We noticed strange behaviour on a Macbook Pro running OSX 10.11.6 where the routing table is populated with hundreds of host entries for every website/host that the user has accessed. If he accesses a new host you can immediately see the new routing entry. Examples of these entries below:
17.171.8.16 10.0.0.1 UGHWIi 1 3 en0
17.172.232.142 10.0.0.1 UGHWIi 2 14 en0
17.172.232.150 10.0.0.1 UGHWIi 1 3 en0
The BSD docs show that the 'W' flag is 'The route was auto-configured based upon a local area network'.
If you disable the network adapter the entries are removed. If you re-enable it then immediately about 30 routes are created and then as the user accesses the Internet it continues to populate. This happens when using a web browser, Curl, SSH etc. However the routing entry is not added when you ping the host.
Does anyone know what could be causing this or how we can troubleshoot it?
Best Answer
I discovered that these are cloned routes unique to BSD networks stacks which are displayed when you use the '-a' option to netstat. For more info see: ETutorials / Home / Networking / Integrated cisco and unix network architectures / Route Cloning