Ask Your Question

Revision history [back]

click to hide/show revision 1
initial version

bad ip address - possible DHCP/DNS?

I will preface by saying I am new to Wireshark, so what I'm seeing is a bit overwhelming which is why I'm here :) I've picked up on a few tips regarding filtering to narrow down the data as much as possible, but to be honest I'm still not quite sure what I am looking at regarding this issue and I apologize as I'm sure it's obvious.

The issue: since I've started here about two years ago, randomly (it seems, may happen twice a day or once a month) a client will not be able to connect to the Internet or any network resources, although ipconfig shows an address within the proper scope, as well as correct mask/gateway and DNS servers. I've been reserving the affected IP address in DHCP with a bogus MAC address and then release/renew on the affected computer so the computer will pick up a new address, at which point it's on its merry way. I've then tested with deleting the reservation and had another computer pick up the address and no issues, so the issue never seems to be consistent with a given IP address. Also I've noticed the MAC address is registering when I check the machine on the DHCP/DNS server and that is as much as I've confirmed. I've come across a few posts via Google but no pertinent solutions.

I'll link to the pcap file if anyone is available for assistance, I will be happy to answer any questions or obtain more information. Also if I eventually figure it out I'll be sure to post an update.

https://www.cloudshark.org/captures/37721f76e2bf

Client address: 10.29.0.38

DNS & DHCP servers: 192.168.10.28 / 192.168.11.28