|
||||||||
But the client does not get any arp reply. I cannot ping or otherwise contact the declined address. The Vista client will retry to get an address - a new IP is offered. This sequence keeps looping for 100 different IP/DHCP offers. /Søren -----Original Message----- From: Anders Hagman [mailto:anders dot hagman at netplex dot se] Sent: 26. marts 2009 09:30 To: m0n0wall at lists dot m0n0 dot ch Subject: Re: [m0n0wall] DHCPDECLINE Hi The only thing I found was a device stealing the address. Søren Vanggaard Jensen skrev: > Hi, > > I REALLY need your help with this one.... > > I have a wireless network. All accesspoints are sitting behind > monowall > (net5501 + embedded image). Most clients connect without problems. > However, a few VISTA clients are unable to obtain an IP address vis monowall DHCP. > > If the VISTA machine is left connected, chances are, that the client > will > (temporarily) get an IP address after a day or two. This is of course > unacceptable. The problem only affects some VISTA machines. > > I've tried just about everything - including VISTA registry fixes, > disabling IPv6, adding broadcast flag to dhcpd.conf etc. etc. > > Below I've pasted a wireshark capture taken on one of the affected machines. > For no apparent reason the VISTA Home Premium (SP1) declines the address. > This loop continues endlessly. Please, Please, Please take a look at > the below trace and let me know i you have any ideas regarding solving > this problem. > > Monowall is at 10.0.10.1 (mac 00:00:24:cb:1f:9e) Client has mac > 00:15:af:30:bc:95 > > BR > /Søren > > > No. Time Source Destination Protocol > Info > 13 15:31:11.982579 0.0.0.0 255.255.255.255 DHCP > DHCP Discover - Transaction ID 0x1df18178 > > Frame 13 (342 bytes on wire, 342 bytes captured) Ethernet II, Src: > Azurewav_30:bc:95 (00:15:af:30:bc:95), Dst: Broadcast > (ff:ff:ff:ff:ff:ff) > Internet Protocol, Src: 0.0.0.0 (0.0.0.0), Dst: 255.255.255.255 > (255.255.255.255) > User Datagram Protocol, Src Port: bootpc (68), Dst Port: bootps (67) > Bootstrap Protocol > > No. Time Source Destination Protocol > Info > 14 15:31:12.025251 Olicom_cb:1f:9e Broadcast ARP > Who has 10.0.10.157? Tell 10.0.10.1 > > Frame 14 (60 bytes on wire, 60 bytes captured) Ethernet II, Src: > Olicom_cb:1f:9e (00:00:24:cb:1f:9e), Dst: Broadcast > (ff:ff:ff:ff:ff:ff) > Address Resolution Protocol (request) > > No. Time Source Destination Protocol > Info > 15 15:31:12.046721 10.0.10.1 255.255.255.255 DHCP > DHCP Offer - Transaction ID 0x1df18178 > > Frame 15 (342 bytes on wire, 342 bytes captured) Ethernet II, Src: > Olicom_cb:1f:9e (00:00:24:cb:1f:9e), Dst: Broadcast > (ff:ff:ff:ff:ff:ff) > Internet Protocol, Src: 10.0.10.1 (10.0.10.1), Dst: 255.255.255.255 > (255.255.255.255) > User Datagram Protocol, Src Port: bootps (67), Dst Port: bootpc (68) > Bootstrap Protocol > > No. Time Source Destination Protocol > Info > 16 15:31:12.047595 0.0.0.0 255.255.255.255 DHCP > DHCP Request - Transaction ID 0x1df18178 > > Frame 16 (350 bytes on wire, 350 bytes captured) Ethernet II, Src: > Azurewav_30:bc:95 (00:15:af:30:bc:95), Dst: Broadcast > (ff:ff:ff:ff:ff:ff) > Internet Protocol, Src: 0.0.0.0 (0.0.0.0), Dst: 255.255.255.255 > (255.255.255.255) > User Datagram Protocol, Src Port: bootpc (68), Dst Port: bootps (67) > Bootstrap Protocol > > No. Time Source Destination Protocol > Info > 17 15:31:12.098901 10.0.10.1 255.255.255.255 DHCP > DHCP ACK - Transaction ID 0x1df18178 > > Frame 17 (342 bytes on wire, 342 bytes captured) Ethernet II, Src: > Olicom_cb:1f:9e (00:00:24:cb:1f:9e), Dst: Broadcast > (ff:ff:ff:ff:ff:ff) > Internet Protocol, Src: 10.0.10.1 (10.0.10.1), Dst: 255.255.255.255 > (255.255.255.255) > User Datagram Protocol, Src Port: bootps (67), Dst Port: bootpc (68) > Bootstrap Protocol > Now the PC has the address 10.0.10.157 but should test the address with a gratuitous ARP to assure that the address isn't used. It does not, it starts to use the address for IGMP, LLMNR and DNS. > No. Time Source Destination Protocol > Info > 18 15:31:12.126594 10.0.10.157 224.0.0.252 IGMP > V2 Membership Report > > Frame 18 (46 bytes on wire, 46 bytes captured) Ethernet II, Src: > Azurewav_30:bc:95 (00:15:af:30:bc:95), Dst: > 01:00:5e:00:00:fc (01:00:5e:00:00:fc) > Internet Protocol, Src: 10.0.10.157 (10.0.10.157), Dst: 224.0.0.252 > (224.0.0.252) > Internet Group Management Protocol > > No. Time Source Destination Protocol > Info > 19 15:31:12.127938 10.0.10.157 224.0.0.252 UDP > Source port: 58869 Destination port: 5355 > > Frame 19 (66 bytes on wire, 66 bytes captured) Ethernet II, Src: > Azurewav_30:bc:95 (00:15:af:30:bc:95), Dst: > 01:00:5e:00:00:fc (01:00:5e:00:00:fc) > Internet Protocol, Src: 10.0.10.157 (10.0.10.157), Dst: 224.0.0.252 > (224.0.0.252) > User Datagram Protocol, Src Port: 58869 (58869), Dst Port: 5355 (5355) > Data (24 bytes) > > 0000 38 cc 00 00 00 01 00 00 00 00 00 00 06 70 6f 75 8............pou > 0010 6c 50 43 00 00 ff 00 01 lPC..... > > No. Time Source Destination Protocol > Info > 20 15:31:12.170162 10.0.10.157 239.255.255.250 IGMP > V2 Membership Report > > Frame 20 (46 bytes on wire, 46 bytes captured) Ethernet II, Src: > Azurewav_30:bc:95 (00:15:af:30:bc:95), Dst: > 01:00:5e:7f:ff:fa (01:00:5e:7f:ff:fa) > Internet Protocol, Src: 10.0.10.157 (10.0.10.157), Dst: > 239.255.255.250 > (239.255.255.250) > Internet Group Management Protocol > > No. Time Source Destination Protocol > Info > 21 15:31:12.181241 10.0.10.157 10.0.10.255 NBNS > Registration NB POULPC<00> > > Frame 21 (110 bytes on wire, 110 bytes captured) Ethernet II, Src: > Azurewav_30:bc:95 (00:15:af:30:bc:95), Dst: Broadcast > (ff:ff:ff:ff:ff:ff) > Internet Protocol, Src: 10.0.10.157 (10.0.10.157), Dst: 10.0.10.255 > (10.0.10.255) > User Datagram Protocol, Src Port: netbios-ns (137), Dst Port: > netbios-ns > (137) > NetBIOS Name Service > > No. Time Source Destination Protocol > Info > 22 15:31:12.208508 10.0.10.157 10.0.10.1 DNS > Standard query A isatap.bogenseferiepark.local > > Frame 22 (89 bytes on wire, 89 bytes captured) Ethernet II, Src: > Azurewav_30:bc:95 (00:15:af:30:bc:95), Dst: > Olicom_cb:1f:9e (00:00:24:cb:1f:9e) > Internet Protocol, Src: 10.0.10.157 (10.0.10.157), Dst: 10.0.10.1 > (10.0.10.1) > User Datagram Protocol, Src Port: 54173 (54173), Dst Port: domain (53) > Domain Name System (query) > > No. Time Source Destination Protocol > Info > 23 15:31:12.228246 10.0.10.157 224.0.0.252 UDP > Source port: 58869 Destination port: 5355 > > Frame 23 (66 bytes on wire, 66 bytes captured) Ethernet II, Src: > Azurewav_30:bc:95 (00:15:af:30:bc:95), Dst: > 01:00:5e:00:00:fc (01:00:5e:00:00:fc) > Internet Protocol, Src: 10.0.10.157 (10.0.10.157), Dst: 224.0.0.252 > (224.0.0.252) > User Datagram Protocol, Src Port: 58869 (58869), Dst Port: 5355 (5355) > Data (24 bytes) > > 0000 38 cc 00 00 00 01 00 00 00 00 00 00 06 70 6f 75 8............pou > 0010 6c 50 43 00 00 ff 00 01 lPC..... > > No. Time Source Destination Protocol > Info > 24 15:31:12.233147 Olicom_cb:1f:9e Broadcast ARP > Who has 10.0.10.157? Tell 10.0.10.1 > > Frame 24 (60 bytes on wire, 60 bytes captured) Ethernet II, Src: > Olicom_cb:1f:9e (00:00:24:cb:1f:9e), Dst: Broadcast > (ff:ff:ff:ff:ff:ff) > Address Resolution Protocol (request) > > No. Time Source Destination Protocol > Info > 25 15:31:12.233166 Azurewav_30:bc:95 Olicom_cb:1f:9e ARP > 10.0.10.157 is at 00:15:af:30:bc:95 > > Frame 25 (42 bytes on wire, 42 bytes captured) Ethernet II, Src: > Azurewav_30:bc:95 (00:15:af:30:bc:95), Dst: > Olicom_cb:1f:9e (00:00:24:cb:1f:9e) > Address Resolution Protocol (reply) > > No. Time Source Destination Protocol > Info > 26 15:31:12.258990 10.0.10.1 10.0.10.157 DNS > Standard query response, No such name > > Frame 26 (89 bytes on wire, 89 bytes captured) Ethernet II, Src: > Olicom_cb:1f:9e (00:00:24:cb:1f:9e), Dst: > Azurewav_30:bc:95 (00:15:af:30:bc:95) > Internet Protocol, Src: 10.0.10.1 (10.0.10.1), Dst: 10.0.10.157 > (10.0.10.157) > User Datagram Protocol, Src Port: domain (53), Dst Port: 54173 (54173) > Domain Name System (response) > > No. Time Source Destination Protocol > Info > 27 15:31:12.287608 10.0.10.157 224.0.0.2 IGMP > V2 Leave Group > > Frame 27 (46 bytes on wire, 46 bytes captured) Ethernet II, Src: > Azurewav_30:bc:95 (00:15:af:30:bc:95), Dst: > 01:00:5e:00:00:02 (01:00:5e:00:00:02) > Internet Protocol, Src: 10.0.10.157 (10.0.10.157), Dst: 224.0.0.2 > (224.0.0.2) > Internet Group Management Protocol > > No. Time Source Destination Protocol > Info > 28 15:31:12.289184 10.0.10.157 239.255.255.250 IGMP > V2 Membership Report > > Frame 28 (46 bytes on wire, 46 bytes captured) Ethernet II, Src: > Azurewav_30:bc:95 (00:15:af:30:bc:95), Dst: > 01:00:5e:7f:ff:fa (01:00:5e:7f:ff:fa) > Internet Protocol, Src: 10.0.10.157 (10.0.10.157), Dst: > 239.255.255.250 > (239.255.255.250) > Internet Group Management Protocol > > No. Time Source Destination Protocol > Info > 29 15:31:12.321030 10.0.10.157 224.0.0.2 IGMP > V2 Leave Group > > Frame 29 (46 bytes on wire, 46 bytes captured) Ethernet II, Src: > Azurewav_30:bc:95 (00:15:af:30:bc:95), Dst: > 01:00:5e:00:00:02 (01:00:5e:00:00:02) > Internet Protocol, Src: 10.0.10.157 (10.0.10.157), Dst: 224.0.0.2 > (224.0.0.2) > Internet Group Management Protocol > > No. Time Source Destination Protocol > Info > 30 15:31:12.322368 10.0.10.157 239.255.255.250 IGMP > V2 Membership Report > > Frame 30 (46 bytes on wire, 46 bytes captured) Ethernet II, Src: > Azurewav_30:bc:95 (00:15:af:30:bc:95), Dst: > 01:00:5e:7f:ff:fa (01:00:5e:7f:ff:fa) > Internet Protocol, Src: 10.0.10.157 (10.0.10.157), Dst: > 239.255.255.250 > (239.255.255.250) > Internet Group Management Protocol > > No. Time Source Destination Protocol > Info > 31 15:31:12.326139 10.0.1.2 239.255.255.250 IGMP > V2 Membership Query > > Frame 31 (60 bytes on wire, 60 bytes captured) Ethernet II, Src: > Draytek_f0:17:c5 (00:50:7f:f0:17:c5), Dst: > 01:00:5e:7f:ff:fa (01:00:5e:7f:ff:fa) > Internet Protocol, Src: 10.0.1.2 (10.0.1.2), Dst: 239.255.255.250 > (239.255.255.250) > Internet Group Management Protocol > > No. Time Source Destination Protocol > Info > 32 15:31:12.359793 10.0.1.2 239.255.255.250 IGMP > V2 Membership Query > > Frame 32 (60 bytes on wire, 60 bytes captured) Ethernet II, Src: > Draytek_f0:17:c5 (00:50:7f:f0:17:c5), Dst: > 01:00:5e:7f:ff:fa (01:00:5e:7f:ff:fa) > Internet Protocol, Src: 10.0.1.2 (10.0.1.2), Dst: 239.255.255.250 > (239.255.255.250) > Internet Group Management Protocol > Now the Gratuitous ARP comes. Just one. > No. Time Source Destination Protocol > Info > 33 15:31:12.480069 Azurewav_30:bc:95 Broadcast ARP > Who has 10.0.10.157? Tell 0.0.0.0 > > Frame 33 (42 bytes on wire, 42 bytes captured) Ethernet II, Src: > Azurewav_30:bc:95 (00:15:af:30:bc:95), Dst: Broadcast > (ff:ff:ff:ff:ff:ff) > Address Resolution Protocol (request) > > No. Time Source Destination Protocol > Info > 34 15:31:12.480210 10.0.10.157 224.0.0.252 IGMP > V2 Membership Report > > Frame 34 (46 bytes on wire, 46 bytes captured) Ethernet II, Src: > Azurewav_30:bc:95 (00:15:af:30:bc:95), Dst: > 01:00:5e:00:00:fc (01:00:5e:00:00:fc) > Internet Protocol, Src: 10.0.10.157 (10.0.10.157), Dst: 224.0.0.252 > (224.0.0.252) > Internet Group Management Protocol > > No. Time Source Destination Protocol > Info > 35 15:31:12.480245 10.0.10.157 239.255.255.250 IGMP > V2 Membership Report > > Frame 35 (46 bytes on wire, 46 bytes captured) Ethernet II, Src: > Azurewav_30:bc:95 (00:15:af:30:bc:95), Dst: > 01:00:5e:7f:ff:fa (01:00:5e:7f:ff:fa) > Internet Protocol, Src: 10.0.10.157 (10.0.10.157), Dst: > 239.255.255.250 > (239.255.255.250) > Internet Group Management Protocol > Heres 9 Gratuitous ARP from bc:95:81:00:00:0f for the same IP address 10.0.10.157. Who is this? Does this device run DHCP? The OUI bc:95:81 is not valid. > No. Time Source Destination Protocol > Info > 36 15:31:12.525878 bc:95:81:00:00:0f Broadcast ARP > Who has 10.0.10.157? Tell 0.0.0.0 > > Frame 36 (60 bytes on wire, 60 bytes captured) Ethernet II, Src: > bc:95:81:00:00:0f (bc:95:81:00:00:0f), Dst: Broadcast > (ff:ff:ff:ff:ff:ff) > Address Resolution Protocol (request) > > No. Time Source Destination Protocol > Info > 37 15:31:12.533467 bc:95:81:00:00:0f Broadcast ARP > Who has 10.0.10.157? Tell 0.0.0.0 > > Frame 37 (60 bytes on wire, 60 bytes captured) Ethernet II, Src: > bc:95:81:00:00:0f (bc:95:81:00:00:0f), Dst: Broadcast > (ff:ff:ff:ff:ff:ff) > Address Resolution Protocol (request) > > No. Time Source Destination Protocol > Info > 38 15:31:12.537248 bc:95:81:00:00:0f Broadcast ARP > Who has 10.0.10.157? Tell 0.0.0.0 > > Frame 38 (60 bytes on wire, 60 bytes captured) Ethernet II, Src: > bc:95:81:00:00:0f (bc:95:81:00:00:0f), Dst: Broadcast > (ff:ff:ff:ff:ff:ff) > Address Resolution Protocol (request) > > No. Time Source Destination Protocol > Info > 39 15:31:12.539246 bc:95:81:00:00:0f Broadcast ARP > Who has 10.0.10.157? Tell 0.0.0.0 > > Frame 39 (60 bytes on wire, 60 bytes captured) Ethernet II, Src: > bc:95:81:00:00:0f (bc:95:81:00:00:0f), Dst: Broadcast > (ff:ff:ff:ff:ff:ff) > Address Resolution Protocol (request) > > No. Time Source Destination Protocol > Info > 40 15:31:12.541225 bc:95:81:00:00:0f Broadcast ARP > Who has 10.0.10.157? Tell 0.0.0.0 > > Frame 40 (60 bytes on wire, 60 bytes captured) Ethernet II, Src: > bc:95:81:00:00:0f (bc:95:81:00:00:0f), Dst: Broadcast > (ff:ff:ff:ff:ff:ff) > Address Resolution Protocol (request) > > No. Time Source Destination Protocol > Info > 41 15:31:12.543854 bc:95:81:00:00:0f Broadcast ARP > Who has 10.0.10.157? Tell 0.0.0.0 > > Frame 41 (60 bytes on wire, 60 bytes captured) Ethernet II, Src: > bc:95:81:00:00:0f (bc:95:81:00:00:0f), Dst: Broadcast > (ff:ff:ff:ff:ff:ff) > Address Resolution Protocol (request) > > No. Time Source Destination Protocol > Info > 42 15:31:12.545738 bc:95:81:00:00:0f Broadcast ARP > Who has 10.0.10.157? Tell 0.0.0.0 > > Frame 42 (60 bytes on wire, 60 bytes captured) Ethernet II, Src: > bc:95:81:00:00:0f (bc:95:81:00:00:0f), Dst: Broadcast > (ff:ff:ff:ff:ff:ff) > Address Resolution Protocol (request) > > No. Time Source Destination Protocol > Info > 43 15:31:12.547597 bc:95:81:00:00:0f Broadcast ARP > Who has 10.0.10.157? Tell 0.0.0.0 > > Frame 43 (60 bytes on wire, 60 bytes captured) Ethernet II, Src: > bc:95:81:00:00:0f (bc:95:81:00:00:0f), Dst: Broadcast > (ff:ff:ff:ff:ff:ff) > Address Resolution Protocol (request) > > No. Time Source Destination Protocol > Info > 44 15:31:12.549569 bc:95:81:00:00:0f Broadcast ARP > Who has 10.0.10.157? Tell 0.0.0.0 > > Frame 44 (60 bytes on wire, 60 bytes captured) Ethernet II, Src: > bc:95:81:00:00:0f (bc:95:81:00:00:0f), Dst: Broadcast > (ff:ff:ff:ff:ff:ff) > Address Resolution Protocol (request) > The first PC gives up and sends a decline. > No. Time Source Destination Protocol > Info > 45 15:31:12.621206 0.0.0.0 255.255.255.255 DHCP > DHCP Decline - Transaction ID 0x1df18178 > > Frame 45 (342 bytes on wire, 342 bytes captured) Ethernet II, Src: > Azurewav_30:bc:95 (00:15:af:30:bc:95), Dst: Broadcast > (ff:ff:ff:ff:ff:ff) > Internet Protocol, Src: 0.0.0.0 (0.0.0.0), Dst: 255.255.255.255 > (255.255.255.255) > User Datagram Protocol, Src Port: bootpc (68), Dst Port: bootps (67) > Bootstrap Protocol > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch > For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch > > Look at the bc:95:81:00:00:0f-box. BR /Anders --------------------------------------------------------------------- To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch |