The TCP/IP protocol may fail to start if another system using the same IP address is detected on the network. All the TCP/IP protocols can detect duplicate IP addresses in most cases. The following information details how this happens and how to recognize duplicate addresses in a network trace.
Each computer running TCP/IP uses a cache that contains mappings between IP addresses and media access control (MAC) or network adapter addresses on the network. The cache is maintained by the address resolution protocol (ARP) and is dynamic. When a connection attempt is made from one computer to another, the calling computer looks in its ARP cache for the target computer's IP/MAC address entry, and then builds an outgoing frame directed to the MAC address of the target computer.
If the target computer's IP address is not in the cache, the calling system broadcasts an ARP frame onto the network. The ARP frame contains the IP address of the target computer, and requests its MAC address. If the target computer exists on the local sub-net then an ARP reply will be returned to the calling computer, which updates its cache accordingly. The cache must contain correct mappings for communications to function.
At system start up, when the IP protocol initializes, it sends an ARP request containing its own MAC and IP address so that other computers can update their ARP caches. If there is already a computer using the IP address, the "older" computer will respond with an ARP reply containing its MAC and IP address, indicating a conflict. Unfortunately, many other computers may have already updated their ARP caches with the new mapping. At that point, the "younger" computer that is initializing needs to do two things:
1. Repair the ARP cache on all affected computers.
2. Cease using the duplicate address.
Computers running Microsoft TCP/IP will send out a new ARP broadcast to re-map the ARP cache on all affected computers. This new ARP will contain the MAC address and IP address of the older owner of the IP address. After sending this ARP, the IP protocol on the younger machine will report the problem to the user and the stack will shut down. The stack should not be re-started until a unique address is obtained. Note that the computer may still function at this point if another protocol such as NetBEUI is loaded.
 |
| Leave your comment below |
Good one !
ReplyDeleteThis one spiced up our knowledge :)
thx for the comment :)
DeleteNice one.....
ReplyDeleteGood one....very informative
ReplyDelete