[Dnsmasq-discuss] Problem when WinXP firewall is activated (d oes not reply to ping)

Raphaël HUCK raphael.huck at efixo.com
Thu Dec 7 16:53:24 GMT 2006 

>>> That does look like WinXP might be broken: I'd be interested in the 
>>> results of your tests.

With a Linux host (192.168.1.20) and a Windows host (192.168.1.21) 
connected to the router (192.168.1.1) and having their IP addresses via 
DHCP from dnsmasq, I stopped dnsmasq, unplugged the cables to the Linux 
and Windows hosts, started Wireshark on both Linux and Windows host, 
then plugged both cables back, and started dnsmasq.

Here's what happens (I put the time when each packet occur after the 
previous packet from the same host):

windows 0.0.0.0 -> 255.255.255.255 - DHCP Request
windows 0.0.0.0 -> 255.255.255.255 - DHCP Request (4 sec later)
windows 0.0.0.0 -> 255.255.255.255 - DHCP Request (9 sec later)

windows         -> Broadcast       - ARP Who has 192.168.1.21?
                                      Gratuitous ARP (16 sec later)

windows         -> Broadcast       - ARP Who has 192.168.1.21?
                                      Gratuitous ARP (1 sec later)

windows         -> Broadcast       - ARP Who has 192.168.1.21?
                                      Gratuitous ARP (1 sec later)

windows         -> Broadcast       - ARP Who has 192.168.1.1?
                                      Tell 192.168.1.21 (1 sec later)

router          -> windows         - ARP 192.168.1.1 is at xxx

windows 192.168.1.21-> 192.168.1.1 - ICMP Echo (ping) request
                                                 (0 sec later)

router  192.168.1.1-> 192.168.1.21 - ICMP Echo (ping) reply



The Windows host seems to send broadcast DHCPREQUEST rebinding messages 
[Option: (t=50,l=4) Requested IP Address = 192.168.1.21], and after 
having no replies after 3 tries, checks 3 times if its currents IP 
address (192.168.1.21) is attributed with someone else via an ARP request.

As it doesn't have any reply, it does an ARP request with the DHCP 
server IP address (router), then pings it to check if it's still up.

As nobody has its current IP address (192.168.1.21) and the DHCP server 
is still up (and maybe its lease is not yet expired), it decided to keep 
192.168.1.21.

Am I right?



>> Again, I'll have to check with Wireshark on Monday. Why do you think it's
>> WinXP the problem?
> 
> As far as I can see, the only order of events which could get to the 
> situation you see is:
> 
> Linux box has lease on 192.168.1.20
> router reboots (and clears leasefile)
> Windows box takes a lease and gets 192.168.1.20
> 
> If the ARP check had worked during the windows box lease-aquisition, it 
> would have seen the Linux box on 192.168.1.20, and taken an alternative 
> address.

I was not able to reproduce the problem while sniffing with Wireshark, 
but apparently the Windows XP host does the ARP check.


> Cheers,
> 
> Simon.

Cheers,

--Raphael

More information about the Dnsmasq-discuss mailing list