Product bug: unknown unicast traffic storms from thunderbolt displays

Similar Messages

• Brand new 15" MacBook Pro Retina - unplugged from Thunderbolt Display and Keyboards today find keyboard alpha-numerics not working; except the function keys, delete key, tab key, command/ctrl/shift/alt/fn and arrow keys; and 7/8/9/u/o/j/l nudge cursor

  Brand new 15" MacBook Pro Retina - unplugged from Thunderbolt Display and Keyboards today find keyboard alpha-numerics not working; except the function keys, delete key, tab key, command/ctrl/shift/alt/fn and arrow keys; and 7/8/9/u/o/j/l produce cursor nudges.

  It's a new machine - and the Thunderbolt Display is meant to work with it. You need to just make an appointment at your local Apple Store and have them fix whatever is wrong.
  If you like, you could always try a SMC reset and a PRAM/NVRAM reset to see if either of those will get your keyboard back in working order...
  Clinton

• Static from thunderbolt display speakers?

  There is a lot of static from thunderbolt display speakers - this monitor is brand new, so can't be worn out... Anything to fix it?

  I have a similiar problem in that my TB display makes a hissing whenever there is some type of connection between the MBP and the display.  It can be so noisy that I have to disconnect the $900 display.  Apple doesn't seem to care that it's customers have this problem as they've yet to provide a fix.  On one thread I saw they made someone pay $200 to fix the problem.

• No sound from Thunderbolt Display after update to OS X 10.9.3

  So I updated to 10.9.3 this morning only to find there is no sound coming from my Thunderbolt Display after installation. Sound is now only audible from my MacBook Pro (late 2011). Also, see image below, there is no sign of any connected inputs other than my MBP now. I've shutdown and restarted a number of times, but still no audio from the display.
  Really starting to wonder why it's worth spending so much on Apple products now...

  I sent my TB Display in for repair. They had it almost a week and didn't find anything wrong with it. Instead they took in my MacBook Pro and replaced the logic board (2nd time it had been replaced) and the Display seems to be working fine now.
  ...except that for using 3rd party video conf apps, those apps only pick up the MBP camera (even though i try to change settings in app), not the TBD camera... but FaceTime and Skype find the TBD camera.
  Strange.
  Nickkett wrote:
  I Bought all Apple to be 100% compatible and "Just Work"...
  I completely agree with that sentiment. That's why we pay through the nose for their products, so it feels very bad when they don't just work.

• Does exist a tool to discover where the unknown data traffic come from?

  I realized a lot of people experience Unknown data exchange without reason with all notification off with no localization with no push mail all accounts setted on manual and with no application running in background.There are people with a very big amount of unkown traffic but also people with a small amount of traffic like around 10kb every 5 minutes or maybe even less sometimes.Anyway is very strange i start to have this problem since i upgraded to 4.2.1 and i still have with no application installed without charging a back up just with the iphone as you take out from the box for the first time.
  Just few kb are not a problem for me since i have a huge dataplan but is strange this exchange of data i found all the 4.2.1 of my friends have this problem instead all the old firmware doesn't have this problem.
  I'm scared apple with this last firmware maybe is able to get private informations from iphone users.
  I know exist an application called dataman but is not useful in my opinion for what we are looking for cause it tell you just the amount of data you used but not the details of the connections.Would be great if some one would be able to find the recent log to internet with the details...
  I hope so!
  Thank you for your collaboration!
  Eddy

  Is impossible to not leave confidential information in the iphone since you send and recive email with mail application or you have all your contacts or you would like if is possible acces to your bank account safely...
  I have to tell you in my case for the unknow usage data apple is for sure the responsable cause i still have with a complete restore no backup and no apps installed a part the apple's preinstalled and not less important generate this traffic with different operators...
  Just few kb but anyway is strange i realized most of the 4.2.1 had this problem...

• Missing sound + missing USB power (sometimes) from Thunderbolt Display when waking from sleep

  Hi
  Two problems - one of which is driving med crazy!!
  Have the latest updates, and the display is connected to a MBA (mid 2011).
  The two are almost alwayes connected, and every time I wake the MBA from sleep, the Thunderbold Display does not "support usb sound" - the sound options are only MBA and headphones. Only a restart will give me the option to use Thunderbolt as sound output: WHAT TO DO!?!?!!
  Sometimes when waking from sleep the USB in the Display seems to be "off" - the will not charge my devices (iPhone, iPad etc.). Only reboot seems to fix this... I have seen this in other discussions but not found a permanent solution - any thoughts?

  Same here but reinstalling OSX is a bit drastic. I solved the problem by deleting a preference.
  Go to Macintosh HD then System then Library then Preference panes then Sound.prefPane
  Delete Sound.prefPane (you need to type your password).
  Logout or restart.
  This has happend twice this week so WHY is this suddenly occurring?
  Hi,
  I found this solution in the forum, but I can't find it again. I had cut and pasted it into a text file, because it solved my problem. I just don't want to take any credit for it. It did work for me. I had no problems for 3-4 weeks with the monitor, I have had the sound problem since last Friday. Very frustrating.
  BSGINC

• Thunderbolt Display Hum from USB ports

  A number of people on a number of threads have reported strange sounds (hum, hiss, crackle) coming from their Thunderbolt monitors. Some reflect electrical interference from other appliances. Some are the result of defects in the Thunderbolt firmware that has allegedly been fixed. A lot of the problems seem to be connected to the speakers. My problem has nothing to do with the speakers, but with a quite pronounced hum (nothing subtle -- you can hear it ten feet away) that arises unpredictably, and can be changed or even temporarily elminated by changing the screen angle. To me it sounded like what in other contexts would be a "ground hum," and perhaps that's what it is, I don't know. What I do know is that, if you have this particular problem, you can solve it by removing all USB devices from the ports on the back of the monitor. These work as ports, but they do produce the hum, at least on mine, regardless of what you plug into them.
  There's really no excuse for this kind of thing, but lets face it, Apple products can sometimes be surprisingly shoddy.

  See:  Thunderbolt Display Firmware 1.2 broke the USB inside the display.
  No solution yet.  I have a call in w/ Apple Support later today.  I recommend you all start calling them.
  Symptoms are:  TBD connected, Mac goes to sleep or hibernate...when it wakes, USB (including Audio) is inoperative.  Unplug/plug TBD back into Mac, item restores.
  SMC and PRAM resets do not work permanently...restarting Mac (whether MacBook, Mac Mini or MB Air) doesn't work permanently.
  The audio card in the TB Display is a USB device.  If you look in your system report you'll see that it's connected.
  Here's another thing you can try...Start FaceTime...You'll notice your FaceTime camera doesn't work (in the display) either.  It's USB also.
  I would strike a guess that the USB driver got borked on the firmware update.

• Thunderbolt Display "dead" after firmware upgrade to Version 1.2

  Hi,
  I just run the Thunderbolt F/W update to 1.2 as offered by the AppStore Update. I have a 2014 MacPro with 2 Displays connected. In good faith I just confirmed to apply the update without much reading the fine print. The F/W update brought the system to a complete standstill. After 2 hours of waiting in the boot screen, I rebooted the system manually (5 secs power button). One of the Thunderbolt displays first just flickered, then decided to completely die. The System report says: unknown device in the Thunderbolt section. The 2nd display hasn't been updated during this procedure.
  How can the F/W of the 'dead' display be re-installed? I also tried to connect it to a MacBook pro. Same result. The display is entirely black.
  Any help or suggestion is much appreciated. Thanks!

  Put me on the list as well.
  I've had this TB display for two years and have had no issue with it. Clicked OK on the firmware prompt and now I have a $1000 paperweight/laptop charger.
  What I have tried:
  Reset SMC and NVRAM on my MBP.
  Unplugged the display from power and all peripherals and let it sit for ~24 hours before trying again.
  Downloaded the firmware installer from Thunderbolt Display Firmware Update v1.2. It tells me that no thunderbolt display is connected.
  So far nothing has produced a result.
  System report shows an unknown device on the TB port.
  A used logic board for the display is around USD$220 on ebay.
  I really wish I had not attempted to install the firmware now.

• When I disconnect my MBP from my Thunderbolt display and reconnect, arrangement resets.

  I have a MBP Retina and a 27" Thunderbolt display. When I disconnect from the Thunderbolt display and then reconnect, my arrangement is reset and I have to set it again.  This has been happening for the last day.
  I am on OS X 10.10.1 Yosemite and I just updated the Thunderbolt firmware yesterday.

  Try:
  - Reset the iOS device. Nothing will be lost      
  Reset iOS device: Hold down the On/Off button and the Home button at the same time for at
  least ten seconds, until the Apple logo appears.
  - Unsync/delete all music and resync
  To delete all music go to Settings>General>Usage>Storage>Manage Storage>Music>Tap edit in upper right and then tap the minus sign by All Music
  - Reset all settings                            
  Go to Settings > General > Reset and tap Reset All Settings.
  All your preferences and settings are reset. Information (such as contacts and calendars) and media (such as songs and videos) aren’t affected.
  - Restore from backup. See:                                               
  iOS: Back up and restore your iOS device with iCloud or iTunes      
  - Restore to factory settings/new iOS device.                       
  However, there seems to be a bug in iOS 8 or iTunes 12.1.1 that cause this problem and I have not seen a solution

• Unknown network traffic / router traffic monitoring

  So I got a new PC with windows 7 on it, and I installed this gadget that monitors network traffic, and it shows a lot of traffic that my local PC isn't showing, so I am thinking there is something running on the LAN that I can't see. I was looking to find a live, better program to monitor the actiontec router, for traffic. anyone know of anything that can maybe show me who is using all the bandwidth on my network?
  i have found software for Linksys, but nothing for the Actiontec.
  Thanks,
  Quasimodem
  Fios in Florida
  Solved!
  Go to Solution.

  Keep in mind that when looking at Wireshark (sniffer) software there are different types of traffic:
  Unicast
  Broadcast
  Multicast
  Unicast is traffic between two devices.  You will see the traffic between the PC with wireshark and another device on your local network such as a printer, another PC or the Router.  You should not see traffic between another PC and the Internet for example.  Using a phone as an example some calls you and the conversation is between you and the person on the other end of the phone.  This is unicast traffic.  Using defaults of the actiontec, IP address seen will be 192.168.1.1 for the router and 192.168.1.2-99 for devices on your network.  If you have the TV service, 192.168.1.100-1xx is used for the cable boxes.
  Broadcast traffic is traffic sent to all devices.  Its not directed toward a particular PC but rather usually looking for information.  In a sniffer trace you will see broadcast traffic. Going back to the phone example, someone makes an announcement on an overhead intercom system that is broadcast traffic.  Broadcast traffic will be seen as 192.168.255.255
  Multicast traffic is traffic from one device for many devices.  Usually used in video feeds.   Using the phone system as an example someone wishes to tell a group of people something so instead of calling each person up and telling them each person who wants the information joins a conference bridge.  Anyone is allowed to listen but only those that wish to get the information receive it.  Generally how multicast works.  Multicast traffic will be seen as IP address 224.x.x.x or something of the sorts where the address will be 2xx.x.x.x.  
  I hope this makes sense.  Probably more information than you needed but at least it will help you understand what wireshark is telling you.

• ASA5500: TCP state bypass for traffic, coming from IPsec tunnel

  Hello!
  We have problems on central firewall with restricting traffic coming from remote office from IPsec. (The network sheme is attached)
  All branch offices are connected to central asa though IPsec.
  The main aim is to rule access from branch offices only on the central firewall, NOT on each IPsec tunnel
  According to the sheme:
  172.16.1.0/24 is on of the branch office LANs
  10.1.1.0/24 and 10.2.2.0/24 are central office LAN
  The crypto ACL looks like  permit ip 172.16.1.0/24 10.0.0.0/8
  The aim is to
  restrict access from 172.16.1.0/24 to 10.1.1.0/24
  When packets are generated from host 10.1.1.10 to 172.16.1.0/24 all is ok -  they are dropped by acl2
  When packets are generated from 172.16.1.0/24 to 10.1.1.10 they are not dropped by any ACL - the reason is stateful firewall - traffic bypasses all access lists on a back path
  I thought that TCP State Bypass feature can solve this problem and disable stateful firewall inspection for traffic coming from 172.16.1.0/24 to 10.1.1.0/24, but it didn't help.
  The central asa 5500 is configured according to cisco doc http://www.cisco.com/en/US/docs/security/asa/asa82/configuration/guide/conns_tcpstatebypass.html
  access-list tcp_bypass_acl extended permit tcp 172.16.1.0 255.255.255.0 10.1.1.0 255.255.255.0
  class-map tcp_bypass_map
  description "TCP traffic that bypasses stateful firewall"
  match access-list tcp_bypass_acl
  policy-map tcp_bypass_policy
  class tcp_bypass_map
  set connection advanced-options tcp-state-bypass
  service-policy tcp_bypass_policy interface outside
  service-policy tcp_bypass_policy interface inside
  Does anyone know, how to make TCP State Bypass works properly?

  I understand the pain of creating diffrent crypto for diffrent tunnels but i never come across better solution. However TCP state bypass is not going to help in regards to restrict access. TCP state bypass is a way to for FW to act like router which does not do statefull and I dont think that fits in your scenario.
  You can still control access on center site by using vpn-filters.
  http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a00808c9a87.shtml
  Thanks
  Ajay

• I recently bought a Macbook Air and a Thunderbolt Display and the laptop's power is supposed to come from the display, but the power cable on the display does not fit into the Macbook Air.

  I recently bought a 11" Macbook Air and a 27" Thunderbolt Display.The laptop's power is supposed to come from the display when connected, but the power cable on the display does not fit into the Macbook Air.

  If your MBair is a 2012 model, it has a Magsafe 2 power connection.  The monitor probably has the old magsafe connection.  If this is the case, you need this adapter.
  http://store.apple.com/us/product/MD504ZM/A?fnode=5a

• Flooding of ip unicast traffic

  Hi there,
  I capture packets from the network from my workstation during 30 minutes without putting the port of the switch in monitor modus. So my guess was that i would only see broadcast messages and some unicast packets where the mac address is not know to the switch.
  But i saw some other packets that i could not explain why i can see them. I saw for example a Syn, Ack package which in my optinion i shouldn't see since the mac address should be known to the switch.
  I understand that if i see udp messages that it could be possible that i can monitor the whole traffic if the destination host never sends a packet since than the switch will never know where the machine is located and has to flood all the time. But for tcp? A Syn packet ok no problem but i think that i shouldn't see Ack of Syn, Ack....or everything else.
  I hope i was clear describing my problem and to resume i have the impression that sometimes packets are flooded even if the switch knows the destination port.
  Is there any way how i can verify this?
  Thanks a lot.
  regards,
  ycae

  I have seen a configuration of ISA servers where the server deliberately causes all unicast traffic to the server to be flooded. It does this as part of an elaborate load-balancing technique. The way it tricks the switch into flooding all its unicast traffic is by using its NIC MAC address as the source of its outgoing frames, but giving the client a different MAC address in its ARP response. The client sends its frames to a MAC address that the switch has never seen as source, so it floods them.
  There are several other reasons why a switch might flood. Are you sure these are MAC unicasts? The first byte of the destination MAC address ... is it even or odd? If it is odd, then you have a multicast or broadcast destination.
  Does that help?
  Kevin Dorrell
  Luxembourg

• Layer 2 Bridging - Unknown Unicast - ARP or Flood?

  Hi all,
  I'm trying to understand when a layer-2 bridge (switch) would flood an
  unknown unicast frame. My understanding is that whenever a device
  needs to send a unicast frame, it would use ARP before sending, in
  which case the switch would already have the MAC address of the
  destination due to it's ARP reply. This seems that there would never
  be a scenario where the switch would flood a unicast frame out all
  ports. My book lists this as a valid scenario. Am I missing
  something, or is this only possible in situations where ARP isn't
  used? Thanks.

  Hi,
  as Rick said ARP cache timeout is 4 hours while L2 switch MAC address timeout is only 5 minutes by default.
  So it can happen there is the destination MAC missing in the switch forwarding table.
  See
  http://www.cisco.com/en/US/products/hw/switches/ps700/products_tech_note09186a00801d0808.shtml
  and
  http://www.cisco.com/en/US/products/hw/switches/ps708/products_tech_note09186a00807347ab.shtml#broadcast
  BR,
  Milan

• Broadcast and unknown unicast packets

  Hi all,
  When the network looping occurs, what the most packets will be generated? Broadcast or unknown unicast packets?
  If I want to control the number of unknown unicast packets, which storm control should be configured? Broadcast or unicast storm control?
  Thanks a lot,
  Nitass

  A network loop occurs primarily due to broadcast packets or unicast packets that are sent out of multiple interfaces to the same destination device.
  for e.g if you had
  PC1
  |
  Switch 1
  | |
  Switch 2
  |
  PC2
  and you somehow assume that PC1 knew the exact mac address of pc2 and sent it a unicast frame, even then because STP is not running, it would cause a broadcast storm. This would be a unicast broadcast storm.
  Broadcast storm control will only control packets that are designated as broadcast i.e. all 1's. If you suspect the storm is being caused by unicast packets you may have to enable unicast control.
  HTH
  Please rate posts that help.
  Regards
  Arvind