PDA

View Full Version : Weird Subnet Mask and Public IP's - Sorta Long


Custom Search


unisys12
07-27-2007, 05:46 AM
Hey guys! I wanted to get everyones input on a little topic of conversation around our shop for the past few weeks. About a month ago, I set up a new machine at an account and although it should have been a 20 min or so job, it has turned into 3 week long nightmare.

The first sign of things going wrong was when I sat down at the first PC and ran IPCONFIG /ALL. First, I noticed the IP address was not in a private range and neither was their default gateway. But my eyebrows really perked when I saw a subnet mask of 255.255.254.0. :eek:

Last week, we get a phone call from the customer in which I installed the machine and he broke hell loose! He said that one of the PC's in the office had not been able to print since I left. Now, I know this is not true because I still have the windows test page on file that I printed from each PC in the office (little habit of mine). So I call the office in question and ask one of the girls to rerun IPCONFIG /ALL for me. Guess what! Not only had the IP changed (last three octets actually), but the default gateway was way different and the subnet mask was now 255.255.251.0. The girls said that no one had changed anything on the PCs or at the office since I had been there last, even though the reason this PC could not print was because the print driver had been deleted. I called the owner back and asked if he had changed out one of his routers or hubs and the answer was no. I explained that the PC was printing again and he was happy.

Two days later... Same thing, but this time the driver was not only deleted, but the PC was off the network. She was still online, just not able to see anything other than her own PC on the network when browsing. INTERESTING!!

Now, as I mentioned before, all the IP's in use were public IP address. My boss and I were talking about this the other morning and we did a tracert on one of the IP's and it came back as a comcast IP, which makes perfect sense because comcast is their ISP. Only problem is that we were ping the IP of the of the PC's in their office. Now that's public!!

So late this afternoon, I get a call from another store owned by the same customer and she could not print. Come to find out someone had created a copy of her print driver and it was set to default, but with no network settings. After deleting the copied driver, she was fine, but I asked her to run IPCONFIG /ALL for me and guess what... public IP for the PC, the gateway, but her subnet mask was 255.255.0.0, which actually fits her IP class/range.

Since you guys have all the background now... and yeah, it was alot! Why in the hell would someone have a subnet mask such as 255.255.254? And why are all the hubs in all their offices set at public IP's? I know this is why the PC's have public IP's, but why would someone do that. I mean, to my untrained eye I would call the person either ignorant or plain stupid. But, I have only been connecting machines for a little over a year now, so there might be something I'm missing. We are trying to convince the customer that he needs to rework the networks in all his stores (7 of them), but... well I'm posting here so :(

Any help in explaining this would be greatly appreciated. :cool:

Copier_Guy
07-27-2007, 02:36 PM
I'm curious, do they have a server set up to manage their network IPs or are they getting their IPs directly from Comcast through their router?

It sounds like they may be getting their addresses directly from Comcast, which may be why the addresses and subnet masks are changing. Are the Addresses changing also?

unisys12
07-27-2007, 03:01 PM
Yes, the addresses of the PC's are changing every time they reboot one. That makes sense to me since windows is using DHCP to acquire them. And yeah, since the all the IP's are from comcast, thay must not have a server to assign them. They do have a server in each of the buildings, but from what the owner of the stores has told us, it is only used to connect his office to the remote office as well as running security camera software.

But hey... after doing some more reading this morning, I found this article pretty helpful Subnetwork - Wikipedia, the free encyclopedia (http://en.wikipedia.org/wiki/Subnet_mask) This article shed some light on the subnet mask issue I asked about. Taken into account that this customer is remotely connected to each office and using "GoToMyPC" to do it :rolleyes:, I feel that all of this is a botched attempt at setting up subnets across the internet. It's the only explanation I can come up with.

In other words, most company's would set up a WAN and assign each segment a subnet. Well, this guys is trying to run this particular store as a segment and using the internet as his WAN.

The customer has told us that he had alot of issues setting up this store and has had issues from day one. I can see why! Not only is the attempted subnetting botched I think, but it is also insecure. He is running AVG firewall on each PC, but that's it. The free version.

Copier_Guy
07-27-2007, 03:52 PM
There you go. Those subnet masks are being generated by Comcast, which is what I thought. They're actually not crazy, as I'm sure you found out. They are just the engineers at comcast creating different subnets using Variable Subnet Masking. Your customer needs to stop being so cheap and setup his network properly. It sounds like he already has the equipment, considering he already has 2 servers. Maybe the servers don't have the resources he needs, but an upgrade can always take care of that and it's alot cheaper than buying new equipment. Well, it sounds as if your printing issues are not over. I hope you guys are billing him/her for the extra calls. That'll provide motivation.

Good Luck.

Tonerbomb
07-27-2007, 10:17 PM
This network is ripe for the pickin'. They should set up their own wan or vpn behind a firewall. Hackers love this stuff.

unisys12
07-28-2007, 02:18 AM
Well, one of the owners of the company I work for does connectivity too and I told him everything I learned last night on this topic... basically what I posted here this morning. He called the customer, but since I have been out of the office all day I don't know what the customer is going to do or what he said.

And yes, the customer has been notified that if we come down it will cost him because his contract does not cover network support and the machine is about a three hour and 20 min drive away. So he would get hit pretty hard with travel charges too!

But all in all, it has been a great learning experience for me too. Like I said before, I have only been connecting machines for a little over a year or so and this was a new one for me. Nothing like "On the Job Training!". :) Thanks for all the input guys. If anything else turns up of much interest, I will let everyone know.

Copier_Guy
07-28-2007, 04:28 AM
Yeah, that was a good one. That Network stuff is real interesting. It'll send you home with a headache some days, especially in large networks that weren't setup properly.

mckinley
07-30-2007, 08:32 AM
reading through these posts i don't see any mention of why they use 255.255.254.0 , because it costs money to lease IP addresses, if people require extra IP's than they would get from 255.255.255.0 ( say they needed 300 ip's but the 255.255.255.0 only gives them 254 possibilities ) they have the last .255 changed to 254, this then gives them an extra 255 ip's on top of their 254 already available.
i come across this a fair amount over here in the uk. hope that clarifies the subnet if you haven't already done so. :)

Cipher
07-30-2007, 09:14 AM
DHCP works well when address allocation is managed well by I.T admin (at least on a larger scale).
But I would never let a external thrid party DHCP server that you have no control over allocate addresses on a local network, that is asking for trouble.

unisys12
08-01-2007, 04:16 AM
Hey guys, thought I would let everyone know that we got everything worked out with this customers network today.

As I had said before, one of the owners talked with the customer about their situation. Well, today the customer was able to travel to the office in question and take a look at things. After my boss was on and off the phone with him throughout the whole day, helping him, we found out that they did not have a hub in the office at all. What I thought were hubs, were actually switches. This explains why the PC's had public IP's since cable coming out of the cable modem was going straight into a switch, with each of the PC's connected as well as the MFP. Their video security system was ran into the same switch as well.

Anyway, the customer bought a cable modem with a 5 port hub/router, installed it and his problems were solved. :cool:

I assume a certain amount of blame here! If I knew enough about IP's and networking when all this came about, I could have helped resolve the issue right then and there. If not, I could have at least got them on the right path and not a freaking month later. If I would have just picked the stupid thing up and look at it closer, I would have seen it was a switch and not a hub. :( My boss tells me that it's not a big deal because most techs would have just assumed something else was going on, like I did, and just told the customer that they had to get it fixed. Left them hanging and nothing would have ever gotten done about it. At least we figured out what was going on and helped them resolve it.

I am currently studying for the A+ exam (planning on going for the IT Tech) and next I will take the NET+. I started studying for the A+ just because I have not tried to keep up with computers in a long while and after going to school in Atlanta a few weeks ago, I decided that I really needed to catch up on all that. So, one of the students in my 3535 class gave me a crap load of study guides to use covering a whole bunch of different exams. Actually, the Net+ study guide is the one that helped me get my head around this issue.

Oh well, this was a weird issue that I'm sure not too many have seen and glad that I was able to share it with everyone. Mainly since it turned out to be something so simple and easily overlooked.:)

Copier_Guy
08-01-2007, 05:25 AM
It was good work on your part anyway. You'll learn and just to make sure that you do, for the sake of taking the test, the difference between a Hub a Switch and a Router are significant. A hub is a dumb data transfer device that will transfer data out of every port except the receiving port. A Switch is a smart Hub that can filter MAC address information by storing address information and sending the data to the destination from memory. If the address isn't in memory, (like the first time that address is called upon it will forward it to every port until it gets an answer. Then it stores that address into memory also and filters it from then on.) A router routes data by IP address and subnet masks between segments. Very different functions. It will be on the test, so know that stuff. It also helps in trouble shooting.

Cipher
08-01-2007, 09:16 AM
Good luck with your A+ unisys12.

CompTIA updated the objecttives in 2006 to include more recent advancements (which is a good thing).
When I took mine it was all MS-DOS and Windows 95/98/2000 and older obsolete hardware questions they asked.

TonerMonkey
08-05-2007, 11:54 PM
I assume a certain amount of blame here! If I knew enough about IP's and networking when all this came about, I could have helped resolve the issue right then and there. If not, I could have at least got them on the right path and not a freaking month later. If I would have just picked the stupid thing up and look at it closer, I would have seen it was a switch and not a hub. :(

I certainly wouldn't beat myself up about a customer trying to do things on the cheap, it tells you as a troubleshooter what to look out for at that client's locations and you can be ready for them next time.

The most important thing is that you found and even more importantly understood the solution to the problem and you've learned something from it.

Heads up and on to the next one !!!!!!!!!!! :D

Custom Search