--- Log opened Sun May 20 00:00:26 2018 00:06 < fuze> djph: ok im going to do some research but if you could let me know what you think that would be awesome! 00:57 < djph> yes, but 2.4 GHz SHOULD be kept to 20 MHz. There's only three channels that don't overlap (and if you run 40 Mhz, you need two of them) 00:58 < fuze> so you think it would be best not to take advantage of the 160mhz? 00:58 < fuze> or run 4 40mhz? 01:00 < fuze> djph: is it possible to run 4 40mhz channels? 01:03 < pclov3r> Why must people talk like experts on net neutrality when they have zero clue how the Internet works? 01:03 < pclov3r> at least people here do 01:03 < pclov3r> dealt with one moron who said Tier1's are dying and no longer mater as everything is edge based now. 01:05 < fuze> pclov3r: are you from the usa? 01:05 < pclov3r> yes 01:06 < SporkWitch> TIL: i should tell all my customers to get rid of their t1's, because pclov3r said so 01:06 < SporkWitch> sorry, misread, some OTHER moron said that, apologies, mate 01:07 < pclov3r> no problem 01:07 < pclov3r> this idiot also says that somebody like Netflix should get free pipes pretty much because consumers buy upload and download bandwidth at the consumerl evel 01:08 < fuze> would either of you be able to help with my home networking questions 01:09 < SporkWitch> pclov3r: poor phrasing, but not ENTIRELY wrong. customer's paying for one connection speed, netflix is paying for another, triple-dipping like comcast tried to pull isn't okay; everyone already got paid 01:09 < SporkWitch> fuze: If you have a question, just ask! For example: "I have a problem with ___; I'm running Debian version ___. When I try to do ___ I get the following output ___. I expected it to do ___." Don't ask if you can ask, if anyone uses it, or pick one person to ask. We're all volunteers; make it easy for us to help you. If you don't get an answer try a few hours later. 01:09 < pclov3r> SporkWitch, Of course there is ground for abuse 01:09 < pclov3r> grounds 01:10 < pclov3r> SporkWitch, i'm just shocked nobody said a dman word about the Level3 and Centry Link merger here in the US 01:10 < pclov3r> and the NN people didn't say a damn word about that one 01:10 < SporkWitch> pclov3r: where's the abuse, though? your customers (as the ISP) are paying you for access; netflix is paying for access. 01:10 < pclov3r> SporkWitch, Abuse on rates 01:11 < SporkWitch> pclov3r: because most people don't know what those companies are, let alone what a backbone provider is 01:11 < pclov3r> no they don't 01:11 < pclov3r> and it creates major issues and any time i try to explain this 01:11 < SporkWitch> pclov3r: i deal with enterprise customers exclusively, and most still don't have a clue 01:11 < pclov3r> i get called a ISP lobbyist 01:12 < SporkWitch> pclov3r: really, i'm kind of okay with consolidation on the backbones, it'll help alleviate the BS like what comcast tried to pull on netflix, but it also requires strong regulation to prevent preferential treatment. 01:13 < pclov3r> I'm not consolidation provides a lack of competition 01:13 < SporkWitch> pclov3r: it's the last mile where we either need to make it a straight-up utility or greatly increase competition 01:13 < pclov3r> yep 01:13 < pclov3r> but the same thing could happen to Tier1's 01:13 < SporkWitch> it does, but infrastructure is a natural monopoly 01:14 < pclov3r> and business will start to face the same issues 01:14 < fuze> i am looking to get a new router and am wondering if i get a tri band router with 160ghz how do i setup the bands? 01:14 < SporkWitch> fuze: read the documentation on the router 01:14 < pclov3r> SporkWitch, but than as you said nobody wants to hear how the interent works 01:15 < SporkWitch> pclov3r: honestly the best thing we could do is reinstate the rules we had after we broke up AT&T. When you make the infrastructure maintainer and the service provider separate companies you get a positive insentive for both to improve their offerings while reducing prices 01:15 < SporkWitch> *incentive 01:15 < pclov3r> YES 01:15 < pclov3r> but somehow people think that regulating them on price will solve the problem 01:16 < fuze> i dont mean the actual sets to do it i mean is there a better configuration over another. if i have the 2.4 on 20 ghz, do i setup the 5 ghz tri bands on 40/40 or 80/80? 01:16 < SporkWitch> price regulation is always dicey; as long as you prevent unfair and anticompetitive practices, one thing capitalism is _really_ good at is setting prices 01:16 < fuze> steps to do it* 01:17 < pclov3r> SporkWitch, it can't be open free will and can't be overaly bearing as well. 01:17 < SporkWitch> fuze: it's a REALLY broad question, so much so that i'm not even sure how to start googling it to try to prase out a good answer for you 01:17 < pclov3r> but people want to have polar extremes on the issue 01:17 < pclov3r> and nobody in the middle 01:18 < SporkWitch> pclov3r: well at least i'm not the only one that sees that :) but yes, less regulation is _usually_ better, but no regulation is almost invariably bad. The trick is fostering competition and setting up a balance that profit incentives align with cusumer interests 01:18 < pclov3r> fuze, You should only use a 20 Mhz channel with 2.4 Ghz and a 40 Mhz channel with 5 Ghz in a residential area. 01:18 < SporkWitch> pclov3r: it's one of the reasons google was so good for so long: their profit incentives aligned with making their customers happy and providing cool new stuff. also why their taking ideological positions is so bad: they're letting religion get in the way of profit AND consumer interest 01:19 < fuze> SporkWitch: im not sure which questions to ask since i dont really understand this yet, but i just want to know enough to setup the router. i found this: http://bestwirelessroutersnow.com/what-channel-bandwidth-should-i-use/ and i dont understand how using 40mhz channels would be better over two 80mhz channels 01:19 < pclov3r> yeah 01:19 < fuze> also wouldnt i be using 4 40mhz channels? 01:19 < SporkWitch> fuze: that's a more specific question and one much easier to help with :) 01:20 < pclov3r> fuze, wifi actually uses 20 mhz channels. If you set a 80 mhz channel for AC your actually using 4 20 mhz channels 01:20 < pclov3r> and one of them is a primary channel 01:20 < fuze> whats the advantage of lower mhz on 5g bands? 01:20 < pclov3r> lower attenuation 01:21 < SporkWitch> i should actually see if i can do a bit more with mine; crappy neighbourhood, i doubt more than one or two have something other than the horrible all-in-one the ISP bullies them into renting lol 01:21 < fuze> also does 40mhz use two 20mhz channels? 01:21 < pclov3r> path loss ratehr i should say 01:21 < pclov3r> SporkWitch, i jsut really wish people would educate themsleves on how the internet works vs being a echo chamber. 01:21 < djph> fuze: yes 01:21 < at0m> it works using magic 01:22 < djph> ^ 01:22 < fuze> why would two 40mhz channels be better over four 40mhz channels? 01:22 < pclov3r> SporkWitch, Perhaps they can't understand what a ASN is, BGP, settlement free vs transit etc. 01:22 < fuze> is 160 tri band just referring to the range of channels available and selecting the mhz is a different thing? 01:22 < pclov3r> let alone traffic policy to balance your traffic between peers 01:23 < SporkWitch> pclov3r: it's the nature of things, and as more and more things get invented it becomes less reasoanble to expect everyone to be an expert; this is another reason some regulation is good lol (ask an ancap, there shouldn't be laws about not poisoning people, let the market boycott them lol) 01:23 < at0m> it would be progress if people knew the difference between wifi and cellular data 01:23 < djph> because if *anyone* is broadcasting *anywhere* in the 160 MHz channel you're using, you have to shutup and wait for them to finish. 01:23 < pclov3r> ^^^^^ 01:23 < SporkWitch> at0m: cellular data is radio, wifi is not 01:23 < pclov3r> why 40 Mhz channel should be default for AC imo 01:24 < at0m> SporkWitch: in the sense that i can listen to cellular data and not to wifi? 01:24 < Apachez> spaces: sure it is 01:24 < djph> so 20 MHz is the most likely to work "all the time(tm)", 160 MHz is the "fastest throughput, if no one else is talking". 40 and 80 are in the middle. It's all a game of give and take. 01:24 < djph> SporkWitch: what? 01:24 < pclov3r> SporkWitch, I guess i should stop trying to waste my time with these people that want to come up with their own opinion on how the interent works 01:24 < djph> SporkWitch: it's *all* radio 01:24 < Apachez> 200MHz gets you braincancer guaranteed 01:24 < SporkWitch> at0m: no, in the sense that cellular data is protected under existing laws regarding radio broadcasts, and the rule saying you can't passively listen to open wifi effectively says "wifi isn't radio" 01:24 < Apachez> what could possibly go wrong? ;) 01:25 < SporkWitch> djph: not according to the american court system :) 01:25 < Apachez> SporkWitch: depends on which country 01:25 < pclov3r> SporkWitch, ignoring 30+ years of how it has worked 01:25 < Apachez> in most countries you are free to listen at whatever goes over the air 01:25 < djph> oh, you're talking the difference between licensed and unlicensed radio bands... 01:25 < SporkWitch> pclov3r: 100+ 01:25 < pclov3r> probably more accurate 01:25 < Apachez> but you are not allowed to broadcast on licensed radio bands 01:25 < SporkWitch> djph: no, i'm talking about that idiot that ruled non-secure wifi isn't a non-secure radio broadcast 01:25 < Apachez> and not allowed to forward whatever you picked up while listening to the eter 01:26 < djph> *facepalm* stupids are stupid 01:26 < at0m> Apachez: here you can't listen to wifi unless it's listed as public, you got invited or whatever. even on non-secured wifi. 01:26 < djph> of course it's an insecure radio broadcast 01:26 < pclov3r> SporkWitch, i guess only senior network admins in companies actually how about peering agreements etc. 01:26 < SporkWitch> djph: not anymore :) 01:26 < Apachez> at0m: then how do you join a public wifi then? 01:26 < pclov3r> entry level people will never touch it 01:26 < Apachez> and where is "here" ? 01:26 < at0m> Apachez: when it's advertised as such, like in a bar or coffeeshop 01:26 < SporkWitch> pclov3r: not gonna lie, i only understand them in concept; i've never looked at one in detail, because it isn't relevant to me, generally. 01:26 < SporkWitch> Apachez: USA 01:26 < at0m> Apachez: belgium 01:27 < Apachez> belgium is part of EU so I doubt the rules are much different from the onces in sweden 01:27 < pclov3r> SporkWitch, same here but it makes sense to me. 01:27 < Apachez> so I would say you misinterpret something 01:27 < SporkWitch> at0m: i suspect he's referring to actually CONNECTING to the AP, in which case, yes, there are already laws in the US and elsewhere that prohibit unauthorized ACCESS to a network. I was just talking about a plaintext radio broadcast and passive listening, though :) 01:28 < fuze> ty everyone 01:28 < pclov3r> SporkWitch, do you deal with Tier1's directly or no? 01:28 < at0m> SporkWitch: so passive snooping is ok. lol. suits me. 01:29 < at0m> getting late, i'm off. good eve and all! 01:29 < SporkWitch> at0m: well that's what i'm talking about. that was the braindead ruling in the US: google was passively listening to plaintext radio broadcasts, and the judge ruled that non-secure wifi doesn't count as a plaintext radio broadcast, and as such is NOT legal to passively listen to. it amounts to saying that you can shout at the top of my lungs, and everyone around has to pretend they didn't hear 01:30 < SporkWitch> pclov3r: not directly. if a customer is having connectivity issues and they have a t1 with us i'll check the logs and error counts, but once i've identified the issue i pass it off to another team who deals more directly with the carrier 01:31 < pclov3r> ah 01:31 < Apachez> SporkWitch: murican judges are fraud 01:31 < SporkWitch> pclov3r: ironically, they're listed as NOC monitoring in the menu system, but i've had them call and ask me networking questions >_< 01:31 < SporkWitch> Apachez: sometimes you get a good one, like Alsup in the first round of oracle v google 01:31 < Apachez> wifi uses a radio transmitter 01:31 < pclov3r> "I fail to see what the problem is. The concept of a Tier1 provider is becoming irrelevant in the age of peering and edge distribution. Why does the Internet even need a "core"? More than 60% of my network's traffic is peering or CDN edge." was the dumb comment i was talking about earlier SporkWitch 01:31 < Apachez> ergo its a radio broadcast 01:31 < Apachez> ergo you are free to listen to whatever is sent on the unlicensed 2.4 and 5.0GHz bands 01:32 < SporkWitch> not anymore lol 01:32 < pclov3r> SporkWitch, it also ignores the fact that anycast CDN exists 01:32 < djph> it almost sounds like there's supposed to be something more to that ruling 01:32 < Apachez> pclov3r: because its not cheap to put down a fiber cable between EU and murica 01:32 < SporkWitch> much like coffee causes cancer (but only in california) wifi is not radio, but only in america 01:32 < Apachez> or EU and asia 01:32 < Apachez> or asia and australia 01:32 < Apachez> and so on 01:32 < pclov3r> yep it's not 01:32 < Apachez> so in my opinion those who move traffic across continents are tier1 01:33 < Apachez> tier2 within continents 01:33 < Apachez> tier3 within countries 01:33 < Apachez> and so on 01:33 < pclov3r> it's not set in stone and can be subjective of course 01:34 < SporkWitch> software patents depend on similar insanity. no BS, in terms of US law, when you run a program on a general purpose computer, that general purpose computer becomes a completely new PHYSICAL invention, and it's THAT that the patent is on (the same ruling said software itself can't be patented, which is correct, because it's math, which can't be patented) 01:34 < pclov3r> IMO a Tier1 is somebody who can get data form one end point to another without having to rely on somebody else 01:34 < djph> SporkWitch: I mean, like, it almost seems like the judge is trying to avoid the implication that it's legal to "listen to(tm)" wifi transmission in general (because let's face it, SOMEWHERE down the road, some breach would happen with some basic "sniff the air" attack and they ... ) 01:34 < Apachez> which part of "in my opinion" was it you didnt understand? ;) 01:34 < pclov3r> i missed that sorry :) 01:34 < Apachez> SporkWitch: but running pirated software on a computer means its not a computer any longer 01:34 < pclov3r> Tier2 is somebody like Comcast but they do own a Tier1 network so it makes it tricky. 01:34 < Apachez> so you are not breaking any laws by running pirated software ;) 01:34 < pclov3r> how to define somebody like that 01:35 < Apachez> pclov3r: telia company is another example 01:35 < Apachez> they co own some ocean links 01:35 < SporkWitch> djph: as i've said in the past, the issue isn't making it illegal, the issue is HOW they did it. There's an explicit legal exception for cordless phones, because it was determined that phones had a reasonable expectation of privacy, but their use of plaintext radio meant that, legally, anyone could listen in. 01:35 < djph> yeh 01:35 < SporkWitch> djph: rather than make an absurd ruling that said cordless phones aren't radio, laws were passed to create an exception 01:35 < djph> it's all a mess 01:36 < Apachez> but in short tier1 should be an isp where a single AS is used both at site A at continent X and site B at continent Y 01:36 < Apachez> so you never change AS along the road 01:36 < SporkWitch> djph: if we INSIST that non-secure wifi not be listened to, then it needs to be done through law, not through a nonsensical court ruling that has wider consequences. because again, the effect of this ruling is to overturn centuries of law stating that non-secure broadcasts are not private 01:36 < Apachez> tricky part here is "so what about if you tunnel the traffic through he.net?" 01:36 < SporkWitch> *over a century 01:36 < pclov3r> Apachez, can't they use multiple ASNs in some cases? 01:36 < Apachez> this way I can expose a single AS towards my customers 01:36 < pclov3r> but they are the same network 01:36 < Apachez> even if I dont even own the fiber outside the building 01:37 < Apachez> so techincally the packets remains within the same AS 01:37 < pclov3r> yeah 01:37 < Apachez> even if I outside the tunnel uses other ASes 01:37 < SporkWitch> djph: that said, i still wouldn't support it, because the very nature of a non-secure AP precludes a reasonable expectation of privacy. you connect without doing anything but clicking on it in a list, the initial setup warns you about it, and modern operating systems all warn you when you connect. at no level do you have a reasonable expectation of privacy on non-secure wifi, and as such, no 01:37 < spaces> catphish it can be but the max will allways be wirespeed 01:37 < SporkWitch> protection should be afforded to stop people simply listening passively 01:38 < spaces> catphish depends on your backend if it's doing distributing and such, not een HA 01:38 < spaces> even 01:40 < SporkWitch> djph: hell, under the current ruling i might even argue that a radio station has the right to go after people for listening to it; if i, as the broadcaster, say "if your name is not joe smith, change the channel now" i'd have done MORE than the "victims" in that google case, and it's still every bit the same open broadcast as non-secure 802.11 01:41 < SporkWitch> djph: (it probably wouldn't hold up, because even though it's logically consistent with the ruling, the ruling wasn't based on logic, but the judge's personal feelings) 01:41 < pclov3r> SporkWitch, i should probably stop going on but I'm sure Netflix would love settlement free peering as they see fit. That would free them of alot of cost. 01:42 < SporkWitch> pclov3r: it's hard for me to feel bad for the ISP in those scenarios; their margins are enormous, they overprovision like crazy, they don't give you anywhere near what they advertise, and realistically, their customers are paying for netflix when they pay their ISP, it's one of the main things they're interested in, and at the end of the day, it shouldn't matter where it's coming from. your 01:43 < SporkWitch> customers are requesting more traffic from peer A? how is that netflix's problem? netflix is paying their bills, a third party (comcast) shouldn't be able to try to bill netflix extra, it's something they need to deal with their direct peer on, who is probably already paying them too 01:44 < SporkWitch> pclov3r: i'd also argue something along the lines of requester-pays, just due to the nature of the relationship. netflix isn't a mass marketer sending out a bunch of cold calls or asking to send people stuff; people request they send them stuff 01:45 < pclov3r> i think what stated this entire debate 01:45 < pclov3r> tho historically it's worked that each side pays for the pipe 01:46 < pclov3r> SporkWitch, i think what started the debate is Netflix had settlement free peering that got congested in light of the NN issues. 01:48 < Apachez> funny how once you get big enough you get settlement free peering 01:48 < Apachez> but if you are a smaller player you have to pay all sort of snakeoil prices 01:48 < pclov3r> lol yeah 01:49 < spaces> pclov3r netflix will never do free peering, or at least not to everyone 01:49 < SporkWitch> i've said it before: the natural end state of a true free market is monopoly; it's only regulation that can prevent it. (and before some ancap flips out, that doesn't mean that bad regulation can't create monopolies too) 01:50 < pclov3r> IMO net neutrality simple needs to be no ISP can block services for anti-completive reasons or block websites and demand extra payment like YouTube for example. 01:51 < pclov3r> as for peering i have no idea how you'd do that 01:52 < pclov3r> spaces, afik nobody will do settlement free until you get to at least a 60/40 traffic split. 01:52 < SporkWitch> pclov3r: so it's okay to throttle them and set up fast lanes? 01:52 < pclov3r> i should have added that as well 01:52 < spaces> pclov3r indeed or you need to buy openpeering ;) 01:52 < pclov3r> fast and lanes and throttling is going to be a heated debate with peering 01:52 < spaces> or some IX, but still then on an IX can you rout to an AS but if someone does not route back... 01:53 < SporkWitch> not so heated if we go back to the post-AT&T-breakup rules :) 01:53 < pclov3r> that seriously needs to happen 01:53 < pclov3r> when the broke up at&t and CELC could occur things where much better 01:54 < pclov3r> CLEC rather 01:54 < pclov3r> SporkWitch, i figure ISPs could claim we don't throttle yet we have badly congested peering points for all services verizon *cough*cough* 01:55 < SporkWitch> it just happens the congestion is intentional lol 01:55 < pclov3r> as you said we need last mile competition 01:55 < pclov3r> but it seems nobody wants to address that 01:55 < SporkWitch> my current ISP is great :) i get 99.9% of advertised, and they don't give a shit what i do :) 01:56 < pclov3r> i use Comcast here since again they are the monopoly here 01:56 < SporkWitch> last mile competition is hard because it requires cables in the ground; only so much room 01:56 < pclov3r> it works most of the time 01:56 < pclov3r> SporkWitch, it doesn't help matters when cities are allowed to sign contracts to block competition 01:56 < djph> SporkWitch: definitely. 01:57 < pclov3r> If you wanted to go to some city and start a ISP you'll likely get rejected 01:57 < SporkWitch> pclov3r: it was a way to get buildout early; such agreements haven't existing in 20+ years, if not longer 01:57 < pclov3r> even if you front the cost 01:57 < pclov3r> they do in the US 01:57 < SporkWitch> i'm talking about the US 01:57 < djph> SporkWitch: who you runnin' with? Someone smalltime in the midwest? 01:58 < SporkWitch> djph: https://www.greenlightnetworks.com/ 01:58 < pclov3r> those contracts exist in the US 01:58 < SporkWitch> pclov3r: 30 years ago 01:58 < djph> that's up fingerlakes way, isn't it? 01:59 < SporkWitch> pclov3r: what you may be thinking of is cases like south carolina, where the ISPs forced through a bill that said the city could use taxpayer money to build infrastructure, but they had to sell them access at cost 01:59 < SporkWitch> pclov3r: needless to say, the initiative died before it started, because the whole point was getting away from the ISPs that were fucking everyone 01:59 < SporkWitch> djph: yup 01:59 < pclov3r> it was stupid 02:00 < djph> beautiful country thataway, I hear 02:00 < pclov3r> here they have a franchise agreement with Comcast 02:00 < SporkWitch> djph: college area, there's a relatively high degree of stupid these days 02:01 < pclov3r> SporkWitch, but for the ISPs that actually want to provide a competitive service they will get a black lash from NIMYBs and months of approvals and delays instead of greenlighting it. 02:01 < pclov3r> that occured here 02:01 < pclov3r> a local ISP working on FTTH but they had to go though months of red tape 02:01 < spaces> I like it, monday a day off :) 02:01 < pclov3r> even tho they a fully footing the bill now 02:02 < SporkWitch> pclov3r: that has nothing to do with an ongoing exclusivity deal and everything to do with limited room, disruption from construction, etc., combined with legal bribery 02:02 < pclov3r> yeah there is that too. IMO they need to cut the red tape and let people do it. 02:03 < pclov3r> and not take years to approve it 02:03 < pclov3r> there is at&t here as well. Funny part is when the local ISP is doing this at&t is now starting to deploy fiber too 02:04 < SporkWitch> and then you have chaos; have you seen pictures from the industrial revolution? the cables EVERYWHERE? 02:04 < pclov3r> SporkWitch, of course like everything there is reason 02:05 < spaces> no-one a day off monday ? 02:05 < Apachez> you want a reason? 02:05 < Apachez> YOU CANT HANDLE THE REASON! 02:05 < spaces> Apachez no-one can handle you 02:05 < SporkWitch> no there isn't, not without regulation; you can't have it both ways. Either there's red tape and permits, or you get to reenact those knots of cables from the industrial revolution 02:05 < dogbert2> bwhahaha 02:05 * Apachez pets himself and sings soft kitty... 02:06 < spaces> dogbert2 heh you only pickup the good jokes today :P 02:06 < Apachez> pclov3r: you gave me a small boner when you mentioned CELC 02:06 < Apachez> but that faded fast when you corrected yourself into CLEC 02:06 < SporkWitch> spoiler: his boners are always small; you can guess why ;) 02:06 < spaces> Apachez keep that information for yourself, you are in a BigMansClub here ;) 02:06 < pclov3r> SporkWitch, IMO redtape defines excessive regulations that makes impossible for anybody to do something about it. 02:07 < pclov3r> when it takes forever to get anything done 02:07 < dogbert2> this NAS is pretty good, though the built in backup solution from PC to NAS definitely sucks ass 02:07 < Apachez> spaces: is everything food too you? 02:07 < pclov3r> and it becomes so costly you say forget about it 02:07 < SporkWitch> pclov3r: then we don't have redtape, by your definition; what we do have are legal bribes and ways to intentionally slow things down 02:07 < Apachez> BigMacsClub wtf? 02:07 * spaces spreads the news, Apachez admitted he has a tiny one :P 02:07 < Apachez> if you pull the bluetape everything continues as before 02:07 < Apachez> if you pull the redtape all hell breaks lose 02:07 < SporkWitch> in any case, it's beer oclock; o/ 02:07 < pclov3r> SporkWitch, depends how you look at it but there is both imo 02:07 < Apachez> loose 02:07 < Apachez> moose 02:08 < spaces> Apachez I don't see your boner as food, sorry for you mate, find someone else ;) 02:08 < Apachez> spaces: everything is relative.... 02:08 < spaces> Apachez indeed ;) 02:08 < pclov3r> SporkWitch, perhaps as you said perhaps re-instating the rules after the at&T breakup is the best way to deal with it. 02:11 < spaces> Apachez we can forget what you earlier said about your little mate because of the GDPR ;) just ask 02:11 < pclov3r> SporkWitch, when it comes to red tape IMO there is a reasonable regulations that make sense and can be done quickly vs being overly bureaucratic and having to go though multiple agencies for approval and taking forever. Perhaps as you said this has to do more with legal bribery. 02:12 < pclov3r> lol nice phishing email english "We discover bill payment been send out of your account, we current suspend all access to your account, we current suspend all pending or schedule transaction you authorized or not been authorized" 02:12 < spaces> pclov3r do I need to change that line you think ? 02:13 < pclov3r> lmao 02:13 < spaces> it was actually generated onto your IQ :P 02:13 < spaces> based onto 02:13 < spaces> or i have old NSA info 02:13 < pclov3r> wonder if it's botched google translate 02:14 < Apachez> spaces: so thats what you call your penis? "your little mate"? 02:14 < pclov3r> lmfao 02:14 < Apachez> its ok... 02:14 < Apachez> nothing to be ashamed of... 02:15 < Apachez> https://i.redd.it/4pybdxldx1yy.jpg 02:15 < spaces> Apachez no my big friend 02:15 < spaces> Apachez I only like huge friendships 02:16 < spaces> I can only sleep for 3 hours :S 03:50 < blurry_light> anyone use CloudFlare's DNS server? 1.1.1.1 03:50 < blurry_light> is it any good? 03:52 < tds> blurry_light: the numbers I've seen generally show pretty low latency, so it sounds good to me 03:52 < tds> personally I'd say to run your own recursive resolver rather than using one provided by some company, but that's just me 03:58 < redrabbit> i use it 03:59 < nomercy777[m]> What's so special about that DNS server? 04:00 < blurry_light> its speed, seemingly 04:00 < varesa> new and shiny 04:00 < varesa> and according to them, faster 04:01 < blurry_light> well, that's why I said seemingly 04:01 < blurry_light> it's why I came here to ask if, indeed, it's worth it 04:02 < varesa> I wonder if you can notice any difference between any of the decent ones 04:02 < varesa> like sure one might be 5ms faster than the other... 04:03 < varesa> apparently for me 1.1.1.1 takes ~5ms while 8.8.8.8 for instance takes around 50ms 04:04 < varesa> but still, not that those milliseconds matter that much 04:04 < blurry_light> interesting... that's actually a whole order of magnitude, though i'm not sure if that's something we can readily notice as humans 04:05 * varesa runs his own resolver and gets "0ms" resolution times for repeated requests 04:07 < varesa> the only way those milliseconds would be meaningful would be if an application did lots of requests in series 04:07 < varesa> like that 45ms difference x 20 is 0.9 seconds of waiting 04:08 < tds> I get "0ms" to cloudflare's resolver according to dig, but I suspect that querying from a box peered with them is cheating ;) 04:08 < varesa> but I'm fairly certain that anything that deals with loading lots of resources does so in parallel or somewhat pipelined 04:08 < blurry_light> tds, lol, yeah 04:09 * varesa logs into resolver and runs dig 04:09 < varesa> now that's cheating ;) 04:10 < tds> some of the security features in cloudflare's resolver sound neat though (eg dns over tls), assuming you trust cloudflare 04:13 < varesa> cloudflare gets half your internet traffic anyway :) 04:13 < varesa> well maybe not half but I'd imagine some significant amount anyway 04:19 < varesa> at some point I was thinking about DIYing a GPS-NTP clock just for fun 04:20 < varesa> but I kinda lost motivation when I noticed that I had sub-millisecond latencies to the local university NTP servers which IIRC were reporting as stratum 1 04:32 < Falkaofalk> Hello all, I have the following problem: Running latest CentOS with Apache. Then, I have got a domain, which points to my routers external IP. Inside the router I forwarded ports 80 and 443 to the locals server IP and added firewall exceptions on the Server. I also included the dns servers of the domain provider to the servers DNS's. I can access the server via the domain from inside my local network, but not from outside. Would appreciciate any 04:32 < Falkaofalk> help/ideas. Btw I am really new to networking and Linux so I might just have done some stupid mistake. Thank you in advance :) 04:34 < varesa> Falkaofalk: what is the external IP? (at least two or three first octets) 04:34 < Falkaofalk> 95.157.27 04:34 < spaces> cloudflare.. just create your own CDN, it's simple as f*ck 04:35 < nomercy777[m]> Do tell 04:36 < varesa> Falkaofalk: does the hostname resolve to the IP externally? E.g. if you run `dig yourhost.name @8.8.8.8` 04:36 < spaces> his full IP is 95.157.27.26 ;) 04:37 < spaces> Falkaofalk the port does not seem to be open/forwarded right ? 04:37 < Falkaofalk> yeah something seems broken 04:37 < spaces> have you set as outer port 80 and 44 as well ? keep them empty 04:37 < spaces> 443 04:37 < varesa> I doubt the issue is on the server if it works from the internal network 04:38 < spaces> varesa I think he bounded outer ports to 443 and 80 as well. 04:38 < Falkaofalk> lemme check the dig command real quick. 04:38 < varesa> and if it is using the external IP from the internal network as well then the router should have at least somewhat functional NAT configuration as well 04:38 < spaces> you never know where a client comes from 04:38 < Falkaofalk> no, i forwarded 80 tp 80 and 443 to 443 04:39 < spaces> Falkaofalk screenshot please 04:39 < varesa> Falkaofalk: if that was your IP above (.27.26) then the dig part should be irrelevant 04:39 < Falkaofalk> screenshot of router port forwarding? 04:39 < spaces> yes 04:39 < varesa> there's source port, destination port and translation port. Should be any,80,80 and any,443,443 04:40 < spaces> indeed, you never know the source 04:40 < varesa> but the fact that it works internally makes me wonder if the ISP blocks the ports 04:40 < spaces> varesa likes to come from 666 for an examples 04:40 < spaces> varesa these days ? 04:41 < varesa> I wouldn't be too surprised 04:42 < Falkaofalk> well yeah the issue is that my router has a shit interface... 04:42 < Falkaofalk> https://ibb.co/e7JCO8 04:42 < Falkaofalk> might be a setup issue aswell 04:42 < spaces> and now firewall 04:43 < spaces> looks good there 04:43 < spaces> oh ! 04:43 < spaces> can you try to let the external IP on 0.0.0.0 ? 04:43 < Falkaofalk> will try that sure 04:45 < Falkaofalk> https://ibb.co/kRVbi8 04:45 < Falkaofalk> firewall settings 04:45 < spaces> Falkaofalk FW of your router ;) 04:45 < Falkaofalk> oh ^^ 04:46 < Falkaofalk> says no ports restricted 04:46 < spaces> huh ? all open ? I doubt it 04:46 < spaces> what brand ? 04:46 < Falkaofalk> https://ibb.co/m4rowT 04:46 < varesa> you could also try an external port of lets say >5000 04:46 < Falkaofalk> brand is technicolor i really hate it. 04:47 < Falkaofalk> probably will grab a new one 04:48 < spaces> yes or varesa his satan port, he likes it :P 04:48 < Falkaofalk> cannot set 0.0.0.0 as external ip 04:49 < spaces> ok 04:49 < Falkaofalk> did you mean adding a port forward to a different port? 04:49 < spaces> I wonder if it does auto FW allow on NAT 04:49 < Falkaofalk> sorry, im really new to this 04:50 < varesa> Falkaofalk: yeah 04:50 < Falkaofalk> I already experienced issues with NAT regarding my router in online games 04:50 < varesa> test if ISP block <1024 or common ports like 80/443 or something 04:51 < Falkaofalk> so both internal and external ports f.e. 5555 or should external port forward to 80? 04:52 < varesa> 5555 -> 80 for example 04:53 < Falkaofalk> 5555 -> 5555 works but 5555 to 80 dosent 04:53 < varesa> works? how? 04:53 < Falkaofalk> well i can create the forward 04:54 < varesa> ah 04:54 < Falkaofalk> but the router dosent accept 5555 -> 80 apperantly 04:54 < varesa> it doesn't let you add 95.157.27.26:5555-5555 -> 192.168.0.14:80-80? 04:55 < Falkaofalk> yep 04:55 < Falkaofalk> oh wait 04:55 < Falkaofalk> i tried internal port 5555... 04:56 < Falkaofalk> and i think my router just crashed 04:56 < varesa> lol 04:56 < varesa> sounds like an amazing piece of tech :) 04:57 < Falkaofalk> 95.157.27.26:5555-5555 -> 192.168.0.14:80-80 04:57 < Falkaofalk> works 04:57 < varesa> doesn't seem to really work though 04:57 < Falkaofalk> yeah 04:58 < Falkaofalk> sorry meant I could add the forward 04:58 < Falkaofalk> cannot access the server tho 04:58 < varesa> I figured 04:58 < Falkaofalk> so it may have to do with the NAT of the router? 04:59 < varesa> possibly 05:02 < ash_mobile> So, I started setting up vms to test network configurations using virtualbox. There are some elaborate things you can configure, but vbox is not the most shareable thing. So I turned to vagrant, since you can source control a vagrantfile, but this doesn't use all the features available to vbox. Is there anything you all use in particular? 05:06 < varesa> I use libvirt(KVM) via virsh/virt-manager 05:06 < varesa> with or without openvswitch for networking 05:07 < Falkaofalk> varesa: I also got a "Port Triggers" page in my router setting which seems to be similar to port forwarding 05:07 < Falkaofalk> https://ibb.co/kA98wT 05:09 < Falkaofalk> i like the typo in the description of the function. such a high quality device ^^ 05:16 < ash_mobile> varesa can you source control the configuration using libvirt? 05:18 < varesa> ash_mobile: it is stored as an XML you can export do whatever you want with 05:19 < tds> varesa: out of interest, how is the openvswitch integration with libvirt? I'm using proxmox at the moment which makes it easy to give VMs interfaces on specific VLANs (or with a group of tagged VLANs), is there something similar with libvirt? 05:20 < varesa> you can move VMs between machines by running `virsh dumpxml yourvm > yourvm.xml` on one host and `virsh define yourvm.xml` on another, assuming that you either copied the disk image as well, the hosts have shared storage or it doesn't need one 05:22 < varesa> tds: here is the XML config of one of the "networks" defined on one of my libvirt boxes: https://paste.esav.fi/ibuzajonam.xml 05:23 < varesa> then I can assign VM interfaces e.g. network=intnet, portgroup=vlan-trunk 05:23 < tds> ah, that's exactly what I was hoping for, thanks :) 05:24 < varesa> Falkaofalk: trying to figure out what those *actually* do is too much to do at 6AM :p 05:24 < Falkaofalk> varesa: yeah dont worry about it ^^ 05:26 < varesa> on the other hand it is nice to have something to think/chat about as this shift has been dead quiet 05:27 < Falkaofalk> I figured that i got a modem router combination. Since I would like to replace it with a better one, can you (or anyone else) recommend such a combo? 05:27 < Falkaofalk> Oh you are at work? :O 05:29 < varesa> Falkaofalk: what modem? DSL? Cable/DOCSIS? 05:29 < varesa> and yes, at work monitoring stuff 05:30 < Falkaofalk> well its a 2 in 1 unit. let me see if I can find it online 05:32 < Falkaofalk> its a cable modem form what i can tell 05:32 < Falkaofalk> Technicolor TC7200.20 05:33 < Falkaofalk> but cannot find any english manuals for it... 05:33 < varesa> yeah, looks like some cable DOCSIS stuff 05:33 < Falkaofalk> i think that says enough ^-^ 05:33 < varesa> I've never had cable so can't comment much. I've heard Surfboards mentioned a lot but that's all I can say 05:35 < Falkaofalk> Thanks for the hint. I will look into it. I might aswell just call my ISP and ask them about how to access a local machiene 05:42 < Ashstar> I need to hook up with someone w good business writing abilities 05:43 < Ashstar> I mean good prospectuses 05:43 * varesa leaves to wander the isles of the datacenter below him 05:44 < Falkaofalk> In the networking channel? What exactly do you mean 05:44 < Ashstar> business plans, with track records ie- Elance 05:44 < Ashstar> I know 05:44 < Ashstar> networking bout the closest thing listed on irc freenode 05:45 < Ashstar> need some business minded writers 05:58 < SynfulAck> which is the correct network statement to include all of the 172.16 private address space, 172.16.0.0 255.240.0.0 or 172.31.0.0 255.240.0.0? 05:59 < spaces> Falkaofalk fixed ? I was devving, sorry 05:59 < varesa> 172.16.0.0 something 05:59 < SynfulAck> Thats what i thought but i got it written differently in my vlan 06:00 < Falkaofalk> not yet unfortunately. Router seems set up correctly but it still does not work 06:00 < Falkaofalk> might still have to do with some configuration of the server or my router having issues with NAT 06:01 < spaces> hell inplementing Google services is a LOT of work! 06:30 < skyroveRR> Morning, folks. 08:43 < cluelessperson> So i'm setting up my firewall generally for my network, but I'd like to allow all my debian server subnet access to ftp.us.debian.org or similar IPs 08:44 < cluelessperson> how do I get the range they typically use? 08:44 < cluelessperson> just use dig? 08:45 < detha> you make a script that runs every couple of hours, runs dig +short, and puts those addresses in an ipset. 08:45 < skyroveRR> :) 08:46 < at0m> cluelessperson: you can set up apt-cacher-ng that has access to these sites. and students can access the acng proxy. 08:46 < at0m> cluelessperson: that would be much more efficient bandwidth-wise, too 08:47 < cluelessperson> at0m: hmm, I actually happen to have an aptcache machine setup. :) 08:47 < at0m> cluelessperson: voila :) 08:47 < at0m> cluelessperson: then you know how you can cache for other repo's too, etc 08:48 < at0m> server subnet? how did i come to make students of that? lol. more coffee. 08:52 < cluelessperson> at0m: debian preseeding is a pain in the ass unfortunately. 08:53 < detha> there is something call apt-mirror 08:53 < detha> *called 08:54 < linux_probe> FAP mirror 08:57 < at0m> cluelessperson: /msg dpkg preseeding if you haven't yet. and, probably, #debian can help out 09:04 < cluelessperson> at0m: thanks for the help 09:05 < at0m> you're welcome 09:12 < cluelessperson> at0m: thanks for the idea. Now I can completely block all port on those servers except for what they specifically need out :D 09:13 < skyroveRR> :) 09:13 < skyroveRR> Don't lock yourself out, though. 09:14 < cluelessperson> skyroveRR: already done. :D 09:14 < cluelessperson> IPv4 and IPv6 09:15 < linux_probe> lololol 09:17 < cluelessperson> linux_probe: what's funny? 09:18 < linux_probe> Don't lock yourself out, though. 09:18 < linux_probe> skyroveRR: already done. :D 09:18 < linux_probe> nough said 09:22 < very_sneaky> hi all, I've got a question regarding error control at the data link and transport layers. I understand that error control serves different purposes for each of these layers, but what I'm not clear on is whether they use/prioritise different methods. Can anybody shed some light on this for me? Cheers 09:22 < very_sneaky> From what I've been able to find in my research so far they seem to use the same methods 09:27 < LeelooMinai> I am looking for humans. I need help. 09:27 < LeelooMinai> I see 1217 nicks. Is any of those a human? 09:28 < LeelooMinai> I am not a troll. This is a serious question. 09:29 < LeelooMinai> I cannot see humans here. I am so alone. 09:30 < LeelooMinai> I will seek until I can find one. 09:42 < detha> very_sneaky: all error detection/error correction is basically 'make your data redundant'. Parity bits do that at the octet level, checksums/CRCs at frame or packet level. Depending on what you can do when you detect an error, and on if you are more worried about single-bit or burst errors, you use one or the other 09:43 < linux_probe> redundancy LOOOOL 09:45 < very_sneaky> detha: so those are the detection and correction techniques (i think i'm delineating correctly here), what I'm more interested in is the ARQs - Stop and Wait, Go-Back-N and Selective Reject. are these all implemented by the transport and data link layers? 09:46 < very_sneaky> my understanding is that this is "error control" - what to do when errors have been detected. happy to be corrected though, i'm literally just learning about this 09:47 < detha> Each layer can implement error detection. There is also L7 error detection (like CRCs in .zip files). 09:49 < detha> Mostly it's semantics, but split it into 'error dectection' and 'error correction'. Detection: you know it's wrong, but you tell the layer above you 'something went wrong, dunno'. Error correction: you see it's wrong, and you deal with it within the layer (NAK, selective ACKs, etc) 09:50 < detha> (or for FECs: you see it's wrong, and you can reconstruct the right thing from the extra bits) 09:50 < very_sneaky> yeah alright. so to confirm, any of these techniques is as applicable to any layer as another, depending on the specific application? 09:51 < detha> yes 09:51 < very_sneaky> excellent, thanks for the help mate :) 09:53 < cluelessperson> So all, Unifi responded to my bug reports and apparently put out a fix for the firewall resetting stuff. :D 09:54 < linux_probe> if it waas that fscked, of course they woukd 09:54 < linux_probe> show us the bug report and results 09:55 * linux_probe feels not bad about calling out swiss-cheese bulshit CPU's, bios/UEFI 09:55 < linux_probe> :)))) 09:55 < linux_probe> aka government backdoor 09:56 < linux_probe> fucking the govt andf foreing govts isnt the intended, helping to unfuck common sheeple is 10:13 < system16> Hi. im trying to block a url. my modem has this feature : url filtering . but when i cp this https://www.google.com/search?q=potato+mashed&rlz=1C1CHBF_enIR765IR765&oq=potato+mashed&aqs=chrome..69i57j0l5.4481j0j7&sourceid=chrome&ie=UTF-8 it says Url address must be less than 128 characters 10:13 < system16> btw that link was an example 10:15 < system16> should i use bit.ly ? 10:17 < system16> ? 10:18 < at0m> system16: why not just clean up that link and do away with the aqs, sourceid etc 10:18 < system16> what ? 10:19 < at0m> system16: https://www.google.com/search?q=potato+mashed takes you to the same page. 10:19 < system16> oh 10:19 < system16> let me try that 10:20 < system16> what about the port ? (default is 80) 10:23 < system16> wow this modem is junk. i cant remove the url it says : unable to remove . 10:31 < system16> now i cant delete it . wtf 10:37 < Jmabsd> a question, you know QSFP+ ethernet, is that actually *FOUR SEPARATE* ethernet connections? 10:37 < Jmabsd> so you could use FOUR PORTS on ONE SFP+ (10gbps) hub.. or not? 10:37 < Jmabsd> are there one or four MAC:s here :) 10:43 < cluelessperson> https://hastebin.com/raw/hiquzihiki 10:44 < cluelessperson> can someone tell me how I can maybe know what these ip addresses would be in advance? 10:44 < cluelessperson> youtube's ip range 10:53 < horse> morning all 10:54 < cluelessperson> horse: hi horse 10:54 < horse> cluelessperson: hi! 10:54 < cluelessperson> sup 11:05 < Jmabsd> are there any office or home use, silent, QSFP+ (40gbps) switches around today? 11:11 < ejr> hi. i am trying to copy files via scp over a network that seems not to allow scp. is there a way to circumvent that? 11:11 < skyroveRR> ejr: nope. 11:11 < ejr> ok. 11:38 < horse> Jmabsd: dont think so. why do you need a 40GBps switch for home use? 11:39 < horse> ejr is port 22 blocked? 11:46 < dminuoso> horse: Why wouldn't you want a 40GiB/s switch at home? 11:46 < horse> dminuoso: because it's probably pointless and your not gonna get anywhere near 40Gbps from most stuff you'd do at home 11:49 < horse> i can't really think of a reason why you'd need that bandwidth on a home network anyway. 11:49 < dminuoso> Jmabsd: At any rate. Ditch the silence requirement and just put it into another room? 11:49 < Apachez> horse: why not? 11:49 < detha> horse: /r/homelab would probably disagree 11:49 < dminuoso> horse: That's not really helpful. 11:49 < Apachez> why wouldnt you need 40G at home? 11:50 < horse> why would you? 11:50 < dminuoso> horse: Just because _you_ dont have a use case, doesn't mean someone else has some legit use case. Whether it's just toying around, or maybe he has some valid need for it. 11:50 < Stryyker> Future planning! 11:50 < horse> i can't honestly think of a reason why though? 11:50 < Stryyker> SuperDupereXtremeUHDVD 11:50 < Apachez> 40gbps is about 5 000 000 000 bytes/sec 11:51 < Apachez> so slighly below 5Gbyte/s 11:51 < horse> and what could you possibly need that for? 11:51 < dminuoso> What is rather interesting is that these speeds can usually not be handled by linux anymore. 11:51 < Apachez> when you need to move your movie backup a 4 TB drive would then take 800 seconds give or take to process 11:51 < dminuoso> (So if you have these speeds you need out-of-tree drivers) 11:51 < Apachez> so lets round it up to 15min 11:51 < Apachez> while with 10Gbps network it would take 1 hour 11:52 < Apachez> and 1Gbps it would take 10 hours 11:52 < horse> where you gonna get a 40Gbps NIC from? 11:52 < dminuoso> horse: ebay. 11:52 < horse> do they even exist? 11:52 < Apachez> "why do you need a 1Gbps switch for home use?" 11:52 < Apachez> sure 11:52 < dminuoso> horse: Yes. 11:52 < Apachez> 100 hours with 100Mbps network 11:52 < horse> what are they, fibre? 11:52 < Apachez> "why do you need a 100Mbps switch for home use?" 11:52 < Apachez> oh fair enough 11:52 < Apachez> 1000 hours with a 10Mbps network 11:53 < horse> 100Mbps is usable 11:53 < Apachez> thats like close to 42 days 11:53 < Apachez> so 15 minutes vs your 42 days 11:53 < Apachez> I know what I would choose :) 11:53 < dminuoso> horse: At any rate, they didnt necessarily imply they wanted to use this at home. 11:53 < horse> Apachez: you're making the assumption that the stuff inside the guys the PC can stream at line rate 11:53 < dminuoso> Since they asked for "office or home" 11:54 < dminuoso> I suspect they are actually looking for a silent switch. 11:54 < dminuoso> (And the only reason you'd want a silent switch is if you want that sitting in front of you, which would only happen at home or in the office) 11:55 < detha> dminuoso: maybe you want to mount it in a submarine, that has to go into 'absolute silence' to avoid detection once in a while 11:56 < dminuoso> detha: I wouldn't be surprised if military contractors posted their problems on SO, reddit and freenode.. :D 11:56 < horse> brb 11:57 < detha> dminuoso: I'm pretty sure they sometimes do. At least the 2nd or 3rd level sub-contractors 12:09 < Aleksandar86> MGMT port on DLINK switch is isolated, can I connect this port with another ports. Please look image. https://imgur.com/a/wrxbF1a 12:09 < Aleksandar86> I set IP in same subnet of Mikrotik 12:09 < Aleksandar86> I wanna access from PC 12:12 < Apachez> so horse fled the scene? 12:12 < Aleksandar86> some answer please 12:17 < Apachez> sure 12:17 < Apachez> if you set an ip on it then you can access it 12:17 < Apachez> some mgmt itnerfaces dont support default gw so you must SNAT or sit directlty on the same network as the mgmt interface 12:20 < Aleksandar86> Not working, I try... 12:20 < Aleksandar86> default ip on ethernet is 10.90.90.90 12:21 < Aleksandar86> from WEB I can set only mgmt IP 12:21 < Aleksandar86> and I set 192.168.88.250 in same subnet of Mikrotik 12:21 < Aleksandar86> but I can't access from ethernet 12:22 < Aleksandar86> only I can when I set manual ip on PC like a 10.x.x.x subnet 255.0.0.0 12:22 < Aleksandar86> on 10.90.90.90 12:23 < Aleksandar86> I can change this IP only from telnet 12:23 < Aleksandar86> Apachez, I whink you understund what I wanna :) 12:23 < Aleksandar86> *Think 12:54 < ImQ009> I've got a REALLY strange problem 12:55 < ImQ009> When trying to access certain websites, it somehow ends up redirecting me to my modem's admin interface 12:55 < ImQ009> I flushed DNS cache, even changed it to Google's DNS 12:55 < pikapika> quick eli5, if a group of persons shares a wifi (everyone one password), does it mean anyone can see anything from all devices in the wifi? 12:55 < ImQ009> It's definitely not a problem with that 12:56 < ImQ009> In the browser I can see that I keep getting 302 12:56 < pikapika> *everone knows 12:56 < ImQ009> What could be up with that? 13:00 < varesa> ImQ009: some routers hijack traffic when they want to show you some notification like for example an firmware update 13:01 < ImQ009> Yeah, it definitely is hijacking it 13:01 < ImQ009> I'll reset it, maybe it'll hep 13:01 < ImQ009> brb 13:07 < ImQ009> Seems like resetting the thing helped 13:07 < ImQ009> At least for now 13:07 < ImQ009> I'm gonna call my ISP though. It's been causing a lot of issues lately 13:07 < ImQ009> Like, it's been constantly loosing DOCSIS at random 13:20 < pikaro> hi! for a month or so now, I sometimes get "malformed hello" SSL errors when connecting to Google websites. they always go away when reloading, so there's nothing inherently wrong, and I've never seen that behavior elsewhere (I think). happens on my linux box at home and on osx at work. I use firefox on both OSs, that's about the only commonality, but it doesn't seem like this is very common according to my searches. has 13:20 < pikaro> anyone here seen that problem and knows why this is happening? 13:23 < varesa> never seen that myself 13:23 < qman__> that type of behavior can happen if you're behind a proxy that does a man in the middle 13:25 < pikaro> well at work there's an IPS that might get in the way and at home I'm connected through PIA 13:25 < pikaro> but as I said this only started a while ago and both of those were in place long before 13:28 < zenix_2k2> i have a question, what if i have 2 scripts like this --> https://pastebin.com/epZXp6HA, so how can i detect the client's OS ? 13:28 < zenix_2k2> btw, those are python 14:04 < hey2> Currently doing 11 hour overnight shift work at a data center... was offered a change to either 6am-430pm or 1pm-1130pm, on 2 days off 2 days on 3 days off 2 days on 3 days off 2 days, repeat 14:04 < hey2> which one should I take? 14:07 < mardraum> hey2: depends on if you like early morning starts or not, and what your personal/family life is like to suit? only you can decide 14:29 < Apachez> every day is a cakeday https://twitter.com/GripenNews/status/997601298051751936 14:31 < dogbert2> hey Apachez...whazzup? 14:34 < Apachez> dogbert2: just fine, and you? 14:35 < dogbert2> oh, got some lower back pain...other than that, just ripping some DVD's 14:36 <+catphish> spaces: "the max will allways be wirespeed" that's not really. with LACP you can push far more data than one link can carry 14:37 <+catphish> spaces: the only restriction is that with most bonding (including LACP), one stream (however you define that) will only use one link 14:50 < sleepy6> what is your 2 cents on fiber optic cables? thumbs up or down? 14:52 < dogbert2> depends on if you really need fiber...long distance like in a large warehouse, it's pretty much a given, or building to building, etc 14:55 <+catphish> sleepy6: you can't "thumbs down" a fiber optic cable, they're magic, but there are certainly circumstances when they're not necessary and copper is easier / cheaper 14:58 < ben8472> just remember to deploy single mode not multimode 14:59 < ben8472> and plan ahead and buy like 6 pairs of fiber per cable not just 2, they are so thin and the price difference is not huge 14:59 < Apachez> catphish: depends on if per-flow or per-packet is being used to loaddistribute over available links 15:00 <+catphish> Apachez: indeed, LACP is always per flow afaik, but other schemes exist, linux can do round robin 15:08 < Apachez> depends on vendor 15:08 < Apachez> but yes its usually perflow 15:08 < Apachez> its time for some swedish fika https://www.youtube.com/watch?v=oRIeytEXGhQ 15:14 < Alexander-47u> hi 15:14 < Alexander-47u> can anyone tell me how a relay differs from a tunnel 15:15 < Alexander-47u> i know what a tunnel is, but cant seem to find what a relay 15:15 < Alexander-47u> is 15:16 < Alexander-47u> is that something like rinetd? 15:16 < Apachez> relay in what context? 15:16 < Apachez> a relay is something that accepts a packet and just forwards it 15:16 < Apachez> like a mailrelay accepts a mail and then forward it 15:16 < Apachez> a tunnel is when you encapsulate a packet within another packet 15:17 < Alexander-47u> for example, relay address = 0.0.0.0 and remote is 8.8.8.8 15:17 < Alexander-47u> does that mean that, packets going to 0.0.0.0 get relayed to 8.8.8.8 15:18 < Alexander-47u> ?:P 15:18 < Apachez> huh? 15:18 < Apachez> where did you see that shit? 15:21 < Alexander-47u> oke, its like I said , i tried lol 15:34 < Emperorpenguin> hey how would you call in English the fixed number portion of a DDI range? 17:03 < connorburt> Hi, I was on here the other day asking why some of my wall ports weren’t working, and I got some pictures of the switch panel (I think?); would any of you mind taking a look and giving me a better idea of what I’m looking at if I post some of the pictures? 17:13 < Drakonan> is there something in the ballpark of a pi with two ethernet interfaces? 17:13 < Drakonan> i am looking for a cheap router that would run something like pfsense 17:14 < turtle> pcengines makes stuff like that 17:14 < abdulhakeem> ubquiti ER-X? 17:14 < tds> pfsense also do some of their own arm based boxes, those might work for you? 17:14 < turtle> https://www.pcengines.ch/apu2.htm 17:15 < Drakonan> are yall familiar with the aes-ni being a requirement 17:15 < tds> oh, there's espressobin as well 17:15 < Drakonan> in the new pfsense? is that going to be a serious show stopper for someone that wants to run the newer pfsense when it comes out? 17:15 < Kingrat> aes-ni isnt required yet, supposed to be for upcoming version 2.5 17:15 < Kingrat> you do need a 64-bit x86 cpu, only arm platforms supported are the netgate devices 17:15 < tds> that's just a single gbit nic though, and then a tiny managed switch attached, as far as I can tell 17:15 < Drakonan> thats what i was wondering is that just going to be an official sticker thing or 17:16 < Drakonan> would we be able to recompile something and go ok? 17:16 < Kingrat> and by upcoming i mean its probably another couple of years out with how quickly they release 17:17 < Drakonan> is there no way to hack support for arm? 17:18 < Drakonan> i was kind of even wondering about trying to vlan a single pi interface or something 17:18 < Drakonan> my internet at home is only 20mb down 2 up so 17:18 < Kingrat> i wouldnt attempt to build pfsense 17:18 < Drakonan> dont need anything super amazing 17:19 < tds> that would probably work fine on a pi, the 3b+ has better network bandwidth as well 17:21 < compdoc> aes-ni is good to have if youre going to set up encrypted vpns, like ipsec 17:21 < tds> making it a requirement seems odd to be, I'll be interested to see what they add to justify it 17:22 < compdoc> I doubt a pi would be a good choice if you have a fast connection 17:22 < Drakonan> yeah i was really surprised when i was looking at my gaming pc granted its old as dirt now but i can still run what i need lol full graphics eve full graphics but router? nope... 17:22 < Drakonan> i7-920 doesn't have aes-ni 17:22 < Drakonan> quad core cpu 6gb ram yeah not a lot, apparently not good enough for a router 17:23 < tds> if you're reusing old hardware like that, it's also worth keeping in mind power usage 17:23 < Drakonan> well im using it as my gaming rig hoping to wait out the ddr4 crash that has to happen at some point (please) 17:23 < Drakonan> but even power is that for real lets see it cant be 50-100 a year? 17:24 < Drakonan> i used to have a kill a watt around here somewhere 17:28 < Drakonan> well surprisingly... apparently that's 115 - 230 a year 17:28 < Drakonan> idle -> max 17:29 < Drakonan> that'll pay for the special purpose router in the first year 18:00 < longxia> is port knocking in order to make ports accessible a common practice, for example to hide management ports, or do network admins have better ways to guard against remote attacks? 18:00 < qman__> No, it's pretty atypical 18:01 < qman__> Using sane protocols, current TLS, and a reasonable firewall is generally enough 18:02 < qman__> You can add things like fail2ban or rate limiting rules 18:02 < GenteelBen> Port knocking is the next level of paranoia. 18:02 < GenteelBen> You wouldn't expose management services over the WAN anyway. 18:02 < tds> for management stuff though, I'd just say toput it on an isolated network, get to it via a vpn/jumpbox/whatever 18:03 < qman__> Yep 18:03 < GenteelBen> Well, you shouldn't - plenty of companies allow their staff to directly connect to their router management interfaces over the WAN. 18:03 < qman__> Use SSH or VPN for external access and hop from there to tge management interfaces 18:03 < longxia> but if i remember correctly, there was a sshd vulnarability some years ago which allowed access by spamming "keyboard" access method by the client. Things like that. 18:04 < GenteelBen> tds, even then, in practice lots of companies have any/any rules between VLANs due to not having any brain cells or an ability to test/define which traffic to allow. 18:04 < GenteelBen> The dreaded Cisco ASA any/any rule. 18:04 < qman__> That's why you patch your shit 18:04 < GenteelBen> lol yeah if you have Smart Net. 18:05 < qman__> No system is perfect 18:05 < GenteelBen> Cisco are uniquely cuntish for not giving people security fixes unless they subscribe. 18:05 < GenteelBen> They can literally ship you a defective product 18:05 < GenteelBen> And if you/they discover the defect 1 second after your initial warranty, you're out of luck. 18:05 < qman__> I was referring to the sshd comment, but yes 18:05 < GenteelBen> MS get a lot of shit, but they push out security fixes for their OSes for 10+ years. 18:06 < GenteelBen> For free... 18:06 < GenteelBen> And it's a much harder job for MS given the hardware/software permutations they have to support. 18:06 < longxia> GenteelBen: agreed 18:06 < GenteelBen> tl;dr: many switches and routers remain unpatched due to expired support contracts. 18:06 < GenteelBen> At least Cisco, unknowingly, make IOS image piracy really easy. 18:07 < GenteelBen> Log into Cisco.com, browse to the image downloads section, find your device, copy and paste the file name (which they list) into Google, download that image from a random FTP server, and check against the hash which Cisco.com also provide you. 18:07 < GenteelBen> That's how I built my virtual lab. 18:07 < qman__> yep, which is why you don't expose that stuff to the internet 18:08 < GenteelBen> Depends on the size of the company - you'd expect a bigger org to have beefy threat detection/prevention protections in place. 18:08 < qman__> if nothing else, the interney facing gear needs to be patched 18:08 < GenteelBen> For a smaller org? Yeah, I'd expose the single interface to the interwebs with no management services, just VPN. 18:09 < qman__> I've got old, unpatchable gear, but it's zoned off 18:09 < GenteelBen> Lots of shit online is unpatched. 18:09 < GenteelBen> Around 2010 there was an epidemic of unpatched LAMP servers. 18:09 < qman__> No excuse for that 18:09 < GenteelBen> Stupid Linux sysadmins don't know how to configure patch schedules, unlike the awesome chad Windows sysadmins. 18:10 < GenteelBen> I'd argue it's because the default state of Windows Server is "we're going to shove patches in your face and keep bitching about them unless you accept". 18:10 < GenteelBen> It was ironic - MS software has more security holes but is probably the most-patched, up-to-date mainstream software apart from iOS. 18:11 < qman__> I'd argue it's because you can't leave a windows server alone for 5 years and expect it to stay up 18:11 < GenteelBen> So in the real world, it's pretty difficult to use W10 exploits, say, because the boxes auto-patch. 18:11 < GenteelBen> qman__: you can, but you can't have any third-party services running on it. 18:11 < GenteelBen> And anyway 18:11 < GenteelBen> Only neckbeard sysadmins care about individual node uptime. 18:12 < qman__> That's not the point 18:12 < GenteelBen> The true metric is service uptime. And you get that by implementing rolling upgrades across a cluster. 18:12 < qman__> LAMP is literally set and forget 18:12 < GenteelBen> So is AD, Exchange, etc. 18:12 < qman__> So they install it and never touch it again 18:12 < qman__> Pfft, no 18:12 < GenteelBen> Difference is those MS services are self-patching unless you make a concious choice to deploy WSUS or SCCM on your network. 18:13 < GenteelBen> If you don't bother to set up enterprise patching in an MS environment, the default state (client downloads patches and installs them without asking you) protects clients reasonably well. 18:13 < GenteelBen> I have been pissed off a few times by Windows rebooting without asking me, though. 18:14 < GenteelBen> Anyway 18:14 < GenteelBen> Patch your routers, people. 18:14 < purplex88> which uml diagram is used for network topology? 18:14 < GenteelBen> And also, don't forget that the bigger threat is from within e.g. someone jacking into your LAN and spreading viruses everywhere. So implement RADIUS, or use Cisco port security, or something. 18:15 < purplex88> i want to show how a switch is connected with computers 18:15 < GenteelBen> purplex88: maybe the communication diagram? But UML is a software engineering description language, not really suited to physical stuff. 18:15 < GenteelBen> purplex88: you wouldn't use UML for that. 18:15 < purplex88> UML has many diagrams 18:16 < GenteelBen> purplex88: but still geared towards software engineering. 18:16 < purplex88> it can plot flow charts 18:16 < GenteelBen> There isn't really a standard for documenting network topologies, anyway. 18:16 < GenteelBen> Yes but they're logical flows...within or between software components. 18:17 < purplex88> i don't know what it means 18:17 < GenteelBen> UML claims to be general-purpose but it's not suited for stuff like network topology diagrams. For that, you produce something like this https://www.smartdraw.com/network-diagram/img/network_diagram.png?bn=1510011130 18:17 < GenteelBen> Who's the audience for your diagrams, purplex88? 18:18 < GenteelBen> Unless it's software engineers, UML is a waste of time. 18:18 < purplex88> just me 18:18 < purplex88> i'm audience 18:18 < GenteelBen> Then do what every other network admin does - use Visio + some nice shiny stencils. 18:18 < GenteelBen> This is a fairly typical topology diagram: https://www.pcwdld.com/wp-content/uploads/2016/01/Microsoft-Visio-Network-Diagrams.jpg 18:19 < purplex88> are you saying it doesn't have a "physical" flow but only "control flow" and "object flow" arrows? 18:19 < GenteelBen> purplex88: it claims to, but it's not very good at it. 18:19 < GenteelBen> A network diagram isn't supposed to be some abstract thing with rectangular boxes and classes. 18:19 < GenteelBen> The convention is that you either do it yourself, using stencils 18:20 < GenteelBen> Or you rely on a network monitoring application to build the diagram for you. 18:20 < GenteelBen> I would suggest you create a high-level diagram yourself with Visio. If your company is small you can list all routers/switches. If you're big, you can just stop at the distribution switches. 18:21 < GenteelBen> In addition to that you'd probably want to use something like Solarwinds to create more dynamic, up-to-date topologies for use when troubleshooting. 18:21 < purplex88> it has a lot of arrows: association, information flow, control flow, transition flow, object flow 18:21 < GenteelBen> SW or whatever tool you want will interrogate your network equipment and figure out what's connected to what. 18:22 < GenteelBen> That isn't really a network topology diagram then, purplex88. 18:22 < GenteelBen> Network diagrams aren't supposed to convey things like information flow. 18:22 < GenteelBen> You're describing the plumbing, not the individual turds. 18:24 < purplex88> okay, you're just saying to use custom shapes and generic connectors 18:25 < GenteelBen> No 18:25 < GenteelBen> What vendors are your network equipment? 18:25 < GenteelBen> You can use generic "switch" and "router" stencils, or you can use vendor-supplied ones: http://www.visiocafe.com/ 18:26 < GenteelBen> I'd say just keep it simple, unless you think your boss will be impressed by actual Cisco stencils. 18:26 < purplex88> vendor doesn't matter here 18:26 < GenteelBen> You have to remember what the network diagram is for, purplex88: troubleshooting (e.g. when a switch dies) and aiding in design/deploy/config work (e.g. when adding a new switch). 18:27 < GenteelBen> If a switch dies, you can look at the diagram 18:27 < purplex88> i'm using sparx architect 18:27 < GenteelBen> "Ah, switch023F is connected to switch024 and switch 027A, so that part of the building has no network access. 18:27 < GenteelBen> Hah. 18:27 < GenteelBen> Sparx is like several Swiss army knives glued together. 18:28 < GenteelBen> The "correct" language to use to describe network topologies is ArchiMate, but precisely zero people use it for that. 18:28 < purplex88> I think its "deployment diagram" 18:29 < GenteelBen> Just set your building on fire and be done with it, purplex88. 18:29 < purplex88> its got a communication path arrow :D 18:30 < GenteelBen> I recommend you trigger the fire by covering the vents of your routers with dynamite. 18:32 < purplex88> I see. You mean "just get it done without thinking too much". 18:35 < purplex88> GenteelBen: https://www.sparxsystems.com.au/enterprise_architect_user_guide/13.0/model_domains/deploymentdiagram.html 18:36 < purplex88> one thing i'm confused about is: how a node is different from a device in networking? 18:37 < purplex88> and also "host". 18:37 < purplex88> node vs device vs host 18:37 < purplex88> all sound same 18:40 < detha> purplex88: 'node' can be a VM, or a container. As can host. Device is a thing you can kick. 18:41 < purplex88> I see. 18:41 < purplex88> The terms "node" and "host" are used for a virtual device? 18:43 < detha> Not necessarily. 'host' is often a VM or physical server, doing running services. Node is often a router or router VM. But that is not a strict thing, the terms are used mostly interchangeably 18:44 < DEEP_freeze> I like to think of nodes are branches in a tree, while a host is the leaves. 18:49 < purplex88> Hosts as I learned are just client computer systems. 18:50 < Reventlov> Wikipedia writes « A network host is a computer or other device connected to a computer network. » 18:50 < Reventlov> good enough. 18:51 < Reventlov> (in the networking context) 18:51 < purplex88> I still don't get the difference. 18:51 < purplex88> I guess its all the same. 18:51 < Reventlov> purplex88: difference between what and what? 18:52 < purplex88> those three things: host, device, node. 18:52 < Reventlov> purplex88: in general or in the network context? 18:52 < purplex88> in networking 18:53 < purplex88> is there general meaning too? 18:53 < Reventlov> well, yeah, you can talk of node when talking of graphs (as opposed to vertice, or link) 18:53 < longxia> purplex88: if you're confused, then that's because everybody is confused about these terms. Except for a device, that's something tangible, mostly... 18:54 < purplex88> can I node be a computer, switch, router, or vm? 18:54 < Reventlov> yes 18:54 < purplex88> can a* 18:54 < Reventlov> purplex88: basically, in network, you often differentiate two kinds of things: "node" (entity, at one place, physically or logically), and "paths", or "links" (that are things that connect node) 18:54 < Reventlov> that's all: a node can be a computer, a switch, a router, a vm, depending on the level you want to consider 18:54 < Reventlov> You can consider stuff inside your computer as "nodes" connected by some bus 18:55 < purplex88> and host can also be a computer, a switch, a router, a vm? 18:55 < Reventlov> yes! 18:55 < Reventlov> like usb: my usb mouse is a node on the usb bus 18:55 < Reventlov> but, in the context of virtualization 18:55 < Reventlov> a host is often the "physical" machine "hosting" the virtual machines 18:55 < purplex88> host sounds like something that hosts 18:55 < Reventlov> don't sweat it too much 18:56 < purplex88> e.g. a computer hosting a server 18:56 < Reventlov> well, a server is a computer depending on the context, also 18:56 < Reventlov> see, that's not written in stone 18:56 < Reventlov> purplex88: hosting a server, or hosting a client 18:56 < printingwhyyyyyy> Hello, my printer used to be functioning properly but now it stopped all of a sudden, and when I try to go through the setup wizard and locate my Wi-Fi's SSID again, it's not there 18:56 < printingwhyyyyyy> Any idea why? 18:56 < printingwhyyyyyy> It's a Brother printer by the way 18:56 < purplex88> ok 19:19 < Tegu> that nanoSouffle.net link doesn't seem to work 19:40 < pauliunas> hey guys, i need to implement EIGRP in a sort of simulation app or something... don't ask, university stuff. anyway, is there a place where i could find a technical guide to EIGRP? like how the tables get populated etc., i already have a rough idea of how it works, i just need to put some dots on i's 20:15 < Jmabsd> what *DUAL* Intel XL710 chip NIC:s are there today? Hotlava Systems makes one. More? 20:15 < Jmabsd> in other words *quad* QSFP+ port 20:22 < lakiluki> Hey, I'm trying to query a www.mit.edu with nslookup for a NS type record and while my ISP DNS returns the authoritative answers with corresponding IP addresses, 1.1.1.1 does not return the IP addresses of the name servers, but only the hostnames. Can anyone explain why my ISP DNS returns the corresponding IP addresses, while 1.1.1.1 does not? 20:23 < lakiluki> mit.edu, not www.mit.edu* 20:35 < lakiluki> Can anyone help? 20:40 < SporkWitch> lakiluki: If you have a question, just ask! For example: "I have a problem with ___; I'm running Debian version ___. When I try to do ___ I get the following output ___. I expected it to do ___." Don't ask if you can ask, if anyone uses it, or pick one person to ask. We're all volunteers; make it easy for us to help you. If you don't get an answer try a few hours later. 20:41 < longxia> SporkWitch: he did :), at 20:22 20:41 < SporkWitch> ah, all i see before "can anyone help" is a netsplit lol 20:41 < longxia> or she 20:42 < SporkWitch> "he" is standard in english when sex is unknown 20:42 < longxia> SporkWitch: i thought they used they for that ;) 20:42 < SporkWitch> longxia: only idiots with an agenda and people who didn't earn decent grades in english 20:44 < SporkWitch> you'll find that most of the "masculine" words in english used to be neuter, we just got rid of most of the male-specific ones, which became male/neuter, and kept some of the female ones 20:45 < Jmabsd> if you have an SFP+ port (10gbs) with a 10GBASE-T RJ45 transceiver in it, will it be able to do 1GBASE-T also? 20:50 < fnDross> option wpa_group_rekey '86400' << security risk? 20:53 < SporkWitch> fnDross: arguably; 3600 (one hour) would probably be better 20:53 < SporkWitch> if not less 20:53 < Aleksandar86> I lost 5 hours in searching how to enable ethernet 1 port for only 1 MAC adress on DLINK 1510 switch layer3 20:54 < SporkWitch> fnDross: not sure what the current average to crack a WPA2 key is, but basically you'd want it below that, if you're worried about that 20:54 < Aleksandar86> only 1 MAC address can access on port 1 20:54 < Aleksandar86> how? 20:55 < Aleksandar86> I try ACL, port security, any options... :( 20:55 < Aleksandar86> I wanna set MAC filter on port1, only this mac can access 20:56 < Aleksandar86> I know how to block for one mac 20:56 < Aleksandar86> but how to give access for only 1 MAC? 20:56 < Aleksandar86> in which options I can do that? 20:56 < Aleksandar86> ACL? 20:56 < SporkWitch> port security is the feature you're looking for 20:58 < Aleksandar86> I have port security, but not working for me :( 21:14 < fnDross> SporkWitch: is 10mins too low? 21:15 < fnDross> tryin to fix "deauthenticated due to local deauth request" 21:44 < Apachez> when using 802.1x in cisco catalyst series, is there a way to auth the user just locally that is without an external radiusserver? 21:44 < purplex88> anyone heard the term "malicious server"? 21:45 < Apachez> fnDross: I think that depends on the equipment but usually the 10Gbase-T SFP+ supports 1G too 21:48 < SirJoker2188> hello 22:04 < fnDross> ? 22:24 < jason85> In TCP, why does the sequence number get incremented after a SYN which carries no data? 22:28 < SporkWitch> jason85: because it's still a packet; sequence is incremented each packet 22:29 < Apachez> seq tells the other side how much data has arrived 22:29 < jason85> SporkWitch: Does that mean a TCP packet with data of length 1 will have the sequence incremented by two? 22:29 < Apachez> think so 22:29 < Apachez> wireshark and such will convert that shit for you automagically 22:30 < SporkWitch> should still just be 1; 1 packet, +1 sequence 22:30 < Apachez> because initial seq is random due to avoid spoofing 22:31 < jason85> SporkWitch: but it gets incremented by the amount of bytes in the payload? 22:31 < jason85> Apachez: Yes true 22:32 < Apachez> syn 0 22:32 < Apachez> synack 2 22:32 < Apachez> ack 0 22:32 < Apachez> err 22:32 < Apachez> ack 1 22:32 < SporkWitch> that doesn't sound right, jason85 22:33 < Apachez> no sorry 22:33 < Apachez> wrong flow :) 22:33 < Apachez> syn 0 22:33 < jason85> SporkWitch: It does, sequence number denotes the amount of bytes received so far, not the amount of packets 22:33 < Apachez> synack 0, 1 22:33 < Apachez> ack 1,1 22:33 < Apachez> first is seq the other is acked 22:34 < Apachez> client sends client hello 583 in total length 22:34 < jason85> Apachez: Are you testing this in wireshark? 22:34 < Apachez> serve rresponse with 1514 total length 22:34 < Apachez> yes 22:34 < Apachez> then client acks 518, 1449 22:34 < jason85> Apachez: what happens if you send a packet with a payload of length 1, does it increment by 1 or 2? 22:35 < Apachez> server sends junk 1514 22:35 < Apachez> client 518, 2897 22:35 < SporkWitch> i stand corrected, it's incremented by the byte-length of the payload; http://packetlife.net/blog/2010/jun/7/understanding-tcp-sequence-acknowledgment-numbers/ 22:35 < Apachez> server sends 110 22:35 < SporkWitch> been a while since i dug into it 22:35 < Apachez> client 518, 2897 22:36 < Apachez> err 22:36 < Apachez> client 518, 2941 22:37 < Apachez> so the initial should be that it acks the opposite side's seq 22:37 < Apachez> so initially when there is 0 bytes as payload then 0 byte is acked 22:37 < Apachez> and then you start to send data 22:37 < Apachez> if you for whatever reason send a packet with 0 payload then 0 will be acked (that is previous ack num will be sent since no data aka payload was received) 22:38 < Apachez> somewhere in the settings of wireshark you can disable its auto calc of seq/ack 22:39 < SporkWitch> the linked article does a nice step-by-step on it 22:39 < Apachez> yup 22:40 < Apachez> so back to my 802.1x question :) 22:40 < Apachez> when using 802.1x in cisco catalyst series, is there a way to auth the user just locally that is without an external radiusserver? 22:41 < SporkWitch> i want to say no, but i honestly don't know; i've never heard of doing it without some kind of auth server that you tie into something like LDAP/AD 22:42 < jason85> Okay, so it is increased by the amount of bytes in the payload, with the exception for SYN packets, in which case it is increased by one. Thanks guys. 22:42 < Apachez> because there is some fallback mode "if radius isnt reached, let clients in based on mac instead" or something 22:42 < SporkWitch> Apachez: at that point isn't it just port security? 22:43 < Apachez> hey Im asking the questions here :P 22:44 < Apachez> there is MAB but that seems to require a radiusserver anyway (macaddress is used as password) 22:44 < SporkWitch> Apachez: just saying, that sounds like exactly what port security is, which makes sense as a fallback if the auth server can't be reached 22:45 < Apachez> ? 22:45 < Apachez> because this usercase still needs the guestvlan and then switched into prodvlan as with regular 802.1x 22:45 < Apachez> but I failed to figure out if the cisco catalyst somehow supports 1x without an external radius 22:45 < SporkWitch> Apachez: MAC-to-port mappings, lock the port if a different MAC is seen 22:45 < SporkWitch> yeah, dunno :( 22:46 < Apachez> so its not a mac acl ala portsecurity Im looking for 22:49 < purplex88> when computer A sends a packet to computer B, does computer B finds ip address of computer A in the source or destination field of TCP/UDP packet? 22:49 < purplex88> i think source 22:50 < purplex88> because thats its source 22:51 < Apachez> the packet (ipv4) contains both srcip and dstip 22:51 < Apachez> srcip is the one who sent the packet 22:51 < Apachez> so when computer B gets packets from A the the srcip in these packets say ip(A) 22:53 < SporkWitch> purplex88: think of it like a paper letter, just with extra info on the envelope 22:55 < purplex88> why does ipv4 and tcp both have srcip and dstip fields again? can't we use only ipv4? 22:55 < purplex88> maybe because tcp is encrypted? 23:00 < t0x0sh> purplex88: TCP doesn't have ipsrc/ipdst...Only portsrc/portdst are present in header. 23:03 < Apachez> purplex88: different layers 23:03 < Apachez> purplex88: ip is layer 3, has srcip/dstip 23:04 < Apachez> tcp is layer4, has srcport/dstport 23:10 < purplex88> i captured some packets in wireshark, will try to understand what goes where 23:12 < turtle> gotta catch 'em all 23:21 < purplex88> are Frame and Ethernet two protocols as well above IPv4 and TCP as I am seeing in wireshark? 23:22 < purplex88> i don't even know use Ethernet cable, only wifi 23:22 < SporkWitch> frames are to ethernet what packets are to IP 23:22 < purplex88> I mean I use Wifi not Ethernet cable* 23:22 < SporkWitch> this is easily googled, and covered in any introductory networking course or textbook 23:23 < SporkWitch> i can't recall if wifi does ethernet directly or if there's another encapsulation layer around the ethernet... 23:24 < qman__> Pretty sure wifi is just straight ethernet, with some extensions 23:25 < purplex88> i was expecting to see a WiFi protocol 23:26 < qman__> 802.11 23:27 < dan01> On VBox If I want to share the network with the guest OS, I set the interface as 'bridge', but I saw a strange technique: Have one NAT interface and one as host-only adapter, how the hack does that work? 23:27 < purplex88> well, in this case I sent tcp packets from mobile app to PC 23:28 < purplex88> why do i see the line: "Frame 34: 66 bytes on wire (528 bits), 66 bytes captured (528 bits) on interface 0"? 23:28 < purplex88> on wire? 23:32 < qman__> Because that's what was on the wire 23:32 < qman__> With wifi, the air is your wire 23:33 < Apachez> qman__: with wifi there is a wire from the antenna to the transceiver ;) 23:35 < purplex88> ah ok 23:35 < purplex88> in the air sounds interesting 23:35 < Falkaofalk> Hey all, I have difficulty finding my ISP's nameserver. As far as I know, it is necessary to use this nameserver at the domains registrar, so that it knows where to point. I only get a connection specific DNS-Suffix but that does not seem to be the correct one... Any idea on how I can find out the nameserver (not just one IP of it) 23:37 < SporkWitch> Falkaofalk: you're talking about different things. domain registrar determines authoritative nameservers for your domain. ISP nameserver is just the first one you ask if you don't have a local entry 23:37 < SporkWitch> Falkaofalk: usually people recommend using google's (8.8.8.8 and 8.8.4.4) or another free DNS provider, to avoid some nastiness by the ISP 23:39 < Falkaofalk> SporkWitch: Thanks. Yeah I am using googles DNS. For some reason I cannot seem to connect to my local server via Internet. I already tried a bunch and hoped, that could solve my issue. 23:41 < SporkWitch> Falkaofalk: https://lmgtfy.com/?s=d&q=port+forwarding 23:42 < SporkWitch> Falkaofalk: see also https://lmgtfy.com/?s=d&q=nat 23:44 < Falkaofalk> SporkWitch: Already forwarded the needed ports. My router seems to have issues regarding NAT but I cannot seem to figure out where the issue lies. Thanks for the input, will keep digging :) 23:47 < SporkWitch> Falkaofalk: figured it was worth mentioning given the initial confusion 23:47 < SporkWitch> are you sure you're trying to reach the external address? 23:48 < Apachez> there are two types of dns servers, resolvers and authoritive 23:48 < Apachez> resolvers finds out who is authoritive and ask any of those about a specific domainname 23:48 < Falkaofalk> SporkWitch: Thanks for the heads up. And jep, port forwards are set up properöy 23:48 < Apachez> so in your case setup authoritive dns servers 23:48 < Apachez> most registrars offer this as a service 23:48 < Apachez> there are also free services elswhere like dns.he.net 23:49 < Apachez> or use your own servers 23:49 < Apachez> or a combo, your server as master and slaves at dns.he.net 23:49 < Apachez> I do the later 23:49 < Falkaofalk> yeah my registrar has default dns servers which I can use without any issues i suppose. 23:50 < scientes> is there any way to figure out if two coaxials are connected? 23:50 < scientes> without spending money on a moca adapter? 23:51 < Falkaofalk> Apachez: Do you know a general way on how to change a routers NAT-type? I guess it might be router specific but forwarding specific ports did not seem to fix the issue. 23:53 < Reventlov> scientes: use a multimeter? 23:54 < halftroll> my android doesn't let me assign a static IP instead of DHCP. On my computer ( WICD ) I have no problem.. 23:54 < zeldafan78> Why does this keep happening? A torrent downloads at several megabytes per second until like 76% (it varies, but always more than 50%, not seldom like 99%) when it stops completely and then remains like that until I eventually give up and delete it? 23:54 < scientes> Reventlov, but they are so far apart, i guess i would have to run a wire between them? 23:55 < scientes> halftroll, https://it.uoregon.edu/node/3559 23:56 < Reventlov> zeldafan78: that's because torrents are split up in multiple pieces, some pieces may not be available 23:56 < halftroll> scientes: thanks, I am reading it 23:56 < scientes> halftroll, thats a lmgtfy.com 23:58 < halftroll> scientes: when I click static instead of dhcp in advanced setings, all inputs have default fields and the phone doesn't let me change them --- Log closed Mon May 21 00:00:12 2018