--- Log opened Tue May 22 00:00:28 2018 00:03 < jadesoturi> hi all.. anyone around? 00:04 < jadesoturi> im trying to solve this puzzle online, and the hint is follow the PTR.. so i did a reverse lookup and both ptr and a records point to the same host.. is there something im missing? 00:05 < drudge`> im not sure 00:06 < tds> out of interest, do you have a link to the puzzle? 00:06 <+catphish> question from earlier, any idea why my websocket connection isn't sending cookies? https://imgur.com/a/LmdXVK5 00:06 < drudge`> prob need more of the project scope 00:06 < jadesoturi> https://puzzle.webhuset.no/step-six-complete 00:08 < jadesoturi> drudge`, previous one was to follow the TXT, which lead me to the link above.. 00:09 < jadesoturi> but no matter how i lookup or trace the ip i get, it still leads to the same host, and that leads to step 1 :P 00:11 < drudge`> this looks like a fun puzzle 00:12 < drudge`> i wish these damn customers would stop calling me for the rest of the work day =) 00:12 < jadesoturi> haha:P 00:13 < jadesoturi> yeah, the first steps were pretty easy(once i got what the header was encoded in etc) but the PTR one stopped me right in my tracks:P 00:30 < tds> jadesoturi: looking at the later parts, they don't seem especially difficult compared to how you might solve step7, so I'd suspect it's broken 00:30 < tds> I may have missed something obvious, though ;) 00:31 < jadesoturi> step7-ptr.puzzle.webhuset.no is the answer. found by randomly googly for the puzzle, but i dont get it.. how is this connected. the IP for step7-ptr.puzzle.webhuset.no is nowhere to be found when looking at DNS records for the host 00:32 < tds> yeah, you could scan rdns record for all their prefixes (or just look on bgp.he.net), but I'd suspect they moved the box and forgot to update the ptr record on the new ip 00:32 < jadesoturi> yeah. i suspect it might be broken.. asked a friend and he said they played with it at 33C3 and that its 7 years old. 00:32 < jadesoturi> ahh ic. well. that is possible 00:32 < tds> it also looks like a server 2008 box, so I guess that would line up 00:33 < tds> I'd certainly let them know about it though, if nothing else they might remember to update or shut down the site 00:34 < jadesoturi> the weird thing is that they are apperently using this as a small test for new applicants for job openings 00:34 < jadesoturi> so kinda weird if its broken. found a listing where they link to this puzzle and its like 2 weeks old.. 00:36 < jadesoturi> ohh well.. ill solve the rest of it and let them know. maybe they really want you to dig through the DNS records :P 00:42 < drudge`> tried a AXFR but that was denied 00:45 < jadesoturi> well. just found out that a friend of mine knows the guy maintaining the puzzle(works at webhuset) he is gonna check if the "error" is intentional or if there is something we are missing.. 00:45 < k12> My friend told me that he can run a command in his web browser that will execute a command on the server, and he said he was able to shut his other friends computer down remotely that way. What is this exploit called? 00:47 < k12> I tried to get him to tell me what it is, but he refuses. So, now I have to come here, because I don't know what search terms to look up. 00:51 < drudge`> oh dude 00:51 < drudge`> jadesoturi 00:51 < drudge`> lol 00:51 < jadesoturi> sup ? 00:52 < drudge`> http 00:52 < jadesoturi> ? 00:52 < drudge`> https://step7-ptr.puzzle.webhuset.no 00:53 < CuriousMind> Are there any telnet servers that I can log onto? 00:53 < jadesoturi> yeah. thats the answer. but how do you get to that from "follow the PTR" ? 00:53 < k12> A guy by the name of Bryan Lunduke that I watch has one: bbs.lunduke.com 00:53 < k12> He's a decent youtuber. 00:54 < tds> depends what you want to telnet into, there are various public route servers if that's what you want ;) 00:55 < k12> CuriousMind: https://www.youtube.com/watch?v=U4yebZR7TkQ 00:55 < k12> He talks about his bbs right there. You could telnet into that. 00:55 < drudge`> jadesoturi https://dnslytics.com/ip/31.24.128.192 00:55 < k12> May not be telnet itself(I don't know since I don't know much about telnet), but you could use telnet for it. 00:56 < tds> drudge`: how did you find that v4 address? or just by scanning ptr records for all their announcements? 00:56 < djph> CuriousMind: telnet towel.blinkenlights.nl 00:56 < CuriousMind> k12: Thanks 00:56 < CuriousMind> djph: thanks 00:56 < jadesoturi> yeah, but how did you get to that IP from puzzle.webhuset.no ? its not showing up in reverse lookup unless you check them ALL like tds said 00:57 < k12> So, does anybody know what that exploit is called? Or no? 00:58 < tds> k12: https://www.owasp.org/index.php/Command_Injection 00:58 < k12> tds: ok thx 01:00 < drudge`> tds jadesoturi i was trying different variants 01:00 <+catphish> finally figured out my cookie problem, i feel dumb, was confusing 127.0.0.1 and localhost 01:00 < drudge`> in google 01:01 < jadesoturi> okok. yeah. i googled for puzzle.webhuset.no and found that same link.. just dont get it how they originally ment for it to be solved.. 01:02 < drudge`> ohhh, i gotcha 01:02 < drudge`> if these customers would stop bothering me i could think more on it 01:03 < tds> lol 01:03 < djph> redirect the helldesk line to the 1.99 per minute self-help number you set up? 01:03 < tds> the following stages weren't hard, so it seems likely to me that they just changed the IP and forgot about the old one 01:03 < drudge`> or you were supposed to just guess the domain was step7.ptr 01:03 < jadesoturi> yeah. that is possible.. ill find out once my buddy gets a reply :P 01:03 < geokoh> hello 01:03 < drudge`> but yah, i was doing hte actual reverse look ups as well 01:05 < drudge`> i think im over-engineering step 8 tho 01:05 < geokoh> wondered how bandwidth throttling looks on graph over time 01:20 < banisterfiend> does anyone know any advantages in using routing sockets vs just shelling out to the 'route' command? 01:32 < drudge`> now step 8 is puzzling my pants off 01:54 < spaces> Apachez how is the internets ? 01:55 < spaces> drudge`ask the chick next to you how to get your pants off, she doesn't need to puzzle for that ;) 02:12 < drudge`> lol spaces 02:25 < spaces> drudge`did it work ? 02:32 < Falkaofalk_> Hey, I just found out that my ISP is blocking all ports except Port 8080. Via port 8080 I only get into my routers config panel. Tried forwarding port 8080 to 80 but that dosent fix the issue. (Did external IP port 8080 to internal IP of the server port 80). Anyone has a idea on how to use port 8080 to reach the server on port 80? Gonna ask my ISP tomorrow if they do open the ports in case there is no other way. 02:36 < ntd> if your home routers we interface is exposed to inet you're doing it wrong 02:38 < Falkaofalk_> well that what is happening... 02:42 < xamithan> Some of those gateway modems require to be exposed so the techs can access 02:43 < Falkaofalk_> seemd like i did something wrong when configuring the forwards. deleted all of them and apparently works 02:45 < xamithan> You sure your router isn't the one blocking the ports and not your ISP? 02:46 < Falkaofalk_> A did a check and found that only port 8080 was not blocked via ISP. My router is not blocking any. 02:47 < xamithan> Well if NAT is active it autoblocks inbound until you forward 02:47 < xamithan> Unless you only got one device 02:49 * linux_probe is betting on nat loop back getting port 8080 lol 02:50 < xamithan> I'm trying to figure out how to make xfce network applet work >.< 02:50 < Falkaofalk_> got multiple devices and it somehow magically works now. which on the other hand worries me a bit 03:00 * xamithan is going to have to get used to NetPlan 05:32 < ScriptGeek> I'm downloading kali linux to install on a usb stick so I can hack some wifi bush 05:32 < eahm> you should download Edgy Linux 05:32 < lupine> "wifi bush" 05:33 < lupine> I don't know whether to be titillated or IoT-horrified 05:33 < ScriptGeek> lupine, me neither, which do you prefer? 05:33 < ScriptGeek> eahm, why Edgy? 05:34 < eahm> cause its the best 05:35 < ScriptGeek> eahm, you mean Ubuntu Edgy? 05:35 < eahm> no lol, it was a joke :P 05:35 < ScriptGeek> eahm, oooooh 05:35 < eahm> :) 05:35 < lupine> why not both? 05:36 < ScriptGeek> Ubuntu Edgy is hella old 05:36 < eahm> it wasnt a distro, it was a joke because of that shit you said = edgy 05:36 < lupine> now that you've explained it, it's not funny any more 05:37 < lupine> what is this, rookie hour? 05:37 < ScriptGeek> it was too much of a stretch 05:37 < eahm> yeah sorry but fuck me sumtims 05:37 < lupine> poor tim 05:37 < ScriptGeek> rip 05:38 < ScriptGeek> why does everyone have to setup wifi security? why can't they just share the wealth? 05:39 < lupine> legal liability, that's why 05:40 < ScriptGeek> legal my eagle, they just need to trust 05:41 < ScriptGeek> I promise not to download more than 30 gigs of pornos at a time 05:41 < lupine> trust is impossible given anonymity 05:42 < lupine> now, if we all had some form of ID with which we could log into any wifi port and have our illegal activities attributed directly to us, it might be another matter 05:42 < lupine> until then, if I give open wifi, and you come along and download child porn, I'm going to jail 05:43 < ScriptGeek> child porn... sheesh 05:43 < lupine> there's some sick people out there 05:43 < eahm> lupine: yep, thats why i tell friends and relatives to never share it, not even for money 05:44 * linux_probe suggest kitty porn instead 05:44 < eahm> it could even be a spyware, popup, anything, they dont care. 05:59 < nshire> will an AP running both 2.4ghz and 5ghz always have 2 SSIDs or can you have it just show as one? 06:00 < ScriptGeek> nshire, I'm pretty sure it will be 2 06:00 < ScriptGeek> they should be able to have the same name, though 06:03 < nshire> ah. I was hoping I could have just one ssid show for less clutter but oh well 06:03 < linux_probe> so, make them the same? 06:04 < nshire> still shows 2 entries for people's wifi list 06:04 < ScriptGeek> yep, it's gonna be listed as 2 different ones 06:33 < C0r3> If I'm logged into a server how do I figure out what port does an API call hits? 06:36 < monkeynuts> C0r3, ss -tlpn |grep whateverprocess 06:49 < winsoff> I just want to be able to walk into a place and ask what their network topology is 06:49 < winsoff> and then ask questions about why they made those decisions 06:49 < winsoff> and not be told "sir you need to leave" 06:50 < light> you expect too much from McDonalds 06:55 < linux_probe> lol 06:57 < Johnjay> i want to make a joke about being racially profiled at mcdonalds, but that was actually a starbucks 07:22 < winsoff> light, lol 08:55 < Haris> hello all 08:56 < Haris> I have a problem with devices not negotiating to 1 Gbps. rather sticking to 100 Mbps on LAN. Is this because of wire or how its being used ? Is there a way to make sure every device always successfully negotiates to 1 Gbps interface status ? 09:01 < skyroveRR> Haris: change the wire and see. 09:01 < winsoff> Haris, are you using the right cables? 09:02 < Haris> that's what I want to know. what or which are the right ones 09:02 < Haris> I'v got 3m, 5m patch cables from the market 09:02 < winsoff> Cables rated for the stated 1gbps 09:02 < skyroveRR> You need a Cat5e/6 rated cable. 09:05 < skyroveRR> Haris: also, most LAN LEDs will give you amber light when they are negotiated to 1Gbps. Quite common. 09:05 < Haris> hmm 09:05 < Haris> on my 2960G, for one, sometimes it continuously goes between amber and green 09:05 < skyroveRR> Green LED is 100mbps, typically. 09:05 < skyroveRR> Yeah, in that case, force it to 1Gbps. 09:06 < skyroveRR> Turn off Auto-neg. 09:06 < Haris> I thought amber was indication of a problem 09:06 < Haris> ..was an+ indication.. 09:06 < skyroveRR> Only in terribly programmed devices. 09:14 < hmig> morning guys 09:15 < skyroveRR> Afternoon hmig 09:15 < hmig> can anyone help me troubleshoot a spanning tree issue 09:15 < hmig> afternoon? where in the world are you? 09:15 < skyroveRR> India. 09:15 < skyroveRR> And you? 09:15 < hmig> England 09:24 < skyroveRR> hmig: still awaiting your question :D (although no guarantees that I might have the answer :D) 09:29 * linux_probe sees spanning tree and runs for cover 09:32 < skyroveRR> spinning tree 10:02 < hmig> re spanning tree 10:02 < hmig> i have a swinth hp/aruba 2920 10:02 < hmig> that has port 23+24 in a trunk 10:02 < hmig> one link goes to core sw1 and the other link goes to core sw2 10:03 < hmig> core sw1 and core sw2 are in an lacp 10:03 < hmig> so thats may loop 10:03 < hmig> i need to figure out how to stop 10:03 < hmig> because both core switch are forwarding at the moment 10:03 < hmig> i need one of them to be in a blocking state 10:10 < regdude> either it is a bug or RSTP might not be sufficient in your topology since you are running VLANs. You can have an open circuit with untagged traffic, but a loop with tagged traffic, RSTP sends out BPDUs only with untagged traffic (unless they are breaking 802.1Q) and will miss loops with VLANs, For such a topology you need a VLAN aware STP (MSTP or PVST) 10:12 < regdude> with the default values for STP a loop should be detected and one port should be in discarding state, unless you have a topology mentioned above 10:19 < TakWah> hi, to prevent a linux host from answering ping requests I need to compile my own kernel? 10:19 < Apachez> hmig: why dont you configure core1 and core2 as a single virtual chassis? 10:19 < skyroveRR> TakWah: nope. 10:19 < Apachez> TakWah: no 10:19 < TakWah> so who answers ping requests? 10:20 < Apachez> usually the host you sent the icmp echo request to 10:20 < Apachez> but this host can block such requests 10:20 < Apachez> and block outgoing icmp echo replies too 10:20 < TakWah> iptables? 10:20 < Apachez> both through kernel params (/proc) and/or through iptables 10:20 < TakWah> I see 10:21 < skyroveRR> iptables -I INPUT -p icmp -j DROP 10:21 < skyroveRR> Drops ALL ICMP packets, including ping. 10:21 < TakWah> thanks, that will do 10:21 < Apachez> /proc/sys/net/ipv4/icmp_echo_ignore_broadcasts 10:21 < Apachez> /proc/sys/net/ipv4/icmp_echo_ignore_all 10:22 < hmig> i think lacp is mis-configured between the two core switches actually 10:22 < hmig> having another look 10:22 < TakWah> Apachez: mhh, do I add those or edit them as files? 10:23 < Apachez> echo "1" > /proc/sys/net/ipv4/icmp_echo_ignore_all 10:23 < Apachez> as root / sudo 10:23 < TakWah> cool 10:23 < Apachez> or add in sysctl.conf 10:23 < hmig> am i correct in assuming if lacp is setup correctly and spt is setup correctly then one port will be in forwarding and another in blocking 10:23 < Apachez> but then its like sys.net.ipv4.icmp_echo_ignore_all 1 10:23 < Apachez> or whatever the synax is 10:23 < hmig> the two core switches are not stacked, they should be in lacp with 2 ports 10:24 < Apachez> hmig: why dont you configure core1 and core2 as a single virtual chassis? 10:24 < TakWah> Apachez, skyroveRR: thanks a lot 10:25 < TakWah> Another question, for the other way around, in a lan like setting, can I detect non-custom NIC adapters who do not respond to icmp? 10:26 < Apachez> "non-custom NIC adapters who do not respond to icmp" huh? 10:26 < Apachez> in a lan you can see the mac address of each host 10:26 < Apachez> specially if you login to the switch 10:27 < Apachez> and this switch have an vlan interface with ip configured 10:27 < Apachez> if you dont have any security features enabled you can just pingsweep your own subnet 10:27 < TakWah> nic's that do not actively participate in the network and are in promiscous mode, can they be persuaded to answer to something? 10:27 < Apachez> and then look in your own arp table to see mac addresses 10:27 < Apachez> the first 3 hexvalues of the mac is called OID 10:27 < TakWah> even the macs of the ones who did not answer the imcp? 10:27 < Apachez> and can be looked up online so you get who is the vendor of that nic 10:28 < Apachez> and then you can match that to which hosts replied to your icmp echo request 10:28 < Apachez> yes because arp is below the layer3 protocol 10:28 < TakWah> cool, I am asking this for a bash scripted ids like system and I try to get a picture of the possibilites. 10:29 < Apachez> when your box pings lets say 192.168.1.2 (assuming you have 192.168.1.1/24 on your nic) the first thing that happens is that your box will send out an arp who has request (unless the mac is already cached in the local arp table) 10:29 < Apachez> box who is online and reachable will reply with its mac "I have ip x.x.x.x" 10:29 < Apachez> next your box will send the icmp echo request to this mac address with dstip set to x.x.x.x 10:29 < detha> TakWah: an adapter that only listens in promiscuous mode can only be detected from the fact that your switch has link-up state, but no traffic. 10:30 < Apachez> note that there are security features in lan's where for example it can be the switch (running proxy arp) who replies with its own mac instead of the client 10:30 < Apachez> or there can be protected or private vlans configured then you wont be able to reach other hosts at all unless you send the request through the gateway and the gateway allows it to pass 10:31 < TakWah> I see 10:31 < TakWah> detha: link-up state, is terminated wires? 10:31 < TakWah> nvm, I mean like it happens when you plug the cable in 10:33 < TakWah> Apachez: So, if I, the IDS detect an unkown device, via ping/arp, can I shoot it's physical frames (if they happen to pass the IDS box)? 10:33 < TakWah> like a measure to prevent the illegal host from using the network in a meaningful way. 10:37 < TakWah> what's the proper way to remove unwanted hosts from the network? 10:42 < SwedeMike> TakWah: that depends on the network. 10:43 < TakWah> for wlan I can just turn it off, I think, that is the most probable entry for non whitelisted hosts. 10:53 < Apachez> TakWah: ? 10:57 < djph> just use dot1x ... 10:59 < TakWah> Apachez: if the ? is for 'shooting frames', I meant causing collisions on the physical frame as soon as the part of the frame has been read which denotes who sent it? Don't know if this makes sense. 10:59 < TakWah> But I guess a normal NIC waits for the frame to complete before anything can be analysed. 10:59 < TakWah> By then it's all over. 11:01 < Apachez> I have no idea of what you tried to ask 11:01 < Apachez> default is store-and-forward 11:01 < Apachez> so full frame is received and then its processed 11:02 < TakWah> :) in that case, that's the answer I needed. What I asked for was a method to block single non-whielisted hosts upon detection from the network by the IDS. 11:03 < TakWah> Your answer tells me that it is not possible this way. And I guess not at all. 11:03 < Apachez> no I didnt say that 11:04 < TakWah> Not the second part 11:04 < Apachez> try to rephrash your question because it seems bogus to me 11:04 < drzacek> Hello 11:06 < TakWah> Okay, assume the IDS scans for hosts in the local network, and compares them to whitelist with MAC and/or ip-addresses. Then Mallory comes along and enters the network with his NIC, but isn't whitelisted, he starts doing stuff. The IDS notifies the network admin "" 11:06 < TakWah> and blocks all of mallories traffic, so that the network administrator has time to find mallories NIC in the real world and unplug it. 11:07 <+xand> don't do that 11:07 < TakWah> The question now was, if it was possible to cause collisions for all packages sent by mallory. 11:07 <+xand> just use 802.1x so they can't connect in the first place 11:07 < drzacek> https://pasteboard.co/ Is there a way to get internet connection on PC2 with this configuration? 11:08 < TakWah> xand: interesting, I have seen that number before, but never new that it could do that. I am currently reading the wiki article on that. Thanks 11:08 < hmig> either it is a bug or RSTP might not be sufficient in your topology since you are running VLANs. You can have an open circuit with untagged traffic, but a loop with tagged traffic, RSTP sends out BPDUs only with untagged traffic (unless they are breaking 802.1Q) and will miss loops with VLANs, For such a topology you need a VLAN aware STP (MSTP or PVST) 11:09 < drzacek> PC is only connected to wireless router, the router is then connected with my laptop, and only my laptop has cable connection to router with intenet. Can we connect from second pc to internet over my laptop? 11:09 < hmig> can i not use RSTP? 11:10 < regdude> it depends on your topology, and it depends how you have connected those LACP members because you might be trying to do MC-LAG without proper support 11:12 < shtrb> TakWah, hostapd is your friend if you would like an easy way to configure per host vlan, but if you are using WiFi sometimes it is not really isolated (I was at a net that had a signle SSID and a vlan for each clinet , but I could still see broadcast requests from others) 11:15 < hmig> from what i understand 11:15 < hmig> is when i actually fix lacp between the two core switches 11:15 < hmig> then stp should put one port in blocking on one core switch 11:16 < hmig> and forward the port on the other core sw 11:18 < regdude> wait wat, you want the STP to block a LACP member? 11:19 < hmig> no 11:19 < hmig> there is a 3rd switch 11:20 < hmig> which has ports 23-24 in a trunk 11:20 < hmig> 23 > Core sw1 and 24 > core sw2 11:20 < regdude> to test if this isn't a bug, just ditch the LACP and test if the switch blocks a port when there is only a single cable 11:20 < hmig> on core switches both ports coming from the 3rd switch are in forwarding state cuasing packet loss 11:21 < TakWah> shtrb: Thanks, if got you right it means rolling own Wifi access points, instead of embedded ones (of the kind that do not support EAP). 11:21 < hmig> well LACP wasn't properly congured 11:21 < regdude> what are the roles for those 2 ports? 11:21 < regdude> designated? 11:21 < hmig> at the moment the 2 ports connecting both switches are trunk and in bridge-aggregation mode static 11:21 < hmig> instead of dynamic 11:22 < shtrb> TakWah, what I meant is that when you roll your own AP not all modes will give you isolation for the same SSID (if you have different ssid even better) 11:22 < regdude> static or active LAG mode doesn't matter in this case as long as both ends have the same configuration 11:22 < hmig> static link-aggregation: no control protocol is used, based on the configuration, the link-aggregation member interfaces will be actively participating (Selected) in the link-aggregation at the moment the interfaces come up. 11:22 < TakWah> shtrb: I see. 11:23 < hmig> okay so my quwation 11:23 < hmig> is 11:23 < hmig> how do i get on of these ports in blocking state 11:23 < hmig> i guess i need to use PVST 11:23 < hmig> as you suggedted 11:23 < hmig> and enable spanning tree on the 3rd switch 11:24 < hmig> diagram https://imgur.com/a/VBFdRqV 11:25 < regdude> you don't have STP enabled on all switches? 11:25 < hmig> nope 11:25 < hmig> i only started looking at this in depth yesterday tbf 11:26 < hmig> from the troubleshooting ive done, STP is only enabled on the two core switches 11:26 < hmig> not the switches in the outside cab 11:26 < regdude> if you don't know how STP works, then I suggest to turn STP on wherever you can 11:26 < hmig> no lol, im not going to turn on stp randomly unless there is a need for it 11:26 < regdude> it would be great if you could understand and configure STP parameters manually so that one switch is your root bridge 11:27 < regdude> and why not? 11:27 < hmig> if i unplug one of the trunk ports for the swith in outside cab 11:27 < hmig> connection works fine 11:27 < hmig> no packet loss 11:27 < hmig> the issue is at the core switches 11:27 < hmig> it should be discard/blocking one of the links 11:28 < hmig> core sw2 is the root bridge 11:28 < regdude> why do you have the same priority on both switches? 11:29 < hmig> in the outside switches? 11:29 < regdude> yes, those cabs 11:30 < hmig> looking at config that is auto applied when a trunk is creted on 2920 switch 11:31 < hmig> the outside cab switches are not connected to each other directly 11:31 < hmig> both otuside switches connect back to core sw1 and core sw2 11:32 < regdude> leaving everything to defaults is a problem, but not going to deal with that now, that is something you have to figure out 11:32 < regdude> I hope that you managed to make one of those core switches as a root bridge at least 11:33 < regdude> and test without using LACP or static LAG, there are multiple vendors that seem to have a bad implementation of 802.3ad and 802.1W 11:35 < hmig> core sw2 is the root bridge 11:36 < hmig> what im not sure on is once lacp is correctly configured will it have any affect on the ports that are current connected to the outside cabs 11:37 < hmig> i wish they had the core switches in a stack 11:37 < hmig> would have made this a lot easier 11:38 < TakWah> l8r, thanks 11:38 < regdude> This is why you want to configure STP manually to make sure that the right ports are blocked 11:39 < regdude> Im not familiar with HPE, but I suspect they are tagging BPDUs over trunk ports and then discarding tagged BPDUs or LACP is creating a inner loop 11:40 < regdude> I would suggest using packet analyzer and check if BPDUs are being exchanged between switch ports. They should not be tagged at all 11:51 < hmig> i defo need to test this 11:51 < hmig> h3c have a simulkator i can use 11:54 < medard> Hello guys. How can I put some text message to be displayed to anyone who makes connection to a host? 11:54 < djph> stick it in /etc/motd 11:55 < medard> Will it display to somebody who connects with netcat? 11:56 < djph> probably not, but that wasn't part of your question. 11:57 <+xand> medard: no, that's a nonsensical requirement. 11:57 < medard> Okay, is it possible to do such thing? Like broadcasting text message on certain port so that anybody who makes connection on that port can read it? 11:57 <+xand> you could do it on one specific port 11:57 < lupine> sure, you can do it with netcat 11:57 <+catphish> medard: it's totally dependent on what protocol they're connecting to 11:57 <+xand> but you wouldn't want it on every port... 11:57 < medard> tcp 11:57 <+catphish> most services have their own welcome messages 11:57 < medard> I only need one specific port 11:57 <+catphish> medard: no 11:58 <+catphish> medard: you mean you want to run a service that just greets people and does nothing else? 11:58 < medard> basically 11:59 <+catphish> you probably want https://en.wikipedia.org/wiki/QOTD 11:59 <+catphish> i assume off the shelf QOTD servers still exist 12:00 < medard> Okay, I'll look into it. Thanks. 12:00 <+catphish> or you could write one in about 4 lines of most high level programming languages :) 12:02 < ^7heo> You can even write one in about 20 SLOC of C. 12:02 < shtrb> What could possibly go wrong if random text will be sent on TLS connection or a websocket connection :D 12:02 < shtrb> Hi catphish , how are your cookies ? 12:04 <+catphish> shtrb: i found the problem :) 12:05 <+catphish> shtrb: in summary: i'm an idiot 12:05 <+catphish> shtrb: look at the url of the page, and the url of the websocket request in the console :) https://i.imgur.com/LVkdof8.png 12:07 < shtrb> I think we both are, because I don't think the problem was the wrong port or that localhost was giving you a different ip 12:07 < shtrb> * I miss that 12:08 < shtrb> oh lord the query part ? 12:08 <+catphish> shtrb: no, the problem is that "localhost" and "127.0.0.1" are not the same domain" 12:08 <+catphish> ! 12:09 < shtrb> wow , nice 12:09 <+catphish> the browser doesn't consider those to be the same! but my brain just automatically equates them 12:09 < shtrb> borken browser doesn't work like our brain 12:11 < IamTrying> 173.205.33.19, 173.205.33.17, 173.205.33.x - are those spammers IP range? i am keep getting emails from that IP. 12:12 < aditya6502> IamTrying: try project honeypot 12:12 <+catphish> surely you can tell from the content of the email whether it's spam :) 12:12 < ^7heo> Can you tho? 12:12 < ^7heo> if it's HTML, good luck. 12:12 < IamTrying> catphish: i mean from my site someone "writing content and pressing submit" from same IP range each 30 minute 12:13 <+catphish> well if it's junk / spam content, then it's a spammer... 12:13 <+catphish> send an abuse report, simples 12:13 < IamTrying> CHAT button on website to CHAT with catphish 12:14 < IamTrying> they click the CHAT button and do not CHAT 12:14 < ^7heo> wtf 12:14 <+catphish> this isn't making any sense 12:14 < aditya6502> IamTrying: https://www.abuseat.org/lookup.cgi?ip=173.205.33.17 12:14 < aditya6502> 7 listings 12:14 < aditya6502> looks pretty spam 12:15 < aditya6502> part of conficker botnet 12:15 < IamTrying> WOW!! thanks aditya6502, so it is indeed a bad guy network IP 12:16 < aditya6502> probably some old granddad who installed "the free naked ladies" 12:17 < IamTrying> Thank you 12:18 <+catphish> a lot of compromised hosts just crawl the web looking for forms ans submit them with junk data 12:18 <+catphish> so seems plausible they'd accidentally open a chat 12:18 <+catphish> or similar 12:18 <+catphish> send abuse report, firewall, forget 12:18 < ^7heo> free fuzzing audits. 12:18 < ^7heo> yay. 12:18 <+catphish> lol 12:19 < shtrb> abuse is useless , call the feds it's better 12:19 < ^7heo> with that and 4chan, one may wonder why compsec people aren't out of job yet. 12:19 <+catphish> shtrb: that's really not true 12:19 < ^7heo> yeah please call the feds on some russian guys. 12:19 <+catphish> the police can do nothing, the network admins can fix it 12:20 < ^7heo> totes clever. 12:20 <+catphish> some are lazy and don't, but not much you can do about that, just block their network and move on 12:20 < shtrb> ^7heo, call their FEDS 12:20 <+catphish> shtrb: lol 12:20 <+catphish> i think they have better things to do 12:20 < bubo> Hi 12:21 < bubo> any ideas why "dig @172.30.248.12 -p 8600 postgres.service.consul any" works but "dig @172.30.248.12 -p 8600 postgres.service.consul" doesn't and gives timeout? 12:22 <+catphish> that would rather depend on the dns server, i assume this isn't a normal setup 12:22 < aditya6502> wild guess but what records have the hostname postgres.service.consul? 12:22 < bubo> it's the consul dns interface 12:22 < ^7heo> shtrb: lemme guess, you're from the central US? 12:22 < bubo> aditya6502:give me a second 12:23 <+catphish> i assume he's from north america, i don't know anyone else who calls national police "feds" 12:23 < bubo> aditya6502: there is an A record and SRV record 12:23 < ^7heo> true, but I was attempting to guess their location more precisely. 12:23 < ^7heo> i.e. central US. 12:23 < ^7heo> (not central america) 12:23 < aditya6502> bubo: no idea then 12:24 <+catphish> somewhere where the police have the time and resources to pursue spammers 12:24 < bubo> catphish: do you have any idea what I can check to see why it doesn't work? 12:24 < ^7heo> so basically ohio or illinois or... 12:24 <+catphish> bubo: dns server logs 12:25 < bubo> catphish: this is what is there with "any" dns: request for name postgres.service.consul. type ANY class IN (took 492.37µs) from client 172.17.0.3:39825 (tcp), but if I do it without "any" it times out, it doesn't even get to the dns server it seems 12:25 <+catphish> that's a big leap of assumption 12:25 <+catphish> check logs, check packet captures, ask the vendor 12:25 < bubo> ;; connection timed out; no servers could be reached 12:26 <+catphish> those are the only options really 12:26 < bubo> dig times out 12:26 < bubo> okay, apparently +tcp works with both cases 12:26 < bubo> I guess "any" makes dig use tcp instead of udp 12:28 <+catphish> oh, that's entirely possible, didn't think of that 12:28 <+catphish> maybe it doesn't listen on udp, or you have a firewall problem 12:28 < bubo> I guess "any" uses a tcp connection to do multiple queries for all records, which is why it works 12:28 < bubo> that's my next step 12:29 <+catphish> no, it does a single request, but it's plausible it uses tcp to ensure there's space for all the answers 12:34 < bubo> that was it 12:34 <+catphish> cool 12:34 <+catphish> good find 12:56 < aditya6502> wew cool didnt know 12:59 < blaster> ahoty! 12:59 < blaster> - the t 13:00 < blaster> If my machine has the IP of 242.250.203.170 and I want to write a network mask that will cover the IP as it's dynamic what would it look like? 13:04 <+xand> blaster: that's not a valid address 13:05 <+xand> blaster: but if it were, who knows - you don't say what range the address could be in 13:05 < detha> how well it is covered would depend on how dynamic the address is 13:06 <+xand> 0.0.0.0/0 will definitely cover it 13:06 <+xand> or rather 0.0.0.0 13:07 < linux_probe> 0hn0 ;0 13:37 < screwsss> you know i have to say 13:37 < screwsss> the naming conventions of certain things can cause confusion 13:37 < screwsss> for instance... 'MAC' address 13:37 < screwsss> 'ps2' connector... 13:38 < screwsss> little bit of conflict of interest there heh... 13:39 < bezaban> ftp cable 13:39 < trae32566[w]> yeah but most things are that way 13:39 < trae32566[w]> I mean as far as naming conventions of PC parts 13:40 < bezaban> saw a documentary about outlaw motorcycle gangs (OMGs) yesterday 13:40 < trae32566[w]> those are a thing still? 13:41 < djph> how is "MAC Address" (or PS/2 Connector for that matter) a confusing term? 13:41 < djph> FTP cable is an annoying rename, yeah ... 13:42 < trae32566[w]> PS2 I could see 13:42 < trae32566[w]> as far as being conflict of interest 13:42 < bezaban> not that you would use either in 2018 ;) 13:42 < trae32566[w]> but that's more of a case of it being common, so it caught on 13:42 < djph> because the keyboard and mouse that have been using them since the late 1980s... 13:43 < bezaban> is stuff still delivered with ps/2? 13:43 < maya_> hey guys, what is the best way to track bandwidth usage on a single Tp-link wifi router access point? 13:43 < djph> not that I'm aware of 13:44 < bezaban> think there were some r720s or similarily aged that had some 13:44 < trae32566[w]> not new stuff 13:44 < trae32566[w]> old stuff, sure 13:44 < bezaban> but not seen on anything recent 13:44 < djph> I mean, I bet you could find "enthusiast" boards that have PS/2 still. But your general consumer board is all USB these days 13:44 < trae32566[w]> no 13:44 < trae32566[w]> it's all USB for recent stuff afaik 13:44 < Wang-> almost every mechanical keyboard I own, comes with the ps2 option 13:45 < bezaban> blast, what to do with my ps/2 adapter drawer 13:45 < trae32566[w]> shush 13:45 < trae32566[w]> I have PS/2 to PS adapters -_- 13:45 < trae32566[w]> remember PS? 13:45 < trae32566[w]> that fucking huge barrel? 13:45 < bezaban> hehe yeah, my favorite keyboard had one of those 13:46 < djph> looks like server boards still do PS2 ... but yeah, nothing super new - LGA-775, 1366 13:46 < djph> you mean the AT DIN connector? 13:46 < linux_probe> heh 13:46 < bezaban> that's the one I was thinking of 13:46 * linux_probe opens drawers and throws a half dozen at everyone 13:46 < ALowther_> Does anybody know why it was decided to use IP addresses? If MAC addresses are unique, why was routing not just directly with MAC addresses?...Most of the answer I've found online discuss the current IP/TCP stack and how it is necessary to have IP for that reason. But that doesn't answer the question. IP was created for a reason, and yes, now that it is so mainstream, that is how we communicate across the internet, but why didn't we j 13:46 < ALowther_> ust use MAC addresses for that in the first place? 13:47 < Wang-> there is no reason to use the USB port, if both your computer and keyboard has a PS/2 port 13:47 < trae32566[w]> Wang-: yes there is, ghosting. 13:47 < trae32566[w]> also, response time 13:48 < linux_probe> Universal Snail Bus 13:48 < trae32566[w]> ALowther_: MAC addresses are in *theory* unique. This is an important distinction. I've had duplicate MAC issues with Arris modems on Time Warner. I called them, and they basically said that yeah, every now and then a few go out with duplicate MACs, so... 13:49 < Wang-> what? PS/2 has lower responsetime than the USB port 13:49 < djph> ALowther_: because MAC addresses are for local communication. IP addresses are for "long range" 13:49 < trae32566[w]> also because MACs are a l2 concept, so they're local 13:49 < trae32566[w]> yeah 13:49 < trae32566[w]> exactly 13:50 < djph> ALowther_: your entire network talks using MAC addresses, not IP. IP only comes into play to determine "yes, this is local" 13:50 < trae32566[w]> djph: he was asking about *routing* with them. 13:51 < djph> because it doesn't work that way :P 13:51 < trae32566[w]> exactly. 13:51 < ALowther_> But my router doesn't know every IP address, couldn't it know the next MAC address hop just as it knows the next IP address hop? 13:51 < djph> that's exactly how it works 13:51 < trae32566[w]> it resolves the IP to a MAC 13:51 < trae32566[w]> effectively 13:52 < trae32566[w]> do a tcpdump 13:52 < trae32566[w]> you'll see 'WHO HAS: ' and 'I HAVE' 13:52 < ALowther_> So what purpose does the IP protocol give when it could just route hop to hop with MAC addresses? 13:52 < ALowther_> That is ARP, correct? 13:52 < trae32566[w]> yes 13:53 < djph> take IP packet, read destination IP. If a known locally-connected IP, resolve MAC and send to that MAC. If not local, find relevant gateway, resolve THAT gateway's MAC, send packet forward. Repeat "locality test, forward to upstream router" until you find a locally-connected router. 13:53 < screwsss> i was once on the phone to tech support and he was telling me to clone the mac address but asked me what it was first 13:53 < trae32566[w]> yeah but that was probably the gateway MAC, not the modem MAC 13:53 < screwsss> and my friend who was nearby thought it meant something to do with the macintosh i happened to be on and i he was like just a minute while i find it 13:53 < trae32566[w]> lol 13:54 < djph> ALowther_: think of it like a letter. You can't just stick "123 Main Street" in the destination address, and expect it to get to the RIGHT "123 Main Street". 13:54 < linux_probe> who has to p 13:54 < linux_probe> i has to pee 13:54 < ALowther_> djph: If there were only 1, 123 main street I would. 13:54 < screwsss> im like "no... not THAT mac, something else" and he was like "oohh" 13:54 < trae32566[w]> I think I know someone who can help with that if that's what you're askin. 13:54 < trae32566[w]> LOL 13:54 < djph> ALowther_: there isn't. 13:55 < trae32566[w]> ALowther_: also, you wouldn't. It doesn't work that way, they'd reject it most likely without all the other stuff. 13:55 < djph> ALowther_: the only thing that a MAC address MUST be, is unique to a *local* segment. 13:55 < ALowther_> So then IP is important because MAC addresses aren't truly unique? If they were, then maybe MAC addresses could be used as the main means for routing. 13:56 < trae32566[w]> thing is 13:56 < trae32566[w]> "local segment" could be a /28 13:56 < djph> no, they can't. They were never designed to be used in that manner. 13:56 < trae32566[w]> or a /18 13:56 < trae32566[w]> as is my case 13:56 < SwedeMike> ALowther_: that doesn't scale to global scale with billions of devices. 13:56 < bezaban> ip has subnetting which is helpful for routing 13:57 < trae32566[w]> SwedeMike: in fairness, neither does IPv4 in its initial incarnation. 13:57 < trae32566[w]> I mean it does with NAT, but even then it's a close call, and it causes issues. 13:58 < SwedeMike> trae32566[w]: which is why I have been involved in IPv6 rollout since 2008. 13:58 < bezaban> the routing tables for non-hierarichally based addressing would become crazy 13:59 < trae32566[w]> SwedeMike: I've got pretty much everything using IPv6, though at the moment I'm having issues with TWC for some reason 13:59 < trae32566[w]> it's pissing me off actually 14:00 < trae32566[w]> I get a DHCPv6-PD lease, everything works for like ~30 minutes, then it dies 14:00 < ALowther_> SwedeMike: MAC doesn't scale because they aren't unique, correct? 14:00 < trae32566[w]> and I noticed in the radvd config, EdgeOS has the lease lifetime set to infinity 14:00 < trae32566[w]> so I'm wondering if it's somehow hard coding the lease lifetime instead of renewing? 14:00 < trae32566[w]> DHCPv6-PD is still murky to me 14:01 < SwedeMike> ALowther_: well, that's one problem, but the main problem is that you can't fit a list if billions of devices into a router and hope it'll be able to know where to send what packet, and also update this as destinations change. 14:01 < Dagger> trae32566[w]: v4 scales fine, just not to enough devices for the current internet. MACs don't scale fine at all 14:01 < Dagger> (v6 scales in exactly the same way as v4 does, just to more devices) 14:01 < trae32566[w]> Dagger: ....then it doesn't scale, does it? If it has a cap that has been reached, it is by definition, no longer scaling. 14:01 < SwedeMike> trae32566[w]: PD should work all the time. If you want to know a bit more how the router is supposed to behave, you can read RFC7084 around the prefix delegation parts. 14:02 < trae32566[w]> SwedeMike: I know, but figuring out whether UBNT or TWC is the problem is my current issue 14:02 < trae32566[w]> from my end, it looks like packets just drop to everything 14:02 < ALowther_> SwedeMike: But IP doesn't do that either, does it? It just knows the addresses of the devices connected directly to it. Both MAC & IP. 14:02 < SwedeMike> trae32566[w]: right. I have PD working using an ubnt ER5, so it seems to be mostly working. 14:03 < trae32566[w]> ER POE 5? 14:03 < trae32566[w]> I used to have one 14:03 < trae32566[w]> I have an ER4 now :D 14:03 < SwedeMike> ALowther_: IP does aggregation, so it knows blocks of addresses. So a million devices can be represented by a single routing entry. 14:03 < SwedeMike> trae32566[w]: yes, the POE one. 14:03 < trae32566[w]> they suck ass at IPsec :( 14:03 < Dagger> trae32566[w]: I mean it's |log x| rather than |x^2| (or something; no, I didn't work those out properly) 14:03 < SwedeMike> trae32566[w]: ER4 should be the same from a control plane POV. 14:04 < trae32566[w]> Dagger: oh no doubt it's definitely worse, I was just saying it doesn't scale either. 14:04 < ALowther_> SwedeMike: Like routing on an ISP level, taking into consideration geographical locations? So, for these million addresses which are due east, send to the router due east of here? 14:04 < SwedeMike> ALowther_: kind of like that, yes. 14:04 < Dagger> trae32566[w]: yes, there's a cap in v4 that's too small, which is obviously a problem, but the scaling *model* is otherwise fine. all it really needs is more bits 14:04 < trae32566[w]> which means IPv4 is NOT scalable, IPv6 is :P 14:04 < Dagger> which is most of what v6 does. v6 doesn't change the IP model 14:05 < trae32566[w]> SwedeMike: you sure? It's an entirely different design, it uses a newer quad core 14:05 < trae32566[w]> also different clock speed and whatnot 14:05 < trae32566[w]> I'd assume along with that the ASIC would change 14:05 < SwedeMike> trae32566[w]: the DHCPv6 PD client and code to hand out address to other interfaces etc should be the same code base. 14:05 < trae32566[w]> given it's all one package afaicr 14:06 < trae32566[w]> SwedeMike: yeah I know, I just meant performance wise 14:06 < SwedeMike> trae32566[w]: control plane, not forwarding plane. 14:06 < trae32566[w]> OH 14:06 < trae32566[w]> duh 14:06 < trae32566[w]> my bad. 14:06 < Dagger> it's scalable, with a cap on how far it scales. for v4, the cap is too small for our current internet, and for v6 it isn't 14:06 < trae32566[w]> IP is 14:06 < trae32566[w]> V4 is not 14:06 < trae32566[w]> that was my point :P 14:07 < trae32566[w]> SwedeMike: any ideas on troubleshooting? without access to the device upstream, I'm screwed, and it's TWC residential, so you know they aren't gonna do anything useful. 14:07 < Jmabsd> Any recommendations for 4x or 6x SFP+ 10gbps port NIC? 14:07 < trae32566[w]> they don't sell those in a normal form factor 14:08 < trae32566[w]> AFIAK 2 is the most you'll find commonly 14:08 < trae32566[w]> at least as far as PCIe goes 14:08 < trae32566[w]> *if* you can find >2, it's gonna make your wallet hurt. 14:08 < SwedeMike> trae32566[w]: "tcpdump -vvv port 547 or port 547" towards TWC, check timers and see what happens over time. 14:09 < trae32566[w]> will do, I appreciate it 14:09 < Dagger> whereas MACs just wouldn't scale well at all for the internet. having every device track updates to every other device's current network location is not going to work 14:09 < SwedeMike> trae32566[w]: there is also an DHCPv6 log in the ER you can take a look at. 14:09 < trae32566[w]> yeah I did 14:09 < ALowther_> SwedeMike: Okay, thanks. I will try to let that sink in. 14:09 < trae32566[w]> it's useless 14:09 < trae32566[w]> it has literally 1 line 14:09 < trae32566[w]> SwedeMike: you think it'd be worth it to try the arista I have as the gateway? It should at least do basic DHCPv6, so I could try that and see if it's the device. 14:10 < trae32566[w]> well, DHCPv6 *client* that is. 14:10 < trae32566[w]> actually I could probably get it to do DHCPv6 pretty trivially 14:10 < SwedeMike> trae32566[w]: well, I get lines like "May/21/2018 21:51:50: update_ia: status code for PD-1: success" periodically, and no errors. 14:11 < Jmabsd> trae32566[w]: they exist in normal form factor. 14:12 < trae32566[w]> oh *now* it shows. 14:12 < trae32566[w]> Jmabsd: do they cost out the ass? 14:12 < trae32566[w]> I would expect so. 14:13 < trae32566[w]> SwedeMike: https://paste.fedoraproject.org/paste/B650mP6tHuMwcNdx-Ye2og 14:13 < SwedeMike> trae32566[w]: don't know about arista. I would try perhaps an OpenWrt device, they're known to work. You can even do this on a pc. 14:13 < trae32566[w]> arista devices are basically fedora-based switches. 14:13 < trae32566[w]> lol 14:14 < danieli> and PA are centos basewd 14:14 < danieli> based* 14:14 < danieli> that's the only thing i don't really like 14:15 < SwedeMike> trae32566[w]: well, that doesn't look good. unfortunately I know of no good way to get good data out of their dhcpv6 client, so I typically resort to tcpdump. 14:16 < trae32566[w]> yeah.... I have a feeling this might be a serious pain 14:16 < trae32566[w]> also, https://paste.fedoraproject.org/paste/NW8SAzZwWUL6Wj5bMSN1EQ if you were curious 14:17 < Jmabsd> trae32566[w]: https://www.sfpcables.com/pci-express-x8-quad-port-10gigabit-server-adapter-intel-xl710-based/?source=10gtekProductPage not rly, but yeah not supercheap at all. 14:18 < trae32566[w]> oh wow nice 14:18 < trae32566[w]> honestly though, it might just be easier to go dual QSFP+ 14:18 < SwedeMike> well, Juniper boxes run BSD and Cisco is going Linux for their hypervisors nowadays. 14:18 < SwedeMike> and Ubiquti is basically stripped down debian 14:18 < danieli> yep 14:19 < danieli> ubnt cloud keys are mediatek devices with modified debian 14:19 < SwedeMike> unix is eating the world. 14:19 < trae32566[w]> yeah the interesting thing about arista is they use AMD processors ... 14:19 < danieli> eating the world since the 1980s 14:19 < trae32566[w]> broadcom switch chips and AMD processors, apparently. 14:26 < trae32566[w]> well shit. 14:26 < trae32566[w]> https://community.ubnt.com/t5/EdgeRouter/dhcpv6-pd-failing-after-a-while/td-p/1275807 14:27 < trae32566[w]> kinda curious if TWC is having similar issues. 15:10 < cluelessperson> what's the proper way to set the network used by a hostname in a systemd? 15:11 < cluelessperson> /etc/hostname /etc/hsots 15:11 < cluelessperson> do I do, /etc/hosts hostname.network ? 15:11 < grawity> /etc/hostname for setting the actual hostname (unless your distro puts it elsewhere, but hostnamectl should find it anyway) 15:11 < djph> you mean the FQDN for a host? 15:11 < grawity> mmmaybe /etc/hosts to make sure it's resolvable, depending on requirements 15:12 < grawity> if you want programs to be detecting a specific FQDN, yeah, my preferred method is via /etc/hosts 15:12 < grawity> "127.0.0.1 foo.example.com foo localhost" 15:12 < cluelessperson> djph: grawity so, I'm unsure. I have different subnets here run by a default DHCP server. hostname.{infrastructure, guest, internal, servers, etc} 15:13 < djph> OK 15:13 < djph> and ... 15:13 < cluelessperson> in the future, I will setup my domain name to do 15:13 < cluelessperson> monitoring.servers.cluelessperson.com 15:13 < djph> DHCP should be handing out the site suffix 15:13 < djph> er the domain suffix 15:13 < djph> ... whatever, I need more coffee 15:13 < cluelessperson> djph: well, at the moment I have DHCP just hand out ip, and I set hostname manually in the servers. 15:14 < grawity> cluelessperson: don't mix up the hostname and the domain 15:14 < cluelessperson> ah 15:14 < shtrb|work> cluelessperson, hostnamectl if you really think about The project that shall not be named 15:14 < grawity> systemd systemd systemd 15:14 < djph> hostname = server. domain = servers.clueless.net. 15:15 < shtrb|work> cluelessperson, and if you are into DNS and dhcp make sure you send the hostname in the request , that way you can tie in your dhcp server 15:15 < grawity> cluelessperson: what's your main usage of these domains? 15:15 < Psi-Jack> djph: But.. No... 15:15 < Psi-Jack> you're all sorts of messed up there. :_) 15:16 < Psi-Jack> systemd! <3 15:16 < shtrb|work> should be dealt with fire 15:16 < cluelessperson> grawity: personal, learning to setup enterprise environments. 15:16 < djph> Psi-Jack: wich part? needing coffee, or the hostname / domain-name components? 15:16 < Psi-Jack> shtrb|work: Take your nonsense elsewhere then. 15:16 < shtrb|work> Psi-Jack, sorry , but it was auto replace 15:16 < Psi-Jack> djph: The latter. You were inconsistent. :) 15:17 < grawity> "systemd: when said out loud, can be used to discover sysadmins in the current broadcast domain" – twitter 15:17 < grawity> cluelessperson: no, I meant mainly what programs want the domain to be configured 15:17 < Psi-Jack> shtrb|work: Uh huh. Please keep those comments to /dev/null. ##linux needs not see them. 15:17 < djph> Psi-Jack: hostname = someserver / domain = servers.clueless.net / FQDN = someserver.servers.clueless.net ? 15:17 < shtrb|work> Psi-Jack, sorry 15:17 < djph> Psi-Jack: we're in ##networking ... 15:17 < Psi-Jack> djph: Inconsistency again. 15:18 < grawity> like my sister's driving instructor 15:18 < grawity> just kept repeating "nope, you're wrong" until success 15:18 < Psi-Jack> Okay, ##networking need not see them too. :p 15:18 < djph> Psi-Jack: what're you looking for; host = someserver / subdomain = servers / domain = clueless / TLD = net ? 15:18 < Psi-Jack> djph: hostname = someserver, domain = clueless.net / FQDN = somserver.servers.clueless.net 15:19 < grawity> eh? what makes "servers.clueless.net" not a domain? 15:19 < Psi-Jack> With correcting the typo on the hostname part of FQDN I did. ;) 15:19 < cluelessperson> grawity: oh nothing. I just need to figure out how it *should* be done. :) 15:19 < dogbert2> whazzup? 15:20 < Psi-Jack> You cannot register a 3-part domain. Though you can treat a 3-part domain as if it were a domain name. Usually however, a domain is 2 parts. 15:20 < grawity> but domains aren't defined by whether they're registered 15:21 < grawity> also *cough* example.co.uk 15:21 < Psi-Jack> True. :) 15:22 < grawity> I guess i'm curious about the difference between 'domain' and 'domain name' in this context 15:22 < shtrb|work> https://threatpost.com/linux-systemd-bug-could-have-led-to-crash-code-execution/126605/ obligatory if we think about DNS and system50 15:23 < Psi-Jack> shtrb|work: Are you still on about that? 15:23 < shtrb|work> Was with a delay 15:23 < grawity> https://blogs.forcepoint.com/security-labs/vulnerability-glibc-could-lead-remote-code-execution-cve-2015-7547 15:23 < grawity> clearly we should all migrate to musl 15:24 < Psi-Jack> https://www.cvedetails.com/product/17956/Nginx-Nginx.html?vendor_id=10048 15:25 < Psi-Jack> Clearly... We should just stop using the web. 15:25 < Psi-Jack> https://www.rapid7.com/db/modules/exploit/unix/irc/unreal_ircd_3281_backdoor and IRC 15:27 < shtrb|work> grawity, libc is not an init system or an email client .. 15:28 < grawity> shtrb|work: systemd is not an email client either, what's your point? 15:29 < shtrb|work> grawity, it was bad pun about them implementing everything , but if I need to explain it wasn't a good one 15:40 < jadesoturi> tds, when you solved the rest of the puzzle yesterday, what was the answer to step 8 ? are they talking about the second subnet of /27 ? and that would be 63, right? but its not accepted as the answer? or am i totally blind and missing something? 15:45 < djph> your math is off somewhere jadesoturi 15:46 < jadesoturi> hmm what do you mean ? 15:46 < regdude> second network .64 is for /26 15:46 < jadesoturi> ahh. well thats what i was wondering about, which "second" are they talking about... 15:46 < djph> maybe I'm misreading what you're asking 15:47 < jadesoturi> but 64 is wrong as well. hang on. 15:47 < jadesoturi> https://puzzle.webhuset.no/26 15:48 < SwedeMike> first /26 is 0-63, then a /27 after that is 64-79 15:49 < SwedeMike> with 79 being the broadcast address 15:49 < jadesoturi> 79 isnt accepted as a solution :/ 15:50 < tds> seeing as this is a jobs style challenge, shouldn't you be doing it yourself? ;) 15:50 < jadesoturi> tds, im not applying :P just want to see if i can make it and maybe learn something along the way :) 15:50 < jadesoturi> but i dont get the hint... :/ 15:51 < tds> ah, fair enough 15:51 < djph> because 79 is wrong 15:51 < djph> SwedeMike: your math is off 15:52 < djph> a /27 is 32 addresses (30 hosts)... 15:52 < jadesoturi> yeah with 31 being the first broadcast and 63 the second, right? 15:54 < SwedeMike> djph: right, so 95. My bad. 15:54 < jadesoturi> wait. what? 95? isnt that the third ? 15:54 < SwedeMike> jadesoturi: so I revise my answer. 63 is the first /26 broadcast address, 95 being the /27 following it. 15:55 < jadesoturi> SwedeMike, ok. i got this wrong somehow then.. 15:55 < SwedeMike> jadesoturi: 0-31 is the first /27, 32-63 is the second /27, 64-95 is the 3rd. But the question was to begin with a /26, which is two /27. 15:56 < djph> jadesoturi: it's the third "/27" sure ... but since the previous customer used the "first /26" worth of addresses ... 15:56 < jadesoturi> ohh. ok.. got you know.. 15:56 < amosbird> Hi, how can I crack this localhost site using brute force method ? https://la.wentropy.com/XtB6 15:56 < amosbird> the username is known as admin 15:59 < djph> amosbird: by piping it all into /dev/null. 16:01 < tonsofpcs> hi all. I've got some UDP unicast flooding because a destination device isn't sending out any traffic (but it does exist) - is there some trick to make sure it fills the MAC tables of the switches along the link? 16:01 < regdude> you mean unknown multicast flood? 16:02 < tonsofpcs> no, unicast. 16:02 < regdude> well, eitherway, ping will add host entries to all switches in the way 16:02 < tonsofpcs> the destination isn't in any MAC tables so the switches in the traffic flow send it out to all ports (on the VLAN). 16:03 < regdude> some switches support static host entries 16:05 < tonsofpcs> regdude: yea, trying to avoid that if possible in case there's a failure and it needs to be moved in a hurry to troubleshoot (it doesn't help that this udp stream is the flow for a 24/7 service) 16:05 < tonsofpcs> let me try a ping, see if it replies 16:05 < Hack5190> We have been asked to block google services (gmail, etc) and still allow employees to access googles search engine. Looking for suggestions on how to accomplish this. 16:05 < tds> if the device with that mac is up (and presumably responding to arp anyway if you're sending unicast udp to it), I'd expect mac learning on the switches to work 16:06 < screwsss> so ps/2 *doesnt* mean playstation2 16:06 < tonsofpcs> Hack5190: redirect google.com to duckduckgo.com ? 16:07 < regdude> tonsofpcs: you need to find a protocol that it replies to, usually ping is enough. If ping works, you want to create a script that pings this device each 5minutes (or whatever is your age timer set) 16:07 < tonsofpcs> regdude: ya, that's the hope. If not, it's port-scan time I guess... 16:07 < Hack5190> tonsofpcs, that would work for me personally - but not the bosses 16:08 < tonsofpcs> tds: it is. It's getting the full unicast and pushing it out a serial port and I can see the results from here so it's up... I guess if ping doesn't work I can arp at it all day long... 16:08 < tds> you'll need something doing DPI, but it should be possible to filter http/https traffic based on the host header or SNI header for tls 16:08 < tonsofpcs> Hack5190: you can... what tds said. 16:08 < tds> tonsofpcs: hmm, so is all the traffic one way, with the device on the other end never replying? 16:09 < tonsofpcs> tds: yup. Set up a test on my bench last week with the same make/model device and saw no reply traffic in wireshark on a port mirror. 16:09 < tonsofpcs> 20 Mbit in, 0 bit return. 16:09 < regdude> it is quite common, but maybe you are allowed to configure something on this "ghost"? 16:09 < tds> hmm, stupid thought, if it responds to arp can you drop the arp timeout on the sending device so it regularly re-arps for the destination and the switches learn the path? 16:09 < regdude> for example, LLDP 16:09 < Hack5190> let me look into it, thanks tds 16:10 < tonsofpcs> sending device is same make/model, black box essentially with 4 buttons for control, setting IP, setting destination IP, setting UDP or RTP (I switched to RTP, it showed up in the tables, then disappeared again) 16:11 < regdude> does it have DHCP? 16:12 < tonsofpcs> trying the pings now (had to get to a machine on that network that have pings) 16:12 < tonsofpcs> in theory yes, in practice people complain on their website about it not working, I've got one on my bench that I switched DHCP on about 15 minutes ago for testing to see if it is stable. 16:13 < nostrora> Hi, i have question about my lan server. i've set up an website in foo.bar to access it from WAN. if i try to access it from my LAN. does it pass by internet or directly by lan ? 16:13 < nostrora> i don't know if i'm clear ^^ 16:13 < regdude> tonsofpcs: one way to deal with this is by using DHCP and set the lease-time to less than 5minutes 16:13 < tonsofpcs> nostrora: it will be by LAN but you'll need DNS set right 16:14 < tonsofpcs> ah, seems it replies to pings! 16:14 < tonsofpcs> regdude: yea, that was the thought (if it works) 16:14 < tonsofpcs> going to see if the flooding has gone away. 16:14 < nostrora> tonsofpcs: what i have to do with my dns ? 16:14 < regdude> then you are in luck, you can simply create a cronjob to ping it every 4 minutes 16:14 < tonsofpcs> nostrora: presuming you're on IPv4 and NAT'd that is. If you're not NAT'd then it's just the same on both sides. 16:15 < tonsofpcs> foo.bar has to resolve to what the server looks like to the outside world on WAN and what it looks like to the inside world on LAN 16:15 < nostrora> tonsofpcs: exactly, i have a nextcloud.foo.bar. when i on my lan i want the full speed of my gigabit ethernet! and without change the url. but the domain is point to the WAN ip 16:16 < nostrora> tonsofpcs: so NAT can "convert" WAN IP to LAN IP ? 16:16 < tds> see this is why we need telementary in these devices to phone home every 30 seconds with usage data, then the forwarding table entries won't expire ;) 16:16 < tonsofpcs> right, so you need to add a DNS entry on your DNS server for your LAN that points to the internal LAN IP of the server. 16:16 < tonsofpcs> tds: this thing doesn't even have an IP control interface. It's literally a bunch of microswitches on the front panel with a 2-line LCD. 16:16 < nostrora> tonsofpcs: but domain is already pointing on WAN ip 16:17 < tonsofpcs> it's the only major detriment of it. 16:17 < tonsofpcs> nostrora: right, you need different DNS outside and inside. 16:17 < tds> ^ if you want to know how to set that up with whatever dns server you're using internally, the term to google is split dns 16:18 < nostrora> Nice :) thanks a lot ! 16:18 < tds> the other alternative is nat reflection, but then the traffic may take a worse path since it'll go via your router 16:19 < tds> (or you can just scrap this nat mess and move everything to ipv6 :) 16:19 < tonsofpcs> tds: (I wish) 16:20 < tds> I got fed up with nat and moved all of my personal network to single stack v6, it's much nicer now 16:20 < tds> but yeah, in many cases it's not possible yet :/ 16:32 < tonsofpcs> hmm. Setting a device to ping it with -i 240 (switches have 300s timeouts) caused the flood to stop for a bit (5-10 minutes) but it has returned.... 16:33 < regdude> tonsofpcs. this is why I mentioned to create a cronjob. These host entries do expire after the age timer, which is usually 5 minutes 16:34 < tonsofpcs> regdude: right but shouldn't a ping -i 240 have the same results as a ping -o (exit after reply) every 4 minutes? 16:34 < regdude> oh wait, the -i 240... well, what happens if you decrease it? 16:34 < tonsofpcs> oddly the switch shows the MAC in its table... 16:36 < tonsofpcs> hmmm, maybe that's a different traffic flood... 16:37 < regdude> didn't you have multiple switches? check all those switches 16:37 < regdude> it can only be a different traffic flood if a different device is flooding 16:39 < tonsofpcs> I'm setting a port to have just that vlan on it and a device plugged in so I can definitely say if that's the flood or not 16:39 < tonsofpcs> need to wait 5 minutes for the HP rates to catch up... 16:42 < tonsofpcs> (the other 'flooding' is multicast on that other VLAN, someone could have subscribed to it, hence my dropping of it from a port) 16:51 < The_Dude> What sort of interface do you call the front loading cards for network devices such as SFP+ etc.. Its square with two screws on either side 16:51 < arooni> how come i'm seeing May 22 09:42:07 LilArooni kernel: [ 339.164034] [UFW BLOCK] IN=wlan0 OUT= MAC=64:80:99:18:ab:48:84:d6:d0:14:8d:8a:08:00 SRC=192.168.1.159 DST=192.168.1.101 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=1708 DF PROTO=TCP SPT=46774 DPT=22 WINDOW=65535 RES=0x00 SYN URGP=0 ;; when i have this rule in ufw status:: 22 ALLOW 192.168.1.159 16:52 < jarlopez> I'm trying to get a server/client setup between two EC2 instances in the same VPC and security group. The security group is set to allow all incoming traffic from within the group. I'm spinning up the server listening on 127.0.0.1:8080 and the client is refused connection to the server's private EC2 IP. ANy tips? 16:53 <+catphish> The_Dude: line cards maybe 16:56 <+catphish> line cards look like this: https://www.myriadsupply.com/media/cache/2a306c1092d40858588aab52260c94f6/all-module_7.png 16:56 <+catphish> or https://cdn3.volusion.com/oamgn.raxnx/v/vspfiles/photos/EX9200-32XS-2.jpg 16:57 <+catphish> or https://www.disctech.com/SCASite/product_images/WS-X4148-RJ45V_1000-2.jpg 16:57 < jarlopez> My client had a hardcoded 127.0.0.1:8080 |: 17:00 < The_Dude> Yeah thats it thanks however there are different sizes right? 17:00 < The_Dude> Some are rectangle and some are square it seems 17:03 <+catphish> The_Dude: yep, there's no standard, they're different for different devices 17:03 < The_Dude> No more like this http://www.advantech.com/products/e5e66f28-41d0-47f3-9810-9d3f0edfc44e/nmc-1009/mod_56b1f1c2-8ab7-4141-a0b6-19e35bb69a97 17:03 <+catphish> most are either 19" or about 1/4 of that, and 1U high 17:03 < The_Dude> I guess they are NMC's 17:04 <+catphish> yeah, that's the same 17:04 <+catphish> they call it an "io module" 17:04 <+catphish> others call it a line card 17:04 <+catphish> but it's totally non-standard 17:04 < The_Dude> Ahhh k thans just wondering because it says its pcie 17:04 <+catphish> yeah, some of them are pci-e 17:05 < The_Dude> but front loading wondering if there is a name for the front loader I'm looking for because when I look for cards its always the regular interior cards 17:05 <+catphish> but only electrically, the physical layout is proprietary 17:05 < errst> hello everyone 17:05 <+catphish> afaik there's no standard for front loading pcie 17:06 < errst> is it possible to send data over IP? 17:06 <+catphish> that's literally what it's for 17:06 < The_Dude> hmmm SR interface 17:07 < errst> catphish, without any protocol? such as TCP, UDP? 17:07 <+catphish> errst: it would be highly unusual, but yes, you would have to define your own protocol at that layer 17:08 <+catphish> errst: here's the list of existing protocols, usually you'd choose an existing one, but nothing stopping you making your own https://en.wikipedia.org/wiki/List_of_IP_protocol_numbers 17:09 <+catphish> normally you use UDP, because you're sane :) 17:09 < errst> :) 17:09 <+catphish> which is basically just raw data over IP, but with port numbers so you can run multiple services on the same IP 17:11 < errst> catphish, thanks for the clarification. 17:11 < tds> the other key thing about udp is that stateful firewalls and NAT devices understand it, so it'll work in the real world 17:12 < errst> i see 17:12 < errst> is there any resources you'll recommend for me to start from stracth to learn networking 17:13 < tonsofpcs> yay, ping is working. 17:13 < errst> like whole network, is this called OSI model? 17:13 < lupine> the OSI model is basically theoretical 17:13 < tonsofpcs> thanks tds and regdude :) going to find a permament solution 17:14 < errst> lupine, but it's true that whole network is total of 7 layers? 17:16 < sigma__> I'm having an issue copying files from a mounted SMB share and it seems to be network related. https://hastebin.com/raw/izevawujoc 17:17 < sigma__> In short, it works or doesn't work depending on which subnet the SMB client host is on. 17:17 < sigma__> All hosts are using the same cifs mount configuration. 17:18 < sigma__> In the tcpdump output from my hastebin link, it looks like the non-working clients suddenly stop hearing back from the server, even though the previous communications were successful over the same ports. 17:21 < lupine> errst: no, that's a model that doesn't make a lot of sense in the real world 17:21 < lupine> for instance, ARP is a an "OSI layer 2.5 protocol" because OSI doesn't model that very well 17:22 < lupine> you can describe things in OSI terms, it's just not a great fitr 17:22 < regdude> in the real world, there is layer1 and protocols 17:23 < lupine> https://en.wikipedia.org/wiki/OSI_model#Comparison_with_TCP/IP_model gives you a vague mapping between OSI terminology and deployed reality 17:23 < electricmilk> lupine, How is ARP layer 2.5? 17:24 < lupine> it's glue 17:25 < lupine> sorry, 1.5 17:25 < lupine> https://en.wikipedia.org/wiki/Link_layer#Relation_to_OSI_model 17:26 < electricmilk> Ah I found this statement helpful: Normally, a protocol from layer N+1 is encapsulated with the header of the protocol from Layer N, but protocols like arp, stp, cdp, icmp and igmp are exceptions because are encapsulated with a header of a protocol from the same layer. 17:26 < errst> lupine, what'd u recommend? 17:26 < lupine> learning the thing to pass the exam 17:27 < lupine> but also note conceptual enhancements like https://en.wikipedia.org/wiki/Layer_8 17:27 < lupine> it's handy enough when talking about networks in the abstract, but don't expect to ever do that outside of exam conditions 17:28 < electricmilk> errst, Which exam? 17:29 < errst> electricmilk, pardon me? 17:30 < electricmilk> errst, Were you asking about the OSI model for an exam? 17:30 < electricmilk> errst, I came in after your question 17:30 < errst> nope 17:30 < electricmilk> ah my bad 17:30 < lupine> I stand corrected :D 17:31 < lupine> (I learned about it for an exam in 2001, and haven't used that knowledge since) 17:31 < electricmilk> I'll use the model for troubleshooting sometimes 17:33 < electricmilk> I like the TCP model where they separate physical and data link...the 5 layer model 17:33 < electricmilk> Physical, Data Link, Network, Transport, Application 17:34 < electricmilk> Who the hell cares about session and presentation 17:54 < Apachez> ARP is a layer2 protocol 17:55 < Apachez> it has its own ethertype 17:58 < screwsss> anyone here seen desktop pc's with 2 ethernet ports? 17:58 < screwsss> whats that all about 17:59 < screwsss> one for upstream and one for down 17:59 < screwsss> or both for both 18:00 < danieli> or neither 18:01 < Donjuanal> windows doesn't handle load balancing across multiple interfaces well, so it'd ideally be for 2 interfaces on different networks. 18:01 < Donjuanal> if you run linux you can do a lot of things like bond them together, load balance, etc 18:01 < FatalFUUU> I'm looking for a gigabit PoE switch - 24+ ports. I can either get a HP V1910-24G-PoE (JE007A) or for slightly more a 48 port Alcatel OmniSwitch 6400-P48 but I know nothing about these switches 18:13 < spaces> huh ? will Domain WHOIS information dissapear because of GDPR ? 18:35 < cthulchu> hey folks, I wonder if web socket creates significant amount of additional traffic by keep-aliving the connections 18:36 < cthulchu> it has to send like one tcp packet every second or so to keep the connection. 18:37 < cthulchu> I think, on average, we end up with a lot more tcp packets flying around comparing to the non-WS solutions 18:38 < ||cw> cthulchu: depends on how large the application data part of the ping is 18:38 < cthulchu> Well not larger than one tcp packet 18:38 < cthulchu> what is it? 32kb? 18:38 < cthulchu> don't remember 18:39 < cthulchu> cuz ping has very little info. they payload is actually not needed 18:39 < ||cw> also, the ping interval is not standard, each implementation sets thier own time 18:39 < cthulchu> I think the keep-alive happens is on the lower level 18:39 < cthulchu> yeah 18:39 < cthulchu> we still end up with a lot more packets than normally. 18:40 < cthulchu> yeah, tcp keepalives have no data 18:40 < cthulchu> no payload 18:40 < cthulchu> it's implemented on transport layer 18:40 < cthulchu> beautiful 18:41 < CutieCat> omg!! it's cthulchu 18:41 < cthulchu> kek 18:42 < cthulchu> oh, the size of tcp keepalive is very small 18:42 < cthulchu> 54-60 bytes! 18:42 < cthulchu> hm 18:42 < ||cw> it's all trade offs. if you're using ajax on timers every 30 seconds to check for data that you might get every few minutes, WS's pings are probably less data 18:42 < ||cw> and that frequent http 1.1 is going to have tcp keepalives anyway 18:43 < cthulchu> correct me if I'm wrong, I always thought that the physical size of a tcp packet is the same. it just sends empty body with the same size as if it had info 18:43 < ||cw> if the browser is being smart 18:43 < cthulchu> nah, it's more about web-servers 18:43 < ||cw> you might be thinking of MTU 18:43 < cthulchu> they don't support keep-alives by default 18:44 < cthulchu> so TCP packets can actually be very small? so, theoretically, if I want to throttle a channel or, say, do the TCP DOS, I have to make sure I send TCPs with actual data? 18:45 < cthulchu> hell why did I think they're always the same size 18:59 < Apachez> this will be fun, nato nerveagent found at daycare in sweden https://www.aftonbladet.se/nyheter/a/bKbeq3/glasampuller-hittade-vid-forskola--manniskor-saneras 19:13 < jatto> hello guys. Do you have a suggestion on a system that I could install on a VM and configure vie web UI with the purpose of performing network analisys? 19:13 < drudge`> did anyone make progress on that web puzzle https://puzzle.webhuset.no/26 19:14 < jatto> drudge`: 95 19:17 < drudge`> how do you get 95 19:18 < jatto> drudge`: First /26 of a network is x.x.x.0 - x.x.x.63 19:18 < drudge`> kist start from 0...ah 19:19 < jatto> if you take the next IP space and you subnet it with /27, you get x.x.x.64 - x.x.x.95 19:20 < drudge`> i was trying to figure out where to start....didnt think about starting from x.x.x.0 lol 19:34 < Windy> so, we just started getting reports of SSL cipher mismatch warnings on several large sites. facebook, and linkedin so far. it's not 100%, some users are unaffected, and sometimes if your refresh it will load correctly, but then fail next time 19:35 < Windy> no proxies, no ssl decryption... 19:37 < Windy> seems like we're seeing a tls downgrade attack somewhere in the middle 19:40 < Poster> you may check browser versions, there is a 2 round deprecation of certificates issues by digicert which is impacted to Chrome and Firefox 19:47 < Windy> Poster: we're seeing it in the latest version of chrome, and IE10 so far 19:48 < Windy> Poster: but the error is ERR_SLL_VERSION_OR_CIPHER_MISMATCH 19:50 < Poster> sounds like they may have something off to some but not all systems, perhaps their CDN is having trouble 19:54 < Windy> i wonder if facebook and linkedin share a cdn? 20:02 < fr0tzed> markie is such a pussy 20:04 < kottt> who 20:06 < Apachez> markie mark von zackerburg 20:22 < Windy> i got a packet capture. the client sends a supported_versions extension which looks fine but the server hello it receives in that same extension, but malformed 20:23 < user3> i'm looking for an easy way to check in a shell script if I have a working internet connection. that doesn't have to be 100% reliable 20:23 < user3> i'm trying this, and that seems to be working: 20:24 * spaces sets mode: -v catphish_ 20:24 < user3> if ping -c1 google.com 2>/dev/null | grep -q "^1 packets transmitted, 1 received" 20:24 < user3> then echo up; else echo down; fi 20:24 < user3> is there a simpler way to do that? 20:25 < user3> maybe with the command ip? 20:30 < user3> this works to redirect the standard error output: mycommand >&/dev/null 20:30 < user3> oops wrong channel 20:30 < user3> sorry 20:30 < Apachez> according to mainstream media 7 ampulls were found at the daycare containing osmiumtetraoxide 20:31 < user3> osmiumtetraoxide is that liquid or solid 20:31 < Apachez> and now the firefighters are stripping their cloths who are put in black plastic bags... so I guess they found at least one broken ampull 20:31 < Apachez> user3: turns to gas at around +40C 20:31 < user3> i though that F and C were equal at -40C/-40F instead 20:31 < user3> thought 20:38 < djph> they are 20:38 < user3> osmiumtetraoxide is probably a very heavy gaz above +40C 20:39 < djph> but +40C is another matter entirely 20:40 < kottt> user3: you might have better luck with the scripting part in a more bash/linux/shell-focused channel. However, in terms of testing connectivity, you want to verify IP and DNS, so you would ping 8.8.8.8 AND google.com, so that if google.com fails but 8.8.8.8 works, you can identify that your DNS servers are currently pooched 20:40 < user3> wow 20:41 < user3> why not test 0.0.0.0 instead of 8.8.8.8 20:41 < user3> since I understand that it's intended as a inexisting address 20:41 < user3> as control 20:43 < user3> oops 8.8.8.8 exists 20:44 < user3> 0.0.0.0 too 20:44 < user3> i'm totally confused 20:44 < turtle> i am now too 20:45 < Tegu> 8.8.8.8 is Google's DNS server https://developers.google.com/speed/public-dns/ 20:45 < djph> heh, PING 0.0.0.0 (127.0.0.1) 56(84) bytes of data. <-- well, that's interesting 20:47 < tds> heh, :: maps to ::1 as well 20:48 < djph> well, that explains "0.0.0.0 exists" then 21:02 < Tegu> this rfc seems to explain what 0.0.0.0 is but I'm not sure where the mapping to 127.0.0.1 is defined. or is it implementation dependat. does someone happen to know? https://tools.ietf.org/html/rfc5735 21:04 < Windy> ok, found the issue with our tls cipher mismatch. the Palo Alto decryption policy that wasn't supposed to be applied was mangling the tls handshalke 21:04 <+catphish> Tegu: common question, no good answer, some implementations map 0.0.0.0 to 127.0.0.1 for no particularly good reason, they just do 21:05 <+catphish> and by implementations, i mean programs 21:06 <+catphish> for example, some browsers, and linux's ping "resolve" 0.0.0.0 to 127.0.0.1, i don't know why, don't use it, it's not an address that means anything 21:12 < AvidWolf43> hi 21:13 < AvidWolf43> can anyone help me set up an ip helper on a Palo Alto Router 21:13 < AvidWolf43> ? 21:17 < xingu> catphish: https://tools.ietf.org/html/rfc1122#section-3.2.1.3: {0, 0} means exactly "this host on this network" 21:18 <+catphish> xingu: keep reading :) 21:18 < xingu> catphish: it has a meaning. :) 21:18 <+catphish> 0.0.0.0 has many meanings in many contexts 21:18 <+catphish> but as a destination address is not one of them 21:18 < whowhatwhere> hi, i've been wanting to use my cell phone's connection for some computers to connect through it.. it's advertised as "up to 445mbit/s" but Ive never reached past 80mbit/30mbit, and it seems very unpredictable and..weird... any idea what might greatly improve; would simply getting a 4g-capable router and better antennas fix it..any idea? 21:19 < whowhatwhere> and, any idea why this might be a bad idea..? :d 21:19 <+catphish> it means "no address", or a placeholder source address 21:19 < xingu> but it still has meaning 21:19 < xingu> ;) 21:20 <+catphish> sure, several meanings, just not in this context 21:21 < whowhatwhere> Just connecting with my phone again today, setting up "portable wifi-hotspot", noticed it has a new IP than before. Speedtest.net shows faster speeds to servers in Estonia than ones few miles from here (I'm near Oslo, Norway)... wtf? :s ..I've used various "signal improvement" apps on the phone, and tried locking it to 4G.. refreshing does little/none, apparently.. 21:22 <+catphish> Tegu: you're welcome 21:23 < Tegu> oh, thanks, gotta read the backlog 21:24 <+catphish> in summary, it officialy has several meanings including "this host on this network" but should never be used as a destination address, some software resolves it to 127.0.0.1 to help out, but you should avoid relying on that 21:28 < kbaegis> Hi all. Just upgraded from 4.15.14 to 4.16.10. All of a sudden my network stopped working 21:28 < xingu> catphish: if I had to guess, I'd guess that it's glibc connect doing something surprising here 21:28 < kbaegis> Looks like the interfaces are all still recognized for the kernel, but no packets are being logged to the interfaces 21:29 < oo_miguel> Is it safe to use ssh over an unrtusted ipv6 broker. I need to connect to an ipv6 server but my isp currently offers ipv4 connectivity only 21:30 < Dagger2> "untrusted v6 broker" is no more or less trusted than the rest of the internet, so if you're happy with ssh in general then this doesn't really change anything 21:31 < oo_miguel> Dagger2: allright, I hoped this, thanks for confirming :) 21:32 <+catphish> xingu: i'm actually not sure what does it, it's definitely userland, but could be in the stdlib 21:32 <+catphish> oo_miguel: yes, ssh is safe to use over public networks 21:33 < oo_miguel> catphish: Dagger2: thank you 21:33 <+catphish> as Dagger2 says, an untrusted ipv6 broker is no different from the rest of the public internet, you must assume your packets might be intercepted, but SSH and TLS protect you aginst this 21:34 < oo_miguel> catphish: yeah the broker can intercept my packets as anyone else between me and the destination, this makes perfect sense 21:35 < xingu> catphish: now that I think about it, it's interesting that socket has no idea about whether it's working on the src or the dst 21:35 <+catphish> xingu: sure it does, the remote is always the destination 21:36 <+catphish> (when sending) 21:37 < zenix_2k2> i know that switch hardly occur any collision but can it still detect it ? 21:37 < xingu> catphish: it can also be legitimately used to create a listener with 0.0.0.0 as the dst, a port, and then using accept on the result. 21:37 < zenix_2k2> cause the step where it acknowledge which machine is connected to which port, still it send out packet to every machine ? 21:37 < xingu> catphish: so is it still the dst? :) 21:38 <+catphish> xingu: that's a different specific meaning, for a listener, it means "any address" 21:38 < xingu> catphish: anyway if I had to guess, that'd be where I'd guess at; there's no way for socket to know whether ping intends to create a listener or a speaker 21:38 < xingu> catphish: so it takes a guess with humourous results for 0.0.0.0 21:39 <+catphish> xingu: i disagree entirely 21:39 <+catphish> sending and setting up a listener are very diffrent processes 21:40 <+catphish> a listener is ok to be 0.0.0.0 (meaning any address) but for a destination (connect, sendto, etc) you can't use use, or shouldn't, maybe glibc helps 21:41 < xingu> it's a gap in the api from my point of view 21:41 < xingu> this isn't metadata that's passed around in the sockfd that socket creates 21:41 < xingu> the exact same thing creates sockfd's that accept and connect work on 21:42 < xingu> it's legitimate to invoke it with 0.0.0.0 21:42 < xingu> using the result in connect... well that's going to get interesting. 21:44 < hmig> hey guys using rstp is it reccomened to use the default costs ie 1gbps link 20,000 or do you use what ever is easiest to remember ie 10, 20, 30 etc? 21:45 < xingu> hmig: I recommend you use long path costs, which are not default for some vendor equipment. 21:46 < xingu> hmig: otherwise you will have problems building viable topology beyond 10Gbase 21:46 < zenix_2k2> hi ? 21:48 < hmig> vendor reccomends using 12288 for the bridge priority 21:49 < hmig> but doesn't show a reccomended setup is the switches are in a trunk 21:49 < hmig> *if 21:52 < DammitJim> man, that was weird 21:52 < DammitJim> all of a sudden we lost our internet 21:52 < DammitJim> but we have 2 ISPs 21:52 < hmig> both at same time? 21:53 < errst> catphish, earlier i've asked about IP and i've found this article which i quote, says "By comparison, there is another method of transmitting data called IP which is unreliable. Nobody promises that your data will arrive, and it might get messed up before it arrives. If you send a bunch of messages with IP, don’t be surprised if only half of them arrive, and some of those are in a different order than the order in which they were sent, and some o 21:53 < errst> f them have been replaced by alternate messages, perhaps containing pictures of adorable baby orangutans, or more likely just a lot of unreadable garbage that looks like the subject line of Taiwanese spam." 21:53 < hmig> maybe its just taking a while to fail over? 21:53 < errst> article link https://www.joelonsoftware.com/2002/11/11/the-law-of-leaky-abstractions/ 21:53 < sawgood> I'm sort of torn between two firewalls (both) have toolsets and services that I like ...(so) I'd like to put one in front of the other ... (in line firewalls) any tips? 21:54 < errst> catphish, but u said, u've to make your own standarts to send data over IP 21:54 < errst> i am a bit confused 21:55 < xingu> hmig: with 12288 you will always lose to something configured as 4096 or 8192; that may be the goal, but I'm not sure why that'd be desirable 21:55 <+catphish> errst: IP is a protocol that allows data to be send to an addressed host on the internet 21:55 <+catphish> errst: IP itself is unreliable, other protocols are always layered on to of it 21:56 < hmig> these are core switches so no not desirble 21:56 <+catphish> errst: layering TCP on top of it adds reliability, or layering UDP on top of it adds basically nothing, and just allows you to send raw data 21:56 < xingu> hmig: I'm always open to new rationales but I tend to pin the root to one specific thing as 4096 then nominate one other specific thing as its successor as 8192, and if the network is partitioned so badly neither thing is visible, then let the election process work the way it's designed to with everything else at defaults 21:56 < sawgood> I'd like to put one multi-WAN firewall at the edge (For its toolset) but then right behind it put another firewall which I dig (and) then hand off to the LAN switch ... 21:56 < DammitJim> yeah hmig 21:56 < DammitJim> but the inside network seemed to be OK 21:56 <+catphish> errst: i said you *can* make your own standard on top of IP, but you shouldn't, you should use TCP or UDP 21:57 < DammitJim> I guess the primary ISP could have failed 21:57 < DammitJim> and it took a little bit for the secondary to take over 21:57 < xingu> hmig: if I know I never want something to become stp root I push it to 32768 21:57 < hmig> what im not clear on is that if i have two switches in an lcp trunk do i give them different bridge prioirity 21:57 < hmig> they are both core switches 21:57 < hmig> one of these will be root 21:58 < sawgood> outside firwall .. touching ISP equipment ... then its 2nd WAN port hands off to the current firewall (which) use to touch the ISP equipment ... 21:58 < errst> catphish, i see but can't i just use the IP protocol only to send data? as it says on article that u can? 21:58 <+catphish> errst: not really, no 21:58 < fiftysix> Hi! 21:58 <+catphish> you could write your own protocol directly on top of IP, but you don't 21:58 < xingu> hmig: "not desirable" seems to clash with "one of them will be" 21:59 < hmig> topology: https://imgur.com/a/VBFdRqV 21:59 < fiftysix> Is it true that WPA2 passwords are required to _only_ contain ASCII characters? I.e. the fact that under both MacOS and Linux any kind of Unicode character works in a password is just these OSs being nice? 22:00 < hmig> so one of the 5130's need to be root bridge from my understanding 22:00 < hmig> rstp needs to be enabled on the aruba 2920 as to put one of its links in a blocking - discarding state 22:00 < hmig> as at the moment they have a loop 22:01 < errst> catphish, i've found this https://gist.github.com/austinmarton/1922600 which says -according to title- that you can use even ethernet frames to send data. since we can use ethernet frames to send data dont u think that we can use IP to send data too? 22:02 < xingu> hmig: right, if a 5130 is not root then one of the four links to the 2920's will block 22:02 < hmig> at the moment the 5130 is root 22:02 <+catphish> errst: like i've said several times... you *can* make your own protocol directly on top of IP, or Ethernet 22:02 < hmig> just to clariy 22:02 < hmig> and i probs want to keep it that way 22:02 <+catphish> errst: but you shouldn't, you should use TCP or UDP 22:02 < hmig> although STP is on at the moment its not really been configured for this network 22:03 < hmig> it was kind of just turned on and left 22:03 <+catphish> errst: there's nothing stopping you from encapsulating your data directly in an ethernet frame, or IP packet 22:03 < hmig> the issue is the access switches outside switches do not have STP enabled 22:03 <+catphish> errst: except that this is needlessly difficult and offers no benefits over using the standard stack (ethernet+ip+udp) 22:03 < hmig> previous engineer though setting the mode would enable it....anyway 22:04 < errst> catphish, it'll be unreliable if i do that right? 22:04 < xingu> hmig: if you allow the 5130/2920 links to all not block by electing a 5130 as root, then the 5130/5130 link must block just as a sidebar 22:04 < hmig> so at the moment we have minor packet loss, the good thing is this site is not open yet - phew 22:05 < hmig> but i dont want it to become a storm 22:05 < sawgood> If one puts a multi-wan router at the edge touching the ISP (and) has a /30 subnet mask ... (one IP for the firwall and one IP for the ISP) ... if we wanted to put a 2nd router/firewall behind the multi-wan box (could) we use a RFC1918 space to speak from the edge firewall 2nd WAN port over to the WAN of the 2nd router/firewall? 22:05 < xingu> hmig: which will have fairly major implications for stack1/ stack2 transit. 22:05 <+catphish> errst: if you use, raw ethernet, or raw IP, or UDP, yes, only TCP makes it reliable 22:05 < xingu> hmig: ie, it will all hairpin off the arubas. 22:05 < hmig> at the moment the 5130 are forwarding everything 22:05 < hmig> because none of the 2920's both access and outside actually have STP enabled 22:05 < hmig> with me ? 22:06 < errst> catphish, thanks a lot! 22:06 < xingu> hmig: yes 22:06 < xingu> hmig: that seems like the best thing to me. 22:06 < xingu> hmig: ie, don't _forward_ l2 on the aruba. 22:06 < xingu> hmig: so the loop as shown isn't a real loop 22:07 < hmig> at the moment the 5130 has a bridge priority of 32768 22:08 < hmig> both 5130's have the same priority 22:08 < xingu> so it's probably winning based on system id 22:08 < hmig> the thing is im sure there is a loop because I can see packet loss 22:09 < xingu> if there was a loop, you'd be baking your cpu and see a hojillion topology change notifications a second 22:11 < xingu> so you have 2x 1gig l2 to each aruba; how wide is the downlink to the access stacks? 22:11 < eschmidbauer> newb question... i want to use bgp (internal) and ospf to distribute traffic using anycast... problem is i need "stateful" traffic (UDP) so i need to somehow "tag" packets to always go to same node 22:11 < eschmidbauer> is this possible? 22:11 < eschmidbauer> i know you can hash on source/dest using ospf 22:12 < xingu> and also, how wide is the trunk between the 5130's? 22:14 < hmig> so the trunk between the 5130's is two ports in an lacp trunk 22:14 < hmig> it looks like core sw2 is the root bridge 22:15 < tds> eschmidbauer: what are you planning on doing with anycast? as long as you're not doing ecmp and your internal routing is stable, stateful traffic shouldn't be an issue, depending on exactly what you're running 22:15 < eschmidbauer> it's UDP packets though-so how does it keep state? 22:15 < kbaegis1> Huh. ovs changed their default bond_mode from balance-slb to active-failover huh? 22:15 < eschmidbauer> if i used TCP would be keep state? that might be an option 22:16 < xingu> hmig: the interface descriptions don't match the diagram; the descriptions claim each 2920 lands on exactly one 5130; which is true? 22:16 < tds> eschmidbauer: some udp based protocols work fine with anycast (eg dns) since they're stateless - what exactly are you trying to run here? 22:16 < eschmidbauer> tds: we want anycast so our nodes in a cluster can all use the same IP. this way we can "heal" if a node dies (another node can load the "state" and take over) 22:17 < tds> hmm, I'd have thought something like keepalived with a floating IP between nodes might work better for that 22:17 < eschmidbauer> no, because we want to scale 22:18 < eschmidbauer> so we want to be able to run X nodes 22:18 < eschmidbauer> but basically we have traffic coming from internet into a single server (nothing special here); the traffic is then routed using anycast to the nodes 22:18 < eschmidbauer> but "related" traffic needs to hit the same node 22:18 < hmig> Good spot 22:19 < hmig> so access stack 1 has two ethernet links to core 1 22:19 < eschmidbauer> from what i read, ospf hashes on source/dest which won't work here because the traffic from the server (source) to the node (dest-same anycast IP) will always be same 22:19 < hmig> access stack 2 has two ethernet links to core 2 22:19 < hmig> outside sw1 and outside sw2 have ports 23-34 in a trunk (trk1) 22:19 < hmig> port 23 goes to core 1 22:19 < hmig> port 24 goes to core 2 22:19 < BustyLoli-Chan> Sometimes I get a chunked encoding error when downloading large javascript application files (angular single page applications in this case specifically) Does anyone know how to fix this? I can see that the file is served as application/javascript in the header and I can see that the transfer encoding is "chunked" which makes sense based on the error, but why does this happen? 22:20 < BustyLoli-Chan> I'm not sure if this is the right place to ask, but I'm pretty sure this is like a server/network/hardware issue? :l 22:20 < tds> eschmidbauer: afaik ospf/bgp/whatever don't include anything for hashing based on addresss - assuming linux here, that's just down to the kernel doing ecmp and how it decides to route traffic 22:20 < xingu> hmig: ok; in that case one other thing must be true; either the 5130's are clustered in a way that allows them to share a virtual/ floating lacp system ID... or... 22:20 < BustyLoli-Chan> it also might be wort noting that the issue only really seems to happen on VPN 22:20 < xingu> hmig: one leg of the trunk is offline because inconsistent peer system id 22:21 < eschmidbauer> yeah interesting, i guess i was looking at ospf with frrouting, so maybe it's the kernel doing ecmp? 22:21 < xingu> hmig: or maybe you're using a nailed up trunk mode and relying on the 2920 to not recirculate. 22:22 < xingu> hmig: regardless; you have Nx ? fan-in on the stack, 2x 1g uplink from the stack, and then 1x 1gig across to the aruba 22:23 < xingu> hmig: my guess is you're just running out of buffer on the 5130 plain and simple; go to 2x1gig + 2x1gig config from 5130 to aruba. 22:23 < Apachez> hmig: why dont you IRF the core1 and core2 with each other? 22:28 < hmig> @xingu https://pastebin.com/zJ9PWnaj 22:30 < hmig> this is my first comware switches ideally i wanted them in a stack and i would have chosen different switches too, as we are wasting a lot of ports on the 5130 not used 22:31 < hmig> i assume irf would be used in place of lacp? 22:32 < Apachez> irf is clustering 22:32 < Apachez> aka virtual chassis 22:32 < Apachez> so instead of irf your access layer I would use 2 cables towards core1/core2 (irf) 22:32 < Apachez> these 2 cables from the accesswitch point of view is a lacp 22:32 < Apachez> where one cable goes to core1 and one to core2 22:33 < Apachez> since core1 and core2 are IRFed you have a loopfree network 22:34 < hmig> so are we saying if i irf, i wont have the loops i do now ? 22:35 < hmig> the outside aruba will stil have have 2 phyiscal fibre's patched 23 > core sw1 and 24 > core sw2 22:38 < Apachez> you IRF the core (if they support that) 22:38 < Apachez> then from each accesswitch you have one cable to core1 and one to core2 22:38 < Apachez> these two cables are LACP (because from the accesswitch point of view core1/core2 looks and behaves like a single box) 22:40 < hmig> wouldn't more redundancy be acheived if I have a cable from master and slave on each stack to core? 22:40 < Apachez> no 22:40 < Apachez> I would avoid stacking the access 22:40 < Apachez> only do if you really have to 22:41 < Apachez> if each accesswitch have its own 2x10G or 2x1G uplink its a better option than if 3 switches in a stack have in total 2x1G 22:41 < Apachez> first due to performance 22:41 < Apachez> you have less overbooking this way 22:41 < hmig> so there is one stack of 3 2920 arubas and a second stack of two 2920 arubas 22:41 < Apachez> but also if lets say two cables die then you cut off the full 3xswitch stack in your accesslayer 22:42 < Apachez> while if each switch has its own lacp and 2 cables dies if you are unlucky max 1 switch goes offline, the other 2 remains operational 22:42 < Apachez> if lucky its 2 different cables that dies (2 different switches) so all 3 are still operational 22:43 < ctwelve> (...aside: I just had a "network engineer" ask me what a MAC address was a few minutes ago. Pray for me...) 22:43 < hmig> oh wow lol 22:43 < hmig> what about the outside access switches 22:43 < hmig> they are also aruba 2920 but use fibre 22:43 < hmig> int 23-24 in trunk1 22:43 < ctwelve> what are you using the switches to do? 22:44 < ctwelve> access network for customers? Or enterprise endpoints? 22:44 < hmig> the outside 2920's are for WAP's and CCTV 22:44 < ctwelve> well...I've not got a super-solid confidence in Aruba stacking just yet 22:44 < ctwelve> I've found that, especially in two-tall stacks, Arubas can split-brain in some fantastically strange ways 22:44 < hmig> they have been solid for us, the issue im having at the moment is spannign tree 22:45 < ctwelve> It's not nearly as worrisome in 4-tall though 22:45 < ctwelve> HISSSSS 22:45 < ctwelve> You said a bad word! 22:45 < Apachez> hmig: again those access stacks, do they really need to be stacked? 22:45 < Apachez> dont stack unless really have to in the accesslayer 22:46 < ctwelve> Eh, I'm definitely pro-stacking in most situations. I just detest stacking inside the datacenter and in distro/core deployments m'self 22:46 < ctwelve> as far as spanning tree 22:46 < hmig> i cant really break the two access stacks to be honest 22:46 < ctwelve> well 22:46 < ctwelve> apologies for maybe missing context 22:46 < ctwelve> but generally speaking when you stack Arubas, they behave as if they were one multi-card chassis switch 22:47 < ctwelve> you treat the whole stack as one switch as far as STP is concerned 22:47 < ctwelve> the stacking protocol handles loop management internally 22:47 < hmig> in IRF i will still have one link to each core switch (physically) from outside switch so wont there still be a loop 22:47 < ctwelve> so you absolutely do wire them up in a ring, as long as they're properly stacked in the first 22:47 < hmig> oh wait..... 22:47 < hmig> i always use ring never daisy chain 22:48 < hmig> if i IRF the core 22:48 < hmig> then i can just make ports trunk 22:48 < ctwelve> Yeah. I don't g enerally recommend stacking cores but that depends on the situation 22:48 < ctwelve> for most enterprise networks it's usually an acceptable risk for the sake of complexity 22:48 < hmig> so on 2920 int 23-24 in trk1 then on 5130 int 1-2 trk1 for example 22:48 < ctwelve> I'd never recommend it for voice-critical networks or where higher grade service is required 22:49 < hmig> part of the reason why i need to resolve this loop is because of voice 22:49 < hmig> we have some pannasonic phones and they are so sensitive to any drop 22:49 < ctwelve> Well, I generally recommend the connection from core/distro to access either be loop-managed and use (M/R)STP, or you use whatever vendor-specific MC-LAG there is 22:49 < hmig> well i need to resolve the loop anyway 22:49 < ctwelve> So your topology has a single core? 22:50 < ctwelve> (or if you have SPB, use that, but you probably don't) 22:50 < hmig> nope two core switches 22:50 < hmig> 2 x HPE 5130 22:50 < ctwelve> Right 22:51 < ctwelve> So are they running the equivalent of MC-LAG? 22:51 < hmig> 3com/H3C whatever they are alled these days 22:51 < hmig> they are in a 2 port trunk using statig aggregation 22:51 < ctwelve> If they're not running whatever the specific flavor of MC-LAG is, I'd strongly advise you run STP, and go blocked-port hunting 22:51 < ctwelve> LACP is helpful too 22:51 < hmig> i jsut checked and lacp has not even been confured properly :@ 22:52 < ctwelve> 'cuz sometimes, some vendor switches only send STP traffic over one of those links 22:52 < hmig> i know right lol 22:52 < ctwelve> this is an old problem I've run into before 22:52 < ctwelve> where people do a static aggregation and get the link order mixed up 22:52 < hmig> topology is here: https://imgur.com/a/VBFdRqV 22:52 < ctwelve> so things like STP don't communicate 22:52 < hmig> except the access stack each have 2 links instead of 1 22:52 < ctwelve> LACP makes that Go Away(tm) 22:53 < hmig> access stack one has two links to core 1and access stack 2 has 2 links to core 2 22:54 < hmig> this is what i see when i do a show stp https://pastebin.com/zJ9PWnaj 22:55 < ctwelve> First thing I would do is remove all but one of the links between the cores 22:55 < ctwelve> and see if STP resolves itself 22:56 < ctwelve> if it does, the problem is the aggregation itself 22:56 < ctwelve> the next thing is to go hunting in the access switches 22:56 < hmig> i tested downing one of the fibre links (yellow on toplogy) and packet loss stoped 22:56 < ctwelve> to see where the loop may be originating from 22:56 < hmig> re-enable the port and packet loss returns 22:57 < ctwelve> Yup, so your aggregation is built wrong 22:57 < ctwelve> the reason is because across the aggregation, all the traffic is hashed, right? 22:57 < ctwelve> In a static aggregation, the port connection order matters 22:57 < ctwelve> because it's part of how the switches decide to hash traffic 22:57 < hmig> so the access stack has aggregation 22:57 < hmig> but the outside switches dont 22:58 < hmig> they are trunk ports on 5130 22:58 < ctwelve> there should be aggregation between the cores too 22:58 < ctwelve> yeah. My money is that the aggregations somewhere are bad as the most likely explanation 22:58 < hmig> and on the 2920 in teh outside cab theere are interface 23 and 24 in a trunk 22:58 < ctwelve> and close second one of the access switches has gone stupid 22:58 < ctwelve> Again, Id honestly just make sure LACP is up and running correctly on any and all aggregations and proceed from there 22:59 < hmig> there is static aggregation not lacp between cores 22:59 < hmig> thats my plan 22:59 < ctwelve> I've seen static aggregations break STP many a time, because an admin switched cables around 22:59 < Apachez> but ffs 22:59 < hmig> get lacp working on both access stacks 22:59 < Apachez> whats wrong with you? 22:59 < Apachez> what are the devices in your core? 22:59 < Apachez> why dont you just IRF them? 22:59 < Apachez> why dont you breka up the access stacks? 23:00 < hmig> irf is a good option 23:00 < ctwelve> Sometimes topology redesign isn't a viable choice, especially when the problem is *right now* 23:00 < hmig> dont want to break stack 23:01 < hmig> i still need to fix the current loop 23:01 < hmig> however i think this is just because STP is not enabled on any of the access stacks or outside switches 23:01 < ctwelve> but yeah. Once you're not looping, redesign is probably a reasonable idea 23:01 < hmig> so the 5130 is fowarding everything and not discarding anything 23:01 < ctwelve> then I'd look at port utilization firstly and go hunting from there 23:02 < ctwelve> good luck 23:02 < hmig> which makes sense because none of the aruba's actually have stp confirued 23:02 < hmig> thanks mate 23:06 < Apachez> ctwelve: obviously he is having a major design flaw 23:06 < Apachez> so either you patch that and have another flaw the other week 23:06 < ctwelve> Yes. And? 23:06 < Apachez> or you fix it properly 23:06 < Apachez> and avoid further flaws 23:06 < Apachez> I go for the later 23:06 < ctwelve> Oh, I got that impression immediately 23:07 < ctwelve> when you more or less called him an idiot for attempting to solve the immediate problem before he tackled architecture 23:07 < hmig> I am there are design flaws, ive only started looking at this yesterday and today, I would have taken a different approach but I need to work with what I have 23:07 < hmig> I didnt design it btw 23:07 < ctwelve> which, y'know. that's not my preferred style of human interaction. 23:08 < ctwelve> And I don't know who you work for but I've never operated a non-trivial network that was okay with extended downtime so a thing could be disruptively re-implemented "the right way" 23:08 < ctwelve> That kind of thing often requires planning, permission, and so forth 23:08 < ctwelve> the network serves the customer, not the other way around. 23:08 < hmig> guys I appreciate the help, this site is opening at the weekend and I don't have a lot of time. i'll probs just IRF 23:08 < hmig> site is not live yet 23:09 < ctwelve> Ah, that's a bit different 23:09 < hmig> they move in on the weekend 23:09 < ctwelve> in either case, good luck! 23:09 < ctwelve> Do what you can with the time you have 23:11 < hmig> thanks, hopefully tomorrow will be productive 23:17 < banisterfiend> hi, my vm seems to have a network of the form: 10.14.10.0 but my actual physical computer is on a network of: 192.168.1.0 23:18 < banisterfiend> how do these two networks communicate? and when i do: arp -n on my vm it doesn't have an entry for 192.168.1.1 - why is that? 23:18 <+catphish> banisterfiend: most likely your PC is acting as a router between the 2 neworks and likely also doing NAT 23:19 < banisterfiend> i'm just a little confused as to how the 'real' network and how the 'virtual' network interoperate, can someone clear it up for me? ELI5 :D 23:19 <+catphish> your PC probably has an IP on the 192.168.1.0 network but also an IP like 10.14.10.1 23:19 <+catphish> banisterfiend: short answer, your host PC is acting as a router between the 2 23:19 < banisterfiend> catphish ah ok...i can ping the 192.168.1.1 from my virtual 10.14.10 network though 23:19 <+catphish> yes 23:19 <+catphish> via the router (your host PC) 23:20 <+catphish> same way you can ping google, even though you're not on their network 23:20 < banisterfiend> so as far as the virtual host is concerned it's treating the 192.168.1.1 ip like it's a remote ip on the internet, same as 8.8.8.8 ? 23:25 <+catphish> yes 23:38 < banisterfiend> catphish hmm the starnge thing is, when i DONT have openvpn running i can ping the 192.168 network from the 10.0/8 networj...yet when i start openvpn i can no longer ping the 192.168/16 network from the 10/0/8 virtual network...why is this? 23:50 <+catphish> banisterfiend: no idea 23:50 <+catphish> you'd need to check routing tables --- Log closed Wed May 23 00:00:29 2018