[c-nsp] Windows Vista, Gratuitous ARP and DHCP conflicts
Phil Mayers
p.mayers at imperial.ac.uk
Tue Feb 27 04:57:36 EST 2007
Justin Shore wrote:
> Yes. This has been a major problem for us! I've seen this happen in 3
> different scenarios, all of them involving a particular model of DSL
> modem and either Vista, OS X, or D-Link WBR-1310/EBR-2310 firewalls.
>
> What I've found through a lot of sniffing is that all 3 platforms I
> listed above do a g-arp when they receive the DHCP OFFER. The g-arp has
> a source protocol address (SPA) of 0.0.0.0. The destination hardware
> address (DHA) is malformed in the case of the D-Link. I haven't checked
> on the other 2 yet. The DPA is the the IP from the DHCP OFFER. The DSL
> modem/router that is causing our problems is a VisionNet 202ER. The 202
> responds to the g-arp with its own MAC as the SHA. This causes the
> Vista/OS X/D-Link to send a DHCP DECLINE. I haven't looked into the
> guts of a DHCP DECLINE packet but I'm assuming that their is a field in
Windows XP does that. It's not new, I see it all the time on our
network, typically when a printer is squatting on someones fixed IP, or
when someone is sitting on a dynamic IP but with a ping-blocking
firewall so the DHCP server doesn't see it as "in use".
The g-arp is how the OS detects if a duplicate IP has been handed out by
DHCP (hence, the DECLINE). From what I can see, the "dhclient" Linux
client shell script uses "arping" to do the same thing.
I don't know what you're seeing, but the above behaviour is not new, and
I'm not sure that is what the OP was seeing?
More information about the cisco-nsp
mailing list