Odd network behavior since upgrading to Mavericks

Discussion in 'OS X Mavericks (10.9)' started by jkrejci, Apr 30, 2014.

  1. jkrejci macrumors newbie

    Apr 30, 2014
    Ever since upgrading from 10.7.x to Mavericks 10.9.2 last week April 2014 there has been a very strange network experience during bootup.

    When the computer is first booting up with everything fully connected (monitors, network, etc) there begins a very large dump of malformed network packets from the computer being sent out the network card into the network. This happens whether wifi is enabled or disabled and whether it is set to DHCP or static IP address.

    The packets are 308 bytes in length. When viewed in wireshark the packets show up as "Unknown frame (Bogus Fragment)" and basically every bit is set to zero. Source and destination MAC address, everything. They are no IP packets... wireshark in fact thinks they are "Fiber Channel" packets which I think is just incorrectly interpreting these malformed packets.

    To define "very large dump" of packets, the network link is 1-gig and it easily sends over 900 mbps of these packets, so millions of them within a minute. This is obviously very disruptive to the network as the switch unicast-floods them to all ports on the VLAN as the destination MAC address is not known. The computer starts doing them during the bootup phase and does not stop sending these packets until immediately after a user is chosen and password submitted and the login process is begun. Then the packets stop and everything operates completely normally. No abnormal behavior during normal operation is seen. There are no oddball applications, games, etc. It is primarily used as a workstation for programming/development in PHP and Perl.

    Since this problem happens during the bootup it is difficult to see what processes that are running. I had the idea of using SSH to log into the computer before logging into the desktop but the IP address does not respond during bootup (no ARP or anything) until 10-15 seconds after the user login process has begun by which time the packets are no longer being sent.

    A simple workaround appears to be to leave the network cable disconnected until after the user login process has been initiated, then connect the network cable and everything seems to work fine then.

    This is obviously not ideal and clearly something is broken under the hood and googling has not led to any useful pointers or other cases. Any advice, suggestions, etc would be very appreciated!!

    I've attached a small sample of packets from one of the pcap files showing the malformed packets. The attached file is malformed.zip


    Attached Files:

  2. BrianBaughn macrumors 603


    Feb 13, 2011
    Baltimore, Maryland
    Yeah...I've noticed this, too. Just kidding.

    Did you try booting into single-user or verbose mode to see at what stage the packets are sent?
  3. jkrejci thread starter macrumors newbie

    Apr 30, 2014
    Thank you for the info/suggestion!

    Neither single user mode or verbose mode displayed any kind of helpful information. There was a brief flash of a message for like one second that indicated it was booting into single user or verbose mode then it continued to boot to the login screen as normal. In both cases the network behavior persists.

    Additionally I figured out that when the problem is happening, while for example just sitting at the login screen, if I disconnect the network cable for a couple of seconds and then re-connect it the problem goes away, until the next reboot.

    Being a Linux user primarily I just don't have much experience in dealing with OSX and tinkering under its hood as I am used to doing in Linux.

    Possibly related, the hard drive is encrypted using the built in Apple disk encryption utility.

    I would guess a fresh install of OSX would clear this up but would of course rather have a simpler solution if one is to be found. Of course this is out of apple support but getting support through Apple may be the next step.
  4. dayhkr macrumors newbie

    Aug 4, 2014
    Couple of questions

    I am seeing some of these type of issues and was wondering if you are using Trend Micro Security for MAC or Parallels? I am trying to narrow this issue down as well.
  5. jkrejci thread starter macrumors newbie

    Apr 30, 2014
    No Trend Micro but VMWare is installed and rarely used, though it looks like various vmware services are started automatically on boot. I will take a crack at attacking it from that angle, perhaps by trying to re-install vmware or something.
  6. dayhkr macrumors newbie

    Aug 4, 2014
    More info

    I am not running any version of Vmware so that might not be the issue I will do some digging on this side too and see what I come up with.

Share This Page