Something weird happened today. We have a TP-LINK wifi router in our office distributing a pool of IPs 192.168.80-200. There are some windows and some linux boxes.
One of the linux boxes (CentOS) today booted up with IP 192.168.25.X.
I tried renewing the lease on my PC (Ubuntu) expecting to get 192.168.1.X, but here is what happened:
$ sudo dhclient r
$ sudo dhclient eth0
(long wait)
$ ifconfig eth0
inet addr:192.168.25.251
After a few minutes I renewed it again and it came with correct 192.168.1.81 (and from that point for now it is staying correct in every re-newal)
Where from that another network came up?
Later I remembered I could add -v to dhclient to see some more verbose info especially which DHCP server is responded to my request.
Could it be another DHCP server in our network I'm not aware of? I tried looking in /var/lib/dhcp leases but couldn't find traces of the 25th network.
It seems the windows PCs are not affected, only the linux boxes.
For Windows hosts, you could try the DHCPloc utility which is also available as part of the Support Tools package from the Windows installation CD/DVD:
then you'll know.
The reason why your hosts normally get addresses from the correct scope and only occasionally from the rogue scope could be because your TP-LINK rotuer usually responds faster but failed to do so at one time or the other.
To locate rogue servers you could:
tcpdump port 67 or port 68at the client side