duplicate IPs detected but having trouble finding the IPs in question in general in the rest of capture

duplicate

asked 2023-11-06 17:09:43 +0000

It shows the warning there are duplicate IPs configured. the IPs in question that they say are duplicated. I know that endpoints or conversations aren't going to show me the duplicates. but when I go to endpoints to see a list of The IPs used in the entire capture I don't see any of the 2 IPs listed at all. The same goes for conversations, regarding those IPs talking to anyone. How is that possible? Any insight would be helpful even though I've been vague with a lot of network info. I apologize for that

edit retag flag offensive close merge delete

add a comment

1 Answer

Sort by » oldest newest most voted

answered 2023-11-06 18:02:36 +0000

Chuckc
2873 ●6 ●571 ●20

Duplicate IP address are detected at the Ethernet level in the ARP protocol dissector (epan/dissectors/packet-arp.c):

    expert_add_info_format(pinfo, ti,
                           &ei_seq_arp_dup_ip,
                           "Duplicate IP address configured (%s)",
                           arpproaddr_to_str(pinfo->pool, (guint8*)&ip, 4, ETHERTYPE_IP));

You may not see any traffic at the IP level for these addresses.

edit flag offensive delete link

add a comment

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Question Tools

1 follower

Stats

Asked: 2023-11-06 17:09:43 +0000

Seen: 86 times

Last updated: Nov 06 '23

duplicate IPs detected but having trouble finding the IPs in question in general in the rest of capture edit

1 Answer