odd DUP! issue with ping

[oakz]

Hi,
am hoping someone can help me out here.
I have a mostly static IP laydown on a home network.
Quite a few devices.
some wired, some wireless.
I can go into great detail if someone would like, but a quick question:

On my wireless laptop, with static IP, when I ping my broadband router (thus it must hop through the wireless access point), i get DUP! replies.
if that's not odd enough, the other "reply" address is not even in my network!

see below:
oakz-MacBook-Pro:~ oakz$ ping 192.168.2.1
PING 192.168.2.1 (192.168.2.1): 56 data bytes
64 bytes from 192.168.2.1: icmp_seq=0 ttl=64 time=2.253 ms
64 bytes from 192.168.1.92: icmp_seq=0 ttl=255 time=6.462 ms (DUP!)
64 bytes from 192.168.2.1: icmp_seq=1 ttl=64 time=2.449 ms
64 bytes from 192.168.1.92: icmp_seq=1 ttl=255 time=6.783 ms (DUP!)
64 bytes from 192.168.2.1: icmp_seq=2 ttl=64 time=2.204 ms
64 bytes from 192.168.1.92: icmp_seq=2 ttl=255 time=6.491 ms (DUP!)
64 bytes from 192.168.2.1: icmp_seq=3 ttl=64 time=2.172 ms
64 bytes from 192.168.1.92: icmp_seq=3 ttl=255 time=6.591 ms (DUP!)

my router is 192.168.2.1(static)
my laptop is 192.168.2.203(static)
my access point is 192.168.2.200(static)

why do i get dupes and what the heck is this 192.168.1.92 device!?

 

[sinshiva]

sounds like a swsitching loop, how many routers and such are you using and what are they? you should try enabling STP, spanning-tree protocol on all your routers, etc

 

[oakz]

hi, ok - here's my lay down:

fibre from curb into ONT.
ONT into bell supplied actiontec router.(with wireless disabled).
actiontec router with 3 wired connections:
1) a magic jack voip box
2) a switch (netgear unmanaged)
3) a switch (linksys unmanaged)

off the netgear switch, is a home security zwave box, a airport extreme (in bridge mode) and a swann dvr-surveillance camera system.

off the link sys switch is a NAS.

most other items in the home are wireless devices that connect to the airport extreme, or either of 2 airport expresses which are set to "extend a wireless network".

the actiontec is the DHCP server, with a block of IP's from 10-99
(192.168.2.10 - 192.168.2.99)
most of my devices actually have static IP assigned, at values of 100 and up.
aka - 192.168.2.101, 102, etc.

note: the dup is saying its from 192.168.1.92 ! besides being odd to have a dupe, what's with the oddball 3rd octet (.1.92) My router is 192.168.2.1 and I would not expect any device, static or DHCP on the .1.xxx network.

note: if i ping the airport extreme from the laptop, i don't see dup. but even if i ping google.ca from the laptop, i get em:

ping 192.168.2.200
PING 192.168.2.200 (192.168.2.200): 56 data bytes
64 bytes from 192.168.2.200: icmp_seq=0 ttl=255 time=2.454 ms
64 bytes from 192.168.2.200: icmp_seq=1 ttl=255 time=1.152 ms
64 bytes from 192.168.2.200: icmp_seq=2 ttl=255 time=1.843 ms

ping google.ca
PING google.ca (74.125.226.223): 56 data bytes
64 bytes from 192.168.1.92: icmp_seq=0 ttl=255 time=5.482 ms
64 bytes from 74.125.226.223: icmp_seq=0 ttl=57 time=18.521 ms (DUP!)
64 bytes from 192.168.1.92: icmp_seq=1 ttl=255 time=6.510 ms
64 bytes from 74.125.226.223: icmp_seq=1 ttl=57 time=17.478 ms (DUP!)
64 bytes from 192.168.1.92: icmp_seq=2 ttl=255 time=6.562 ms
64 bytes from 74.125.226.223: icmp_seq=2 ttl=57 time=20.063 ms (DUP!)

this DUP! always seems to originate from this rogue IP 192.168.1.92
do I have some kind of ghost/parasite device on my home network!?

 

[sinshiva]

the IP probably belongs to an unmanaged switch. you could try playing with them to see which is causing the issue and seeing if a swap alleviates the problem

 

[oakz]

Hi,
i will remove them one at a time and see what the issue is. (there are 2 or 3 in my network).

however, it is my understanding that an unmanaged switch has neither an IP or MAC address.

and even if it did, where would it be getting it assigned from? the .1.92 is not part of my DHCP pool. also, why would it be replying to pings at google.com or to my router "proper"?

 

[oakz]

solved!

Hi, so the first switch i removed was the culprit.
Upon closer inspection, although it was "unmanaged", it was a net gear pro safe gs105e... which is like "light" managed... i didn't even realize i had that capability in that switch! it has vlans, port mirroring, etc.
I took it out of the network and voila... no more "DUP!"

i would never have really thought to ever look at my switches, as I thought they were all "dumb" switches. this one had a MAC (written on a sticker on the bottom), and clearly has other capabilities besides switching.

cheers

 

[stevech]

the IP probably belongs to an unmanaged switch. you could try playing with them to see which is causing the issue and seeing if a swap alleviates the problem

How can an unmanaged switch have an IP address?

 

[sinshiva]

well, i figured some 'unmanaged' switches probably have some kind of network layer, even if it's transparent, built into whatever OS. If you are seeing ICMP messages, something has a network layer and thus an IP address. since all of his devices are accounted for, that left the unmanaged switches.