Something a bit odd started happening with my Yosemite install (rMPB 10,1) about 4 days ago:
I run a pfSense firewall at home, and use arpwatch as an additional package on this (for those unaware: it does an occasional scan of the network physical MAC addresses and produces a report. Mines set up to email me automatically any new or changed/spoofed addresses!)
I started getting alerts from arpwatch stating that the MAC address of my rMPB had changed, and then changed back again! This happens about 100 times a day, and always when connected to the wifi (so not during an intentional wifi scan etc). An example of the report email:
Then a few minutes later:
I rebooted the rMPB: no change.
I wondered if this was an issue specific to the wifi, but nope; when I plug in a thunderbolt ethernet adapter similar things happen (just with different MAC addresses!).
This is not an issue with arpwatch - all my other ~60 devices stay the same, as do my Macs that aren't running Yosemite DP2 (or DP1 update 1 rather....).
I wondered if this was specific to my mac itself, so fired up Parallels and kicked up 10 Yosemite VMs within all bridging the network, and after about a week of uptime the exact same thing happens with all the subsequent VMs!
I've posted the wifi details from system report at the bottom of this post!
The system report does not change MAC address when the system reports a different one, and I've validated the changes with other network scanning tools!
It appears under Yosemite on my home network occasionally the hardware addresses of network devices randomly report incorrect addresses!
Has anyone else experienced anything like this they've noticed? Could it be a potential privacy feature I'm missing?
I've not got any applications running that I think would cause this (besides the 10 VMs are all clean installs with nothing on them bar safari that just sit there and randomly change addresses!)
So yeah; just looking to see if anyone has any thoughts on the above or if they've noticed similar behaviour?
The only thing thats recently changed on my home network is the domain name from "knight.local" to "knighthome" (I didn't know bonjour doesn't work properly with .local domains until recently!)
I'm aware of the iOS feature of randomising MAC addresses when scanning for new APs for security, but I don't think this is that (it's always "fip flopping" between the two mac addresses listed above!
OS X System Report:
I run a pfSense firewall at home, and use arpwatch as an additional package on this (for those unaware: it does an occasional scan of the network physical MAC addresses and produces a report. Mines set up to email me automatically any new or changed/spoofed addresses!)
I started getting alerts from arpwatch stating that the MAC address of my rMPB had changed, and then changed back again! This happens about 100 times a day, and always when connected to the wifi (so not during an intentional wifi scan etc). An example of the report email:
Code:
hostname: MacBookPro.knighthome
ip address: 10.0.0.20
[B]ethernet address: 14:10:9f:d8:76:c5[/B]
ethernet vendor: <unknown>
old ethernet address: 20:c9:d0:14:40:df
old ethernet vendor: <unknown>
timestamp: Thursday, July 3, 2014 16:08:06 +0100
previous timestamp: Thursday, July 3, 2014 16:08:06 +0100
delta: 0 secondsThen a few minutes later:
Code:
hostname: MacBookPro.knighthome
ip address: 10.0.0.20
[B]ethernet address: 20:c9:d0:14:40:df[/B]
ethernet vendor: <unknown>
old ethernet address: 14:10:9f:d8:76:c5
old ethernet vendor: <unknown>
timestamp: Thursday, July 3, 2014 16:08:06 +0100
previous timestamp: Thursday, July 3, 2014 16:08:05 +0100
delta: 1 secondI rebooted the rMPB: no change.
I wondered if this was an issue specific to the wifi, but nope; when I plug in a thunderbolt ethernet adapter similar things happen (just with different MAC addresses!).
This is not an issue with arpwatch - all my other ~60 devices stay the same, as do my Macs that aren't running Yosemite DP2 (or DP1 update 1 rather....).
I wondered if this was specific to my mac itself, so fired up Parallels and kicked up 10 Yosemite VMs within all bridging the network, and after about a week of uptime the exact same thing happens with all the subsequent VMs!
I've posted the wifi details from system report at the bottom of this post!
The system report does not change MAC address when the system reports a different one, and I've validated the changes with other network scanning tools!
It appears under Yosemite on my home network occasionally the hardware addresses of network devices randomly report incorrect addresses!
Has anyone else experienced anything like this they've noticed? Could it be a potential privacy feature I'm missing?
I've not got any applications running that I think would cause this (besides the 10 VMs are all clean installs with nothing on them bar safari that just sit there and randomly change addresses!)
So yeah; just looking to see if anyone has any thoughts on the above or if they've noticed similar behaviour?
The only thing thats recently changed on my home network is the domain name from "knight.local" to "knighthome" (I didn't know bonjour doesn't work properly with .local domains until recently!)
I'm aware of the iOS feature of randomising MAC addresses when scanning for new APs for security, but I don't think this is that (it's always "fip flopping" between the two mac addresses listed above!
OS X System Report:
Code:
Wi-Fi:
Type: AirPort
Hardware: AirPort
BSD Device Name: en0
IPv4 Addresses: 10.0.0.20
IPv4:
AdditionalRoutes:
DestinationAddress: 10.0.0.20
SubnetMask: 255.255.255.255
DestinationAddress: 169.254.0.0
SubnetMask: 255.255.0.0
Addresses: 10.0.0.20
ARPResolvedHardwareAddress: 00:26:2d:02:dc:XX
ARPResolvedIPAddress: 10.0.0.1
Configuration Method: DHCP
ConfirmedInterfaceName: en0
Interface Name: en0
Network Signature: IPv4.Router=10.0.0.1;IPv4.RouterHardwareAddress=00:26:2d:02:dc:XX
Router: 10.0.0.1
Subnet Masks: 255.255.255.0
IPv6:
Configuration Method: Automatic
DNS:
Domain Name: knighthome
Server Addresses: 10.0.0.1
DHCP Server Responses:
Domain Name: knighthome
Domain Name Servers: 10.0.0.1
Lease Duration (seconds): 0
DHCP Message Type: 0x05
Routers: 10.0.0.1
Server Identifier: 10.0.0.1
Subnet Mask: 255.255.255.0
Ethernet:
MAC Address: 14:10:9f:d8:76:c5
Media Options:
Media Subtype: Auto Select
Proxies:
Exceptions List: *.local, 169.254/16
FTP Passive Mode: Yes
Service Order: 2
