The best way is to send ARP packets to that IP address. All the machines with same IP will revert with the MAC address. If you are using any security solution block those MAC address or if you are using some tools to manage your asset you can clearly find out which users have the duplicate IPs. Hope this helps. - Sudhanshu ================ Nmapis a very good network scanning tool. According to the nmap website it can do an <a href="http://nmap.org/book/man-host-discovery.html">arp scan on the local subnet</a>: <i>-PR (ARP Ping) One of the most common Nmap usage scenarios is to scan an ethernet LAN. On most LANs, especially those using private address ranges specified by RFC 1918, the vast majority of IP addresses are unused at any given time. When Nmap tries to send a raw IP packet such as an ICMP echo request, the operating system must determine the destination hardware (ARP) address corresponding to the target IP so that it can properly address the ethernet frame. This is often slow and problematic, since operating systems weren't written with the expectation that they would need to do millions of ARP requests against unavailable hosts in a short time period. ARP scan puts Nmap and its optimized algorithms in charge of ARP requests. And if it gets a response back, Nmap doesn't even need to worry about the IP-based ping packets since it already knows the host is up. This makes ARP scan much faster and more reliable than IP-based scans. So it is done by default when scanning ethernet hosts that Nmap detects are on a local ethernet network. Even if different ping types (such as -PE or -PS) are specified, Nmap uses ARP instead for any of the targets which are on the same LAN. If you absolutely don't want to do an ARP scan, specify --send-ip.</i>

The best way is to send ARP packets to that IP address. All the machines with same IP will revert with the MAC address. If you are using any security solution block those MAC address or if you are using some tools to manage your asset you can clearly find out which users have the duplicate IPs. Hope this helps. - Sudhanshu ================ <a href="http://nmap.org">Nmapis</a> a very good network scanning tool. According to the nmap website it can do an <a href="http://nmap.org/book/man-host-discovery.html">arp scan on the local subnet</a>: <i>-PR (ARP Ping) One of the most common Nmap usage scenarios is to scan an ethernet LAN. On most LANs, especially those using private address ranges specified by RFC 1918, the vast majority of IP addresses are unused at any given time. When Nmap tries to send a raw IP packet such as an ICMP echo request, the operating system must determine the destination hardware (ARP) address corresponding to the target IP so that it can properly address the ethernet frame. This is often slow and problematic, since operating systems weren't written with the expectation that they would need to do millions of ARP requests against unavailable hosts in a short time period. ARP scan puts Nmap and its optimized algorithms in charge of ARP requests. And if it gets a response back, Nmap doesn't even need to worry about the IP-based ping packets since it already knows the host is up. This makes ARP scan much faster and more reliable than IP-based scans. So it is done by default when scanning ethernet hosts that Nmap detects are on a local ethernet network. Even if different ping types (such as -PE or -PS) are specified, Nmap uses ARP instead for any of the targets which are on the same LAN. If you absolutely don't want to do an ARP scan, specify --send-ip.</i>