The Problem:
There is a phantom device on our network. We have a exlusion in the DHCP scope for 5 ip addresses. 192.168.0.155-200
One of our users reports that they see something on 192.168.0.159. Which they were about to use for a piece of their equipment they were installing. Sure enough, I ping the ip address and get a reply back from from the device.
So, I do an ARP -A and see what MAC address it reports back with. It reports back with an almost identical mac address as on of my servers, but that last digit in the 48 bit mac address is different.
So, I do another ping form another computer and sure enough it replied back, but this time when I do an arp -a and it reports back with a MAC address of our second server but off by last digit in the mac address.
Could this be a switch going bad? There is no NIC assigned this ip address or these mac addresses.
Best Answer
This could also be caused by Dell Open Manage Remote Access taking 0.159 by default on multiple servers. Doing an arp -a from multiple computers would result in different MAC addresses (always similar to the server on which Remote Access is on; usually one digit off) depending on what server you're being routed to.
This address wouldn't show up in DHCP under leases either.