[no longer relevant Q]

[willbeokay73]

* Through more research and getting further help, I have found my original problem/question no longer relevent and possibly unrelated to the topic that I have mentioned. To save time and prevent confusion to those who may be seeking help related to this issues, I have decided to edit out my rather long and now irrelevant questions. However, the answers given to me by those on this board who so kindly offered help are still valid. Every reply I've gotten here include useful and valuable information that requires no particular context.

 

[bill001g]

These are one of the hardest ones to find and fix. Because it is all broadcast protocols you can trust none of the information. This was such a huge issue with people bringing in home routers that almost every commercial switch/router has a feature called DHCP snooping to prevent it.

If this was commercial gear you could track the mac address of the DHCP offer packets though the switches and find the port it was plugged into.

Pretty much have to do the same thing only the hard way.

Option 1 if it will respond to ping. Pretty much ping the address continuously and unplug things until it stops responding. Wireless get a little more trick. You could turn it off completely but that would not tell you which device. Hopefully the router has the ability to kill off a wireless session with a command. You could I guess put in a mac filters one by one.

Now if ping doesn't work then it is much more work. Pretty much you do the same thing unplugging one thing at a time but instead of using ping you use DHCP which you know it responds to. You will need wireshark so you can see the packets being sent and received. Then you clear the DHCP information and force a refresh over and over. Would be nice if this would run like a continuous ping but it doesn't.

 

[willbeokay73]

-

 

[bill001g]

Ok I missed a something important in your first post.

"I have dynamic DHCP on both routers."

You got me side tracked on rouge DHCP server because most people do not even know what this problem is.

You absolutely can not do this. I assumed you were running your second router as AP and had disabled the DHCP.

You can run 2 routers by using 2 completely different subsets and hook the wan port of the second router to the lan of the first but this causes lots of other problems. So running the second router as a AP what most people do.

 

[willbeokay73]

-

 

[bill001g]

Only 1 device can really give out ip addresses in a network. I suspect your 2 routers are detecting each other as the rogue since they both assume they are the only server. You technically can use either router to be the server but the standard way is to let the router that has the gateway to the internet perform this function.

I have never run the software roguechecker so I can't say what it is doing. I normally use the brute force approach and use packet capture so i can see the data. All you do is have the PC ask for a IP and you will see DHCP offers from more than one mac address. In a properly functioning network you will only see one.

In general as long as your PC get valid IP and they have the proper gateway and DNS you have nothing to worry about. It is when this information is invalid especially the gateway is when you suspect there is a problem. It would be very rare for a virus/malware to try to spoof a DHCP server.

In most cases a second DHCP server will just break your network. For example say you configured the second router with a dhcp pool of 10.x.x.x. The machines would get IP but the main router that has the internet connection would not know how to route them and you would lose all access.

 

[willbeokay73]

-

 

[sg4rb0]

I cant be arsed to read all that. Basically 2 chances of problems, this is how you fix it.

-DHCP Snooping. Go to command prompt of a windows machine and type arp -a to check for the mac associated with the rogue DHCP Server.

-Duplicate gateway address responding faster. Check your machines IP's and make sure they ain't the gateway IP.

 

[ngrego]

There is no reason to make your life difficult by having two DHCP servers on your network.

You pointed out that you are a novice and thus have limited knowledge on networking, well having two DHCP servers on a network is bad practice!

If you want to solve your problem the first and most important thing to do is choose which router of the three is most capable, and set up the DHCP server on it and then turn off the DHCP from the other routers.

If you need to have static addresses on specific devices such as Routers, AP, TV, Game console, Media Player etc then start your DHCP address pool at 100 (for instance), manually add static addresses to the devices that need them and allow the remaining addresses for DHCP to issue to connecting clients.

For a PC to be working as a DHCP server it would need to be running a "Server OS", like Windows Server. If you do have any PCs running such an OS you would still have to set up DHCP manually for it to work. So the chances of that being the cause are probably slim.

There are a few ways to get around this problem but only one reasonable solution.

 

[willbeokay73]

-

 

[ngrego]

The advantage of assigning a static IP to a device in your network would be to accommodate any open ports it may need to work correctly (game console, PC or media device). It may also be an advantage if it should have a particular address like a network printer or NAS. Otherwise a simple reason (not particularly an advantage) would be because it is a device that will always be connected (like a smart TV or DLNA device). Finally in the case of a network device, you NEED a static IP so that you can find and configure it when you need to (VERY IMPORTANT).
Doing this will also take some "stress" off of your routers "duties".

If you do turn off the DHCP on a Wireless router it does work like a simple Ethernet switch but that's all you need it to do! The routing should only be done by a single device on a network. A secondary router (for me) should not even firewall, all of the incoming traffic is handled by the primary router and firewalled there so there is no point in that either.

As for the unknown IP, it's not a biggie either. If it is a freeloader, just change your wireless security setup. Change your SSID and Password, make sure everyone in your home knows it and that's that! A freeloader can only be wireless user, its not like someone can walk into your home and plug in a cable...