Looking for possible causes. The issue is I have one system where the
MAC address has changed for no apparent reason.
The system is a MSI B75MA-G43 motherboard with on board
RTL8111/8168/8411 PCI Express Gigabit Ethernet Controller with Ubuntu
22.04.2 LTS desktop. NIC set to DHCP, and I have a Ubuntu server with
local DNS and DHCP server with a LAN pool where I set this client's IP
by matching the MAC address. Straight forward and easy. Been working for years. For the third time this year the MAC address has changed where
client has the wrong IP breaking my LAN backup system. My OCD nature I comment changes to record things so server's dhcpd.conf:
...
# 2023-03-04 Not sure how but Kenny's mac address changed
# 2023-06-23 Dang Kenny's mac changes again
# 2023-06-29 Kenny is back to previous MAC
...
host kenny {
#hardware ethernet 1e:2b:ad:33:12:64;
hardware ethernet d4:3d:7e:b6:ba:a8;
fixed-address 192.168.57.132;
}
Those are the two MAC addresses that NIC keeps switching so this morning
if failed recorded by dhcp server lease file /var/lib/dhcp/dhcpd.leases:
lease 192.168.57.193 {
starts 4 2023/06/29 09:34:30;
ends 4 2023/06/29 21:34:30;
cltt 4 2023/06/29 09:34:30;
binding state active;
next binding state free;
rewind binding state free;
hardware ethernet 1e:2b:ad:33:12:64; <-NOTE MAC now back to this...
uid "\001\036+\2553\022d";
client-hostname "kenny";
}
Confirmed on client Kenny:
2: enp3s0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel
state UP group default qlen 1000
link/ether 1e:2b:ad:33:12:64 brd ff:ff:ff:ff:ff:ff
inet 192.168.57.193/24 brd 192.168.57.255 scope global dynamic noprefixroute enp3s0
valid_lft 28111sec preferred_lft 28111sec
inet6 fe80::1feb:64a7:bae6:90da/64 scope link noprefixroute
Now last Friday when I debugged this ip addr command confirmed at the
time the MAC address was d4:3d:7e:b6:ba:a8 and not 1e:2b:ad:33:12:64.
Now it is 1e:2b:ad:33:12:64. HOW? I am not spoofing the MAC with NetworkManger on Kenny(*). This is an Ethernet and not WiFi with
software MAC switching "pseudo-security" measure some employ on Wifi. I
have not recently updated BIOS on this system, so where should I look
for cause? Puzzled.
(*)Hostname South Park reference: original machine before rebuild from scratch with new parts was cobbled together from used systems expecting
a "Hey they killed Kenny" moment at any time.
Looking for possible causes. The issue is I have one system where the
MAC address has changed for no apparent reason.
The system is a MSI B75MA-G43 motherboard with on board
RTL8111/8168/8411 PCI Express Gigabit Ethernet Controller with Ubuntu
22.04.2 LTS desktop. NIC set to DHCP, and I have a Ubuntu server with
local DNS and DHCP server with a LAN pool where I set this client's IP
by matching the MAC address. Straight forward and easy. Been working for years. For the third time this year the MAC address has changed where
client has the wrong IP breaking my LAN backup system. My OCD nature I comment changes to record things so server's dhcpd.conf:
...
# 2023-03-04 Not sure how but Kenny's mac address changed
# 2023-06-23 Dang Kenny's mac changes again
# 2023-06-29 Kenny is back to previous MAC
...
host kenny {
#hardware ethernet 1e:2b:ad:33:12:64;
hardware ethernet d4:3d:7e:b6:ba:a8;
fixed-address 192.168.57.132;
}
Those are the two MAC addresses that NIC keeps switching so this morning
if failed recorded by dhcp server lease file /var/lib/dhcp/dhcpd.leases:
lease 192.168.57.193 {
starts 4 2023/06/29 09:34:30;
ends 4 2023/06/29 21:34:30;
cltt 4 2023/06/29 09:34:30;
binding state active;
next binding state free;
rewind binding state free;
hardware ethernet 1e:2b:ad:33:12:64; <-NOTE MAC now back to this...
uid "\001\036+\2553\022d";
client-hostname "kenny";
}
Confirmed on client Kenny:
2: enp3s0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel
state UP group default qlen 1000
link/ether 1e:2b:ad:33:12:64 brd ff:ff:ff:ff:ff:ff
inet 192.168.57.193/24 brd 192.168.57.255 scope global dynamic noprefixroute enp3s0
valid_lft 28111sec preferred_lft 28111sec
inet6 fe80::1feb:64a7:bae6:90da/64 scope link noprefixroute
Now last Friday when I debugged this ip addr command confirmed at the
time the MAC address was d4:3d:7e:b6:ba:a8 and not 1e:2b:ad:33:12:64.
Now it is 1e:2b:ad:33:12:64. HOW? I am not spoofing the MAC with NetworkManger on Kenny(*). This is an Ethernet and not WiFi with
software MAC switching "pseudo-security" measure some employ on Wifi. I
have not recently updated BIOS on this system, so where should I look
for cause? Puzzled.
(*)Hostname South Park reference: original machine before rebuild from scratch with new parts was cobbled together from used systems expecting
a "Hey they killed Kenny" moment at any time.
On 29/06/2023 17:43, Jonathan N. Little wrote:
Looking for possible causes. The issue is I have one system where the
MAC address has changed for no apparent reason.
The system is a MSI B75MA-G43 motherboard with on board
RTL8111/8168/8411 PCI Express Gigabit Ethernet Controller with Ubuntu
22.04.2 LTS desktop. NIC set to DHCP, and I have a Ubuntu server with
local DNS and DHCP server with a LAN pool where I set this client's IP
by matching the MAC address. Straight forward and easy. Been working for
years. For the third time this year the MAC address has changed where
client has the wrong IP breaking my LAN backup system. My OCD nature I
comment changes to record things so server's dhcpd.conf:
...
# 2023-03-04 Not sure how but Kenny's mac address changed
# 2023-06-23 Dang Kenny's mac changes again
# 2023-06-29 Kenny is back to previous MAC
...
host kenny {
#hardware ethernet 1e:2b:ad:33:12:64;
hardware ethernet d4:3d:7e:b6:ba:a8;
fixed-address 192.168.57.132;
}
Those are the two MAC addresses that NIC keeps switching so this morning
if failed recorded by dhcp server lease file /var/lib/dhcp/dhcpd.leases:
lease 192.168.57.193 {
starts 4 2023/06/29 09:34:30;
ends 4 2023/06/29 21:34:30;
cltt 4 2023/06/29 09:34:30;
binding state active;
next binding state free;
rewind binding state free;
hardware ethernet 1e:2b:ad:33:12:64; <-NOTE MAC now back to this...
uid "\001\036+\2553\022d";
client-hostname "kenny";
}
Confirmed on client Kenny:
2: enp3s0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel
state UP group default qlen 1000
link/ether 1e:2b:ad:33:12:64 brd ff:ff:ff:ff:ff:ff
inet 192.168.57.193/24 brd 192.168.57.255 scope global dynamic
noprefixroute enp3s0
valid_lft 28111sec preferred_lft 28111sec
inet6 fe80::1feb:64a7:bae6:90da/64 scope link noprefixroute
Now last Friday when I debugged this ip addr command confirmed at the
time the MAC address was d4:3d:7e:b6:ba:a8 and not 1e:2b:ad:33:12:64.
Now it is 1e:2b:ad:33:12:64. HOW? I am not spoofing the MAC with
NetworkManger on Kenny(*). This is an Ethernet and not WiFi with
software MAC switching "pseudo-security" measure some employ on Wifi. I
have not recently updated BIOS on this system, so where should I look
for cause? Puzzled.
(*)Hostname South Park reference: original machine before rebuild from
scratch with new parts was cobbled together from used systems expecting
a "Hey they killed Kenny" moment at any time.
Looking up d4:3d:7e:b6:ba:a8 I see vendor is Micro-Star Int'L Co.
Looking up 1e:2b:ad:33:12:64 (three separate web sites) I get "No such vendor, Locally administered addresses (LAA): the address is assigned
to a device by a network administrator"
Sorry if this is no help
5) Nothing set here either:
jonathan@kenny:~$ ls -l /usr/lib/NetworkManager/conf.d/
total 16
-rw-r--r-- 1 root root 225 Jun 9 2022 10-dns-resolved.conf
-rw-r--r-- 1 root root 80 Jun 9 2022 10-globally-managed-devices.conf -rw-r--r-- 1 root root 58 Jun 9 2022 20-connectivity-ubuntu.conf -rw-r--r-- 1 root root 306 Apr 4 2022 no-mac-addr-change.conf
So I am at a loss
Henry Crun wrote:
On 29/06/2023 17:43, Jonathan N. Little wrote:
Looking for possible causes. The issue is I have one system where the
MAC address has changed for no apparent reason.
The system is a MSI B75MA-G43 motherboard with on board
RTL8111/8168/8411 PCI Express Gigabit Ethernet Controller with Ubuntu
22.04.2 LTS desktop. NIC set to DHCP, and I have a Ubuntu server with
local DNS and DHCP server with a LAN pool where I set this client's IP
by matching the MAC address. Straight forward and easy. Been working for >>> years. For the third time this year the MAC address has changed where
client has the wrong IP breaking my LAN backup system. My OCD nature I
comment changes to record things so server's dhcpd.conf:
...
# 2023-03-04 Not sure how but Kenny's mac address changed
# 2023-06-23 Dang Kenny's mac changes again
# 2023-06-29 Kenny is back to previous MAC
...
host kenny {
#hardware ethernet 1e:2b:ad:33:12:64;
hardware ethernet d4:3d:7e:b6:ba:a8;
fixed-address 192.168.57.132;
}
Those are the two MAC addresses that NIC keeps switching so this morning >>> if failed recorded by dhcp server lease file /var/lib/dhcp/dhcpd.leases: >>>
lease 192.168.57.193 {
starts 4 2023/06/29 09:34:30;
ends 4 2023/06/29 21:34:30;
cltt 4 2023/06/29 09:34:30;
binding state active;
next binding state free;
rewind binding state free;
hardware ethernet 1e:2b:ad:33:12:64; <-NOTE MAC now back to this... >>> uid "\001\036+\2553\022d";
client-hostname "kenny";
}
Confirmed on client Kenny:
2: enp3s0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel
state UP group default qlen 1000
link/ether 1e:2b:ad:33:12:64 brd ff:ff:ff:ff:ff:ff
inet 192.168.57.193/24 brd 192.168.57.255 scope global dynamic
noprefixroute enp3s0
valid_lft 28111sec preferred_lft 28111sec
inet6 fe80::1feb:64a7:bae6:90da/64 scope link noprefixroute
Now last Friday when I debugged this ip addr command confirmed at the
time the MAC address was d4:3d:7e:b6:ba:a8 and not 1e:2b:ad:33:12:64.
Now it is 1e:2b:ad:33:12:64. HOW? I am not spoofing the MAC with
NetworkManger on Kenny(*). This is an Ethernet and not WiFi with
software MAC switching "pseudo-security" measure some employ on Wifi. I
have not recently updated BIOS on this system, so where should I look
for cause? Puzzled.
(*)Hostname South Park reference: original machine before rebuild from
scratch with new parts was cobbled together from used systems expecting
a "Hey they killed Kenny" moment at any time.
Looking up d4:3d:7e:b6:ba:a8 I see vendor is Micro-Star Int'L Co.
Which makes sense because it is an MSI motherboard. IIRC that was the
MAC address that I originally had the dhcp server trap to set the IP.
Looking up 1e:2b:ad:33:12:64 (three separate web sites) I get "No such
vendor, Locally administered addresses (LAA): the address is assigned
to a device by a network administrator"
Which is strange because last night it switched to this MAC:
jonathan@kenny:~$ ip link show enp3s0
2: enp3s0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel
state UP mode DEFAULT group default qlen 1000
link/ether 1e:2b:ad:33:12:64 brd ff:ff:ff:ff:ff:ff permaddr c6:51:bd:c3:b2:ab
So the MAC is currently 1e:2b:ad:33:12:64. Now the above has a
"permaddr" value of c6:51:bd:c3:b2:ab. Googling seems to indicate
"permaddr" is present when overriding NIC's MAC by spoofing. 1) I am not spoofing. 2) c6:51:bd:c3:b2:ab also has no vendor ID.
So I when looking to see where|what could be overriding the MAC like so legacy config since this system has been migrated over the years from
earlier versions of Ubuntu.
1) No overrides in /etc/systemd/networkd.conf
2) No overrides in legacy /etc/network/interfaces or
/etc/network/interfaces.d
3) Network settings using new netplan as configured by 22.04 installer /etc/netplan/01-network-manager-all.yaml
# Let NetworkManager manage all devices on this system
network:
version: 2
renderer: NetworkManager
So using NetworkManager so I checked for any overrides in
NetworkManager's configuration
4) /etc/NetworkManager/NetworkManager.conf
[main]
plugins=ifupdown,keyfile
[ifupdown]
managed=false
[device]
wifi.scan-rand-mac-address=no
Well the Wifi card is not set for random MAC address! But nothing about
the Ethernet...
5) Nothing set here either:
jonathan@kenny:~$ ls -l /usr/lib/NetworkManager/conf.d/
total 16
-rw-r--r-- 1 root root 225 Jun 9 2022 10-dns-resolved.conf
-rw-r--r-- 1 root root 80 Jun 9 2022 10-globally-managed-devices.conf -rw-r--r-- 1 root root 58 Jun 9 2022 20-connectivity-ubuntu.conf -rw-r--r-- 1 root root 306 Apr 4 2022 no-mac-addr-change.conf
So I am at a loss. It looks like the MAC address should be
d4:3d:7e:b6:ba:a8 which it was the other day but now it is being
overrided somewhere but I cannot find it.
On Thu, 29 Jun 2023 23:26:57 -0400, Jonathan N. Little wrote:
Henry Crun wrote:
Looking up d4:3d:7e:b6:ba:a8 I see vendor is Micro-Star Int'L Co.
Which makes sense because it is an MSI motherboard. IIRC that was the
MAC address that I originally had the dhcp server trap to set the IP.
Looking up 1e:2b:ad:33:12:64 (three separate web sites) I get "No such
vendor, Locally administered addresses (LAA): the address is assigned
to a device by a network administrator"
Which is strange because last night it switched to this MAC:
jonathan@kenny:~$ ip link show enp3s0
2: enp3s0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel
state UP mode DEFAULT group default qlen 1000
link/ether 1e:2b:ad:33:12:64 brd ff:ff:ff:ff:ff:ff permaddr
c6:51:bd:c3:b2:ab
So the MAC is currently 1e:2b:ad:33:12:64. Now the above has a
"permaddr" value of c6:51:bd:c3:b2:ab. Googling seems to indicate
"permaddr" is present when overriding NIC's MAC by spoofing. 1) I am not
spoofing. 2) c6:51:bd:c3:b2:ab also has no vendor ID.
So I when looking to see where|what could be overriding the MAC like so
legacy config since this system has been migrated over the years from
earlier versions of Ubuntu.
I would try booting a live cd and checking just to have a second
opinion about mac.
Bit Twister wrote:
On Thu, 29 Jun 2023 23:26:57 -0400, Jonathan N. Little wrote:
Henry Crun wrote:
<snip>
Looking up d4:3d:7e:b6:ba:a8 I see vendor is Micro-Star Int'L Co.
Which makes sense because it is an MSI motherboard. IIRC that was the
MAC address that I originally had the dhcp server trap to set the IP.
Looking up 1e:2b:ad:33:12:64 (three separate web sites) I get "No such >>>> vendor, Locally administered addresses (LAA): the address is assigned >>>> to a device by a network administrator"
Which is strange because last night it switched to this MAC:
jonathan@kenny:~$ ip link show enp3s0
2: enp3s0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel
state UP mode DEFAULT group default qlen 1000
link/ether 1e:2b:ad:33:12:64 brd ff:ff:ff:ff:ff:ff permaddr
c6:51:bd:c3:b2:ab
So the MAC is currently 1e:2b:ad:33:12:64. Now the above has a
"permaddr" value of c6:51:bd:c3:b2:ab. Googling seems to indicate
"permaddr" is present when overriding NIC's MAC by spoofing. 1) I am not >>> spoofing. 2) c6:51:bd:c3:b2:ab also has no vendor ID.
So I when looking to see where|what could be overriding the MAC like so
legacy config since this system has been migrated over the years from
earlier versions of Ubuntu.
<snip>
I would try booting a live cd and checking just to have a second
opinion about mac.
Duh! Great idea to eliminate any possible configuration issues...<grabs
my yumi thumbdrive>
Well, this is puzzling. The non-MSI vendor MAC "1e:2b:ad:33:12:64" is
showing here in the live session:
ubuntu@ubuntu:~$ ip link show enp3s0
2: enp3s0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel
state UP mode DEFAULT group default qlen 1000
link/ether 1e:2b:ad:33:12:64 brd ff:ff:ff:ff:ff:ff
Same as normal boot:
jonathan@kenny:~$ ip link show enp3s0
2: enp3s0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel
state UP mode DEFAULT group default qlen 1000
link/ether 1e:2b:ad:33:12:64 brd ff:ff:ff:ff:ff:ff permaddr ee:a5:38:4c:ed:67
Only difference is the normal boot includes the permaddr parameter ee:a5:38:4c:ed:67. Also strange is this permaddr parameter changed from yesterday where it was "c6:51:bd:c3:b2:ab" not "ee:a5:38:4c:ed:67"
Personally I would be nervous/parodied and do a clean install
assuming you are talking about a wired Ethernet device.
Going to update my custom sys_audit script to check mac addys
I found a few bits of interesting information here https://superuser.com/questions/349579/what-can-cause-a-mac-address-to-change
Looking for possible causes. The issue is I have one system where the
MAC address has changed for no apparent reason.
The system is a MSI B75MA-G43 motherboard with on board
RTL8111/8168/8411 PCI Express Gigabit Ethernet Controller with Ubuntu
22.04.2 LTS desktop. NIC set to DHCP, and I have a Ubuntu server with
local DNS and DHCP server with a LAN pool where I set this client's IP
by matching the MAC address. Straight forward and easy. Been working for years. For the third time this year the MAC address has changed where
client has the wrong IP breaking my LAN backup system. My OCD nature I comment changes to record things so server's dhcpd.conf:
...
# 2023-03-04 Not sure how but Kenny's mac address changed
# 2023-06-23 Dang Kenny's mac changes again
# 2023-06-29 Kenny is back to previous MAC
...
host kenny {
#hardware ethernet 1e:2b:ad:33:12:64;
hardware ethernet d4:3d:7e:b6:ba:a8;
fixed-address 192.168.57.132;
}
Those are the two MAC addresses that NIC keeps switching so this morning
if failed recorded by dhcp server lease file /var/lib/dhcp/dhcpd.leases:
lease 192.168.57.193 {
starts 4 2023/06/29 09:34:30;
ends 4 2023/06/29 21:34:30;
cltt 4 2023/06/29 09:34:30;
binding state active;
next binding state free;
rewind binding state free;
hardware ethernet 1e:2b:ad:33:12:64; <-NOTE MAC now back to this...
uid "\001\036+\2553\022d";
client-hostname "kenny";
}
Confirmed on client Kenny:
2: enp3s0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel
state UP group default qlen 1000
link/ether 1e:2b:ad:33:12:64 brd ff:ff:ff:ff:ff:ff
inet 192.168.57.193/24 brd 192.168.57.255 scope global dynamic noprefixroute enp3s0
valid_lft 28111sec preferred_lft 28111sec
inet6 fe80::1feb:64a7:bae6:90da/64 scope link noprefixroute
Now last Friday when I debugged this ip addr command confirmed at the
time the MAC address was d4:3d:7e:b6:ba:a8 and not 1e:2b:ad:33:12:64.
Now it is 1e:2b:ad:33:12:64. HOW? I am not spoofing the MAC with NetworkManger on Kenny(*). This is an Ethernet and not WiFi with
software MAC switching "pseudo-security" measure some employ on Wifi. I
have not recently updated BIOS on this system, so where should I look
for cause? Puzzled.
(*)Hostname South Park reference: original machine before rebuild from scratch with new parts was cobbled together from used systems expecting
a "Hey they killed Kenny" moment at any time.
Is macchanger installed on that machine?Nope. I do all the IT.
Is it enabled in /etc/default/macchanger?
Bit Twister wrote:
On Thu, 29 Jun 2023 23:26:57 -0400, Jonathan N. Little wrote:
Henry Crun wrote:
<snip>
Looking up d4:3d:7e:b6:ba:a8 I see vendor is Micro-Star Int'L Co.
Which makes sense because it is an MSI motherboard. IIRC that was the
MAC address that I originally had the dhcp server trap to set the IP.
Looking up 1e:2b:ad:33:12:64 (three separate web sites) I get "No such >>>> vendor, Locally administered addresses (LAA): the address is assigned >>>> to a device by a network administrator"
Which is strange because last night it switched to this MAC:
jonathan@kenny:~$ ip link show enp3s0
2: enp3s0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel
state UP mode DEFAULT group default qlen 1000
link/ether 1e:2b:ad:33:12:64 brd ff:ff:ff:ff:ff:ff permaddr
c6:51:bd:c3:b2:ab
So the MAC is currently 1e:2b:ad:33:12:64. Now the above has a
"permaddr" value of c6:51:bd:c3:b2:ab. Googling seems to indicate
"permaddr" is present when overriding NIC's MAC by spoofing. 1) I am not >>> spoofing. 2) c6:51:bd:c3:b2:ab also has no vendor ID.
So I when looking to see where|what could be overriding the MAC like so
legacy config since this system has been migrated over the years from
earlier versions of Ubuntu.
<snip>
I would try booting a live cd and checking just to have a second
opinion about mac.
Duh! Great idea to eliminate any possible configuration issues...<grabs
my yumi thumbdrive>
Well, this is puzzling. The non-MSI vendor MAC "1e:2b:ad:33:12:64" is
showing here in the live session:
ubuntu@ubuntu:~$ ip link show enp3s0
2: enp3s0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel
state UP mode DEFAULT group default qlen 1000
link/ether 1e:2b:ad:33:12:64 brd ff:ff:ff:ff:ff:ff
Same as normal boot:
jonathan@kenny:~$ ip link show enp3s0
2: enp3s0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel
state UP mode DEFAULT group default qlen 1000
link/ether 1e:2b:ad:33:12:64 brd ff:ff:ff:ff:ff:ff permaddr ee:a5:38:4c:ed:67
Only difference is the normal boot includes the permaddr parameter ee:a5:38:4c:ed:67. Also strange is this permaddr parameter changed from yesterday where it was "c6:51:bd:c3:b2:ab" not "ee:a5:38:4c:ed:67"
Sysop: | Keyop |
---|---|
Location: | Huddersfield, West Yorkshire, UK |
Users: | 307 |
Nodes: | 16 (3 / 13) |
Uptime: | 34:39:31 |
Calls: | 6,910 |
Calls today: | 4 |
Files: | 12,376 |
Messages: | 5,428,412 |
Posted today: | 2 |