This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

BAD_ADRESSES

0

hi All;

we have an issue last 2 days, Machines on networks get Ip adress but could not access to domaine. When checkd the DHCP server, we found out a list of BAD_ADRESS, even if those ip is not assigned. we Checked out the network if for other DHCP servers using wireshark ( Bootp == 2 Filetr), we found that all ip offers are from the principal DHCP Server. now we don't really know what is the problem??

is there any way to analyse the ARP or DNS server using Wireshark?

Regards;

asked 28 Mar '13, 02:26

mysystem's gravatar image

mysystem
11112
accept rate: 0%


One Answer:

2

From what I understand ( and I had to Google for it), "BAD_ADDRESS" is what is written in Windows 2008 DHCP Server logs when it goes to allocate an IP address, but finds that a host is already using it (the DHCP server does a ARP or ICMP test) and logs this event. This forum entry gave me the clue http://community.spiceworks.com/topic/251943-bad_address-in-windows-2008-dhcp-server

While you may not find a rogue DHCP server, you should be able to determine who is using that IP address. From any host you can try to ping the conflicting address, and even if you don't get a result, you should get an ARP response. From Windows you can this with "arp -a". Once you have a MAC address then it is up to you work out from your network switch mac-address tables and so forth to track down the port. Good luck!

answered 28 Mar '13, 04:49

martyvis's gravatar image

martyvis
8911525
accept rate: 7%