Ever since upgrading from 10.7.x to Mavericks 10.9.2 last week April 2014 there has been a very strange network experience during bootup.
When the computer is first booting up with everything fully connected (monitors, network, etc) there begins a very large dump of malformed network packets from the computer being sent out the network card into the network. This happens whether wifi is enabled or disabled and whether it is set to DHCP or static IP address.
The packets are 308 bytes in length. When viewed in wireshark the packets show up as "Unknown frame (Bogus Fragment)" and basically every bit is set to zero. Source and destination MAC address, everything. They are no IP packets... wireshark in fact thinks they are "Fiber Channel" packets which I think is just incorrectly interpreting these malformed packets.
To define "very large dump" of packets, the network link is 1-gig and it easily sends over 900 mbps of these packets, so millions of them within a minute. This is obviously very disruptive to the network as the switch unicast-floods them to all ports on the VLAN as the destination MAC address is not known. The computer starts doing them during the bootup phase and does not stop sending these packets until immediately after a user is chosen and password submitted and the login process is begun. Then the packets stop and everything operates completely normally. No abnormal behavior during normal operation is seen. There are no oddball applications, games, etc. It is primarily used as a workstation for programming/development in PHP and Perl.
Since this problem happens during the bootup it is difficult to see what processes that are running. I had the idea of using SSH to log into the computer before logging into the desktop but the IP address does not respond during bootup (no ARP or anything) until 10-15 seconds after the user login process has begun by which time the packets are no longer being sent.
A simple workaround appears to be to leave the network cable disconnected until after the user login process has been initiated, then connect the network cable and everything seems to work fine then.
This is obviously not ideal and clearly something is broken under the hood and googling has not led to any useful pointers or other cases. Any advice, suggestions, etc would be very appreciated!!
I've attached a small sample of packets from one of the pcap files showing the malformed packets. The attached file is malformed.zip
Thanks!!
When the computer is first booting up with everything fully connected (monitors, network, etc) there begins a very large dump of malformed network packets from the computer being sent out the network card into the network. This happens whether wifi is enabled or disabled and whether it is set to DHCP or static IP address.
The packets are 308 bytes in length. When viewed in wireshark the packets show up as "Unknown frame (Bogus Fragment)" and basically every bit is set to zero. Source and destination MAC address, everything. They are no IP packets... wireshark in fact thinks they are "Fiber Channel" packets which I think is just incorrectly interpreting these malformed packets.
To define "very large dump" of packets, the network link is 1-gig and it easily sends over 900 mbps of these packets, so millions of them within a minute. This is obviously very disruptive to the network as the switch unicast-floods them to all ports on the VLAN as the destination MAC address is not known. The computer starts doing them during the bootup phase and does not stop sending these packets until immediately after a user is chosen and password submitted and the login process is begun. Then the packets stop and everything operates completely normally. No abnormal behavior during normal operation is seen. There are no oddball applications, games, etc. It is primarily used as a workstation for programming/development in PHP and Perl.
Since this problem happens during the bootup it is difficult to see what processes that are running. I had the idea of using SSH to log into the computer before logging into the desktop but the IP address does not respond during bootup (no ARP or anything) until 10-15 seconds after the user login process has begun by which time the packets are no longer being sent.
A simple workaround appears to be to leave the network cable disconnected until after the user login process has been initiated, then connect the network cable and everything seems to work fine then.
This is obviously not ideal and clearly something is broken under the hood and googling has not led to any useful pointers or other cases. Any advice, suggestions, etc would be very appreciated!!
I've attached a small sample of packets from one of the pcap files showing the malformed packets. The attached file is malformed.zip
Thanks!!
