Re: Apple devices spoofing default gateway?

[Simon Lockhart <simon () slimey org>]

On Thu Mar 14, 2019 at 12:53:01PM +0000, Mel Beckman wrote:
> Can you post some packet captures? 

I have some packet captures, but as they're from a live network, I'd rather
not post them publicly.
 
> I was a network engineer on the WiFi network at SFO, for both passengers and
> baggage scanners, with several hundred APs. Several times we were misled by
> packet captures that seemed to show client traffic causing network problems,
> such as packet storms, but which ultimately always had some more mundane
> cause, like a failed DHCP server or flapping switch interface. 

Sure - we're rattling every possible other cause we can think of, including
using alternative DHCP server software vendor, etc. The only thing that's
reliably making the problem go away is running the APs against WLC version 8.2.
 
> The particular SFO network I worked on has Juniper switching and Aruba APs,
> so it???s not directly applicable to your ecosystem. But the complexities of
> interpreting packet captures may apply.

I'm the sort of person who has copies of RFCs printed out on his desk. I'm 
fairly experienced at interpreting packet captures :)

Simon