participate in any deals or giveaways. For a full description of StackCommerce's privacy guidelines, go here. Neowin benefits from shared revenue of each sale made through our branded deals site, and it all goes toward the running costs.

    • By Ather Fawaz
      Intel shows promising progress and key advances in integrated photonics for data centers
      by Ather Fawaz

      Image via Intel Press Kit The effective management, control, and scaling of electrical input/output (I/O) are crucial in data centers today. Innovative ideas like Microsoft's Project Natick, which submerged a complete data center underwater, and optical computing and photonics, which aim to use light as a basic energy source in a device and for transferring information.

      Building on this, at the Intel Labs Day 2020 conference today, Intel highlighted key advances in the fundamental technology building blocks that are a linchpin to the firm's integrated photonics research. These building blocks include light generation, amplification, detection, modulation, complementary metal-oxide-semiconductor (CMOS), all of which are essential to achieve integrated photonics.

      Among the first noteworthy updates, Intel showed off a prototype that featured tight coupling of photonics and CMOS technologies. This served as a proof-of-concept of future full integration of optical photonics with core compute silicon. Intel also highlighted micro-ring modulators that are 1000x smaller than contemporary components found in electronic devices today. This is particularly significant as the size and cost of conventional silicon modulators have been a substantial barrier to bringing optical technology onto server packages, which require the integration of hundreds of these devices.

      The key developments can be summarized as follows:

      These results point towards the extended use of silicon photonics beyond the upper layers of the network and onto future server packages. The firm also believes that it paves a path towards integrating photonics with low-cost, high-volume silicon, which can eventually power our data centers and networks with high-speed, low-latency links.

      Image via Intel Press Kit “We are approaching an I/O power wall and an I/O bandwidth gap that will dramatically hinder performance scaling", said James Jaussi, who is the Senior Principal Engineer and Director of the PHY Lab at Intel Labs. He signaled that the firm's "research on tightly integrating photonics with CMOS silicon can systematically eliminate barriers across cost, power, and size constraints to bring the transformative power of optical interconnects to server packages.”

    • By News Staff
      Master CompTIA Training Bundle - now 95% off for just $49.99
      by Steven Parker

      Today's highlighted deal comes via our Online Courses section of the Neowin Deals store, where for only a limited time, you can save 95% off this Master CompTIA Training Bundle. Become a certified CompTIA professional and solve basic to expert-level it issues with 200+ hours of video-led training.



      If you're just getting started with a career in IT or looking forward to climbing up the expertise ladder, getting equipped with the leading IT certifications would give you so much edge. CompTIA certifications attest that you have the competency of an IT professional from entry-level to expert. As a certified CompTIA partner, ITU Online offers this 12-course bundle to help you ace the brand new Core Series for the A+ certification, new IT Fundamentals (ITF+), PenTest+, Security+, Network+ and more. With over 200 hours, you'll be able to acquire the necessary skills as a certified and in-demand CompTIA professional.

      Included Courses

      CompTIA PenTest+ Access 217 lectures & 26 hours of content This highly hands-on course gives participants experience in network & system penetration testing CompTIA Security+ Access 81 lectures & 29 hours of content The CompTIA Security+ covers many vendor neutral topics including different types of threats & attacks, networking technologies and tools, secure design and architecture, identity and access management, risk assessment and management, and finishes up with Cryptography and Public Key Infrastructure. CompTIA CySA+ Access 67 lectures & 18 hours of content 24/7 CySA+ is focused on the knowledge and skills required to configure and use threat-detection tools, perform data analysis and interpreting the results CompTIA Advanced Security Practitioner (CASP+) Access 89 lectures & 28 hours of content Advanced-level training in risk management, enterprise security operations and architecture, research and collaboration, and integration of enterprise security CompTIA Network+ N10-007 Access 162 lectures & 26 hours of content Learn concepts that cover troubleshooting, network management, installation and configuration of networks CompTIA A+ (220-1001) Access 57 lectures & 21 hours of content Learn about mobile devices, networking technology, hardware, virtualization and cloud computing, and network troubleshooting CompTIA A+ (220-1002) Access 57 lectures & 7 hours of content Learn about Operating Systems, Security, Software Troubleshooting and Operational Procedures CompTIA FC0-U61: IT Fundamentals Access 51 lectures & 13 hours of content Assesses the candidate’s knowledge in the areas of troubleshooting theory and preventative maintenance CompTIA CompTIA Cloud+ CV0-001 Access 53 lectures & 10 hours of content Validates the knowledge and best practices required of IT practitioners working in cloud computing environments, who must understand and deliver cloud infrastructure CompTIA Cloud Essentials Access 44 lectures & 7 hours of content Geared towards IT professionals currently in or looking for positions as IT consultants, IT technical services, IT relationship managers, IT architects, consultants and business process owners analysts CompTIA LX0-101 & LX0-102: CompTIA Linux+ Access 100 lectures & 16.5 hours of content 24/7 Perform maintenance tasks with the command line, install and configure a workstation, and be able to configure a basic network CompTIA MB0-001: Mobility+ Access 48 lectures & 8.5 hours of content Covers mobile device management, troubleshooting, security, & network infrastructure Good to know
      Length of time users can access this course: Lifetime Redemption deadline: redeem your code within 30 days of purchase For a full description, specs, and instructor info, click here.

      Here's the deal:
      This Master CompTIA Training Bundle normally costs* $1,188, but you can pick it up for just $49.99 for a limited time - that represents a saving of $1,138.01 (95%) off!

      >> Get this deal, or learn more about it <<
      See all discounted Online Courses on offer. This is a time-limited deal.


      Get $1 credit for every $25 spent · Give $10, Get $10 · 10% off for first-time buyers.

      Not for you?
      If this offer doesn't interest you, why not check out the following offers:

      The Win Your Dream 2020 Tesla Model 3 Giveaway
      20% off Ivacy VPN subscription with coupon code IVACY20 NordVPN subscription at up to 68% off for a 2 year plan Private Internet Access VPN subscription at up to 71% off Unlocator VPN or SmartDNS unblock Geoblock with 7-day free trial Disable Sponsored posts · Other recent deals · Preferred partner software

      Disclosure: This is a StackCommerce deal or giveaway in partnership with Neowin; an account at StackCommerce is required to participate in any deals or giveaways. For a full description of StackCommerce's privacy guidelines, go here. Neowin benefits from shared revenue of each sale made through our branded deals site, and it all goes toward the running costs.