IP Address Conflicts: How They Happen, How to Find Them, How to Prevent Them Forever
Windows announces it with a balloon: "There is an IP address conflict with another system on the network." macOS phrases it more politely: "Another device on the network is using your computer's IP address." Either way, something on your network just broke, and it broke in the most maddening way possible, intermittently. An IP (Internet Protocol) address conflict means two devices on the same network are claiming the same address at the same time, and because of how networks deliver traffic, both devices suffer. This guide covers the full arc: why a duplicate address breaks things, how to hunt down the offending device while the network is still misbehaving, and how to arrange your network so conflicts stop happening at all.
To understand why a conflict is so disruptive, you need one piece of plumbing. Devices on a local network deliver traffic to each other using hardware identifiers called MAC (Media Access Control) addresses, which are burned into each network interface at the factory. IP addresses are the directory on top of that, and the translation between the two is handled by ARP (Address Resolution Protocol). When your computer wants to reach 192.168.1.50, it broadcasts a question to the whole network segment, "who has 192.168.1.50?", and the owner replies with its MAC address. Your computer caches that answer and starts sending traffic to it. When two devices both believe they own 192.168.1.50, both answer, and every device on the network believes whichever reply arrived last. Traffic meant for the printer flows to the laptop, then back to the printer, then to the laptop again as caches expire and the race reruns.
That race is why the symptoms feel haunted. Connections work, then drop, then work again without anyone changing anything, because the path to the address flips every time the ARP race resolves differently. The classic signs: a device responds to ping and then stops, file transfers die partway through, a reboot fixes everything for an hour, and two specific devices always seem to fall over around the same time. If you see intermittent failures pinned to one address while the rest of the network hums along, think conflict before you think bad cable.
Conflicts come from a short list of causes, and the most common one is a human typing an address that was already taken. Someone configures a new device by hand, checks a spreadsheet that says .50 is free, and the spreadsheet is wrong because it drifted from reality months ago, a failure mode we examined in our look at spreadsheet-based IP management. The second classic cause is a DHCP pool that overlaps hand-assigned addresses. DHCP (Dynamic Host Configuration Protocol) is the service that leases addresses to devices automatically, and it knows nothing about the addresses people typed into devices directly, so a pool that covers the same range will eventually lease a taken address to whatever laptop asks next. Our guide to DHCP, static addresses, and reservations shows how to carve a subnet so those ranges can never touch.
The third cause is a second DHCP server answering requests it shouldn't, usually called a rogue DHCP server, and it is sneakier than it sounds. The typical culprit carries no malice at all: someone plugs a home Wi-Fi router into an office wall jack to get more ports or better signal, and the router's built-in DHCP server, wired into the office network through one of its LAN (local area network) ports, starts cheerfully answering lease requests with addresses from its own factory-default range. Now two servers hand out overlapping or mismatched leases, and devices end up with duplicate addresses or the wrong gateway entirely. Virtualization adds a quieter variant: clone a VM (virtual machine, a computer running in software) that had a static address, boot the copy, and the original and the clone wake up claiming the same address.
Now the part you came for if your network is broken right now: finding the culprit. The conflicted address is in the error message, so start by pinging it from any machine on the same network, then inspect that machine's ARP table to see which MAC address answered. The MAC is your fingerprint.
Finding who answers for a conflicted address
# Windows (Command Prompt)
ping 192.168.1.50
arp -a | findstr 192.168.1.50
# macOS / Linux (Terminal)
ping -c 3 192.168.1.50
arp -a | grep 192.168.1.50
# The reply looks like:
192.168.1.50 a4-83-e7-2f-91-0c dynamicRun that check a few times over a few minutes. If the MAC address changes between checks, you are watching the two devices fight in real time, and you now have both fingerprints. The first half of a MAC address identifies the manufacturer, and any free online "MAC vendor lookup" will translate a4:83:e7 into Apple or HP or Hikvision, which often identifies the offender immediately ("why is a security camera answering for the mail server's address?"). On a managed office switch, you can go further and search the switch's own MAC table to find the exact port the device is plugged into, which turns a mystery into a cable you can follow. If you suspect a rogue DHCP server instead, check which server a freshly connected device got its lease from (ipconfig /all on Windows shows the "DHCP Server" line), and if that address belongs to no server you own, follow the same MAC-tracing steps to find the uninvited router.
Stopping the bleeding is usually quick once you know who is fighting. Change one device's address to a genuinely free one, or correct the typo in the static configuration, or unplug the rogue router and let devices renew their leases. The fix takes five minutes. The diagnosis is what eats the afternoon, and that asymmetry is worth sitting with, because it points at the real problem: a conflict can only happen when two sources of truth about the network disagree, whether that is a spreadsheet versus reality, a DHCP pool versus a sticky note, or one server versus another.
Prevention, then, is about collapsing those into one source of truth that everything else defers to. Carve each subnet so static assignments, reservations, and the DHCP pool each own a non-overlapping range, the layout our assignment guide walks through. Record every assignment in a system that enforces uniqueness, which is the core job of an IPAM (IP Address Management) tool: IPCraft will refuse to register the same address twice in a subnet, can hand out the next genuinely available address on request (including through its API, so your automation draws from the same well as your engineers), and tracks a status for every address so a stale entry is visible instead of invisible. Teams that adopt this discipline largely stop having conflicts, a shift we documented among the signs you've outgrown manual IP tracking. For the rogue-server problem, managed switches offer a feature called DHCP snooping, which tells the switch to discard DHCP replies arriving on any port except the ones where your real server lives, so the next helpfully plugged-in home router shouts into a void.
A closing note of optimism: this entire problem class is fading as networks adopt IPv6 (Internet Protocol version 6, the successor protocol with a vastly larger address space). IPv6 devices perform Duplicate Address Detection, probing the network to confirm an address is unclaimed before using it, and the astronomical size of each subnet makes accidental collisions nearly impossible anyway, two design choices we touch on in our guide to IPv6 address planning. Until your network lives fully in that future, the recipe stands: recognize the intermittent signature, pull the MAC address from the ARP table, trace it to a device, and then spend an hour setting up non-overlapping ranges and a single authoritative record so you never run the hunt again.