Clientoverview in Pi-Hole shows unknown Mac addresses

Wimbre · December 17, 2021, 9:51am

I ran a standard Pi Hole installation on my Rasberry Pi 3+ for the first time and everything works smoothly.

Now I want to enter the names (comments) for the known clients in Group Management.

Now I come across a number of unknown MAC addresses of which I have to find out which clients these are.

One gives some more info (Maxlinear Inc.) Does anyone know if this is a supplier of Apple parts?

Pi-hole** [v5.6]
FTL** [v5.11]
Web Interface** [v5.8]

I ran a standard Pi Hole installation on my Rasberry Pi 3+ for the first time and everything works smoothly.

Now I want to enter the names (comments) for the known clients in Group Management.

Now I come across a number of unknown MAC addresses of which I have to find out which clients these are.

One gives some more info (Maxlinear Inc.) Does anyone know if this is a supplier of Apple parts?

Thanks!

jpgpi250 · December 17, 2021, 9:59am

execute arp -a on the pi, you'll get the required info (devicename, ip, mac)

Wimbre · December 17, 2021, 10:38am

I've already tried that, but it doesn't provide any new information.

(192.168.178.125) at ec:b5:xx:xx:xx [ether] on eth0 etc.

deHakkelaar · December 17, 2021, 9:36pm

pi@ph5b:~ $ pihole-FTL /etc/pihole/macvendor.db "SELECT vendor FROM macvendor WHERE mac LIKE 'ec:b5:fa'"
Philips Lighting BV

Wimbre · December 18, 2021, 6:33am

Thanks for your help. I accidentally mentioned an already known item: My Philips Hue Hub.

2 examples of unknown clients:
a.) 9A:BD:DF:xx:xx:xx
b.) BA:D6:56:xx:xx:xx

On the tab "Recent Queries (showing queries within specified time interval)" I see that the IP address of these MAC addresses mentioned frequently contacts Apple-related domains ("mesu-cdn.origin-apple.com.akadns.net." , "20-courier.push.apple.com". "weather-data.apple.com.akadns.net).

My Apple hardware:

iMac
Airport extreme
Homepod
2 x iPhones
3 x iPads
Apple TV 4K

However, these have already been named based on their MAC address.

deHakkelaar · December 18, 2021, 7:00pm

Those devices seem to be using below and are not advertising their real MAC address:

Try a reverse lookup from a client PC (Windows/Mac/Linux) to see if those devices have advertised their own hostname via DHCP:

nslookup <IP_ADDRESS>

Or more specific, If you know which device does DHCP services for your network:

nslookup <IP_address> <DHCP_SERVER_IP_ADDRESS>

For example, asking/querying the 10.0.0.2 DHCP server to lookup the avr name associated with the 10.0.0.9 IP:

C:\>nslookup 10.0.0.9 10.0.0.2
Server:  ph5a.home.dehakkelaar.nl
Address:  10.0.0.2

Name:    avr.home.dehakkelaar.nl
Address:  10.0.0.9

EDIT: Ow better redact the later halve of the MAC addresses you posted here, like I have done, for privacy!
Only need the first three octets for MAC address lookups:

pi@ph5b:~ $ pihole-FTL /etc/pihole/macvendor.db --header --column "SELECT * FROM macvendor" | head -20
mac                   vendor                                                                                                    
--------------------  ------------------------------------------------------------
00:00:00              Officially Xerox, but 0:0:0:0:0:0 is more common                                                          
00:00:01              Xerox Corporation                                                                                         
00:00:02              Xerox Corporation                                                                                         
00:00:03              Xerox Corporation                                                                                         
00:00:04              Xerox Corporation                                                                                         
00:00:05              Xerox Corporation                                                                                         
00:00:06              Xerox Corporation                                                                                         
00:00:07              Xerox Corporation                                                                                         
00:00:08              Xerox Corporation                                                                                         
00:00:09              powerpipes?                                                                                               
00:00:0A              Omron Tateisi Electronics Co.                                                                             
00:00:0B              Matrix Corporation                                                                                        
00:00:0C              Cisco Systems, Inc                                                                                        
00:00:0D              Fibronics Ltd.                                                                                            
00:00:0E              Fujitsu Limited                                                                                           
00:00:0F              Next, Inc.                                                                                                
00:00:10              Sytek Inc.                                                                                                
00:00:11              Normerel Systemes

system · January 8, 2022, 7:00pm

This topic was automatically closed 21 days after the last reply. New replies are no longer allowed.