--- Log opened Mon Jun 25 00:00:12 2018 00:04 < swine_> is anyone here familiar with MAAS? 00:32 < AlexPortable> Is it bad to have two or three DHCP servers, given that they are all in different VLANs? 01:06 <+pppingme> AlexPortable if they are on different networks, then you don't have multiple dhcp servers, you have multiple networks.. each with its own single dhcp server 01:08 < AlexPortable> true, but wouldn't the router be in the same network too? 01:14 < Harlock> AlexPortable no one knows what you did 01:54 < BenderRodriguez> AlexPortable: well, the DHCP broadcasts would be limited to the VLAN so it shouldn't be an issue 01:55 < lupine> don't set your router up to accept dhcp broadcasts from the distribution side 01:55 < lupine> that would be crazy 03:13 < dunnousernamefn> Hey, if I connect the RX of every device to the TX of a router-like device, then the router's RX to every TX, will it work properly? 03:13 < dunnousernamefn> I'm going to desolder an RJ45 because... why not 03:14 < RJ45> fukyu 03:14 < dunnousernamefn> oh hello 03:15 < RJ45> https://www.youtube.com/watch?v=s2oCV2sM_ig 03:16 < dunnousernamefn> but like I have a legitimate question 03:16 < RJ45> oh well 03:25 < SwedeMike> dunnousernamefn: I doubt it, you actually have to have a real hub. 03:26 < dunnousernamefn> Thanks 04:49 < prasket> I am currently using DHCP Static Mappings for my instances in my home lab to give them static IPs. I am in the middle of setting up DNS via BIND on its own instance. I should add of all of these mappings to the A records in BIND and then remove them from the DHCP Static Mapping. Then also in my DHCP Server setup my DNS as my BIND instance right? 04:51 <+pppingme> prasket do you mean dhcp reserved?? there is no such thing as dhcp static 04:53 < prasket> @pppingme it says "DHCP Static Mappings for this Interface" in the area I am working on, this is in PFSense maybe that is their name for dhcp reserved? 04:56 <+pppingme> I don't use pfsense.. but yeah, just sounds like poor phrasing 04:56 <+pppingme> unless its a way to keep pfsense from even thinking about those ip's 04:57 < Spice_Boy> it's trying to word it as the 'map' is static 04:58 < Spice_Boy> maybe they could have used some word other than static, but we know what they mean 05:03 < prasket> actually thinking about it I think I would need to leave those mappings in place.. just not add a hostname to the entry and let that come from the DNS Server I am setting up. That or I will need to setup all my instances with Static IP. 05:11 < Holo> BIND can do DHCP? 05:11 < Holo> o.o 05:11 < Apachez> no 05:11 < Apachez> bind is for DNS 05:12 < Holo> thats what I thought 05:12 < Holo> prasket ao aka no 05:12 < Holo> :P 05:13 < `7hr34t_hvntr> hello 05:14 < `7hr34t_hvntr> whats the difference between a packets sequence number and a segments sequence number 05:14 < `7hr34t_hvntr> i was looking at an example and it seemed like they were the same number 05:18 < Holo> Each endpoint of a TCP connection establishes a starting sequence number for packets it sends, and sends this number in the SYN packet that it sends as part of establishing a connection. 05:18 < Holo> ;P 05:18 < Holo> and if we look here https://i.stack.imgur.com/Hi3zX.jpg 05:20 < `7hr34t_hvntr> so basically that is generated at transport layer and flows into network layer 05:22 < `7hr34t_hvntr> and the packet gets stamped with it? 05:22 < Holo> its inside the TCP header at the transport layer 05:22 < `7hr34t_hvntr> cool 05:22 < Holo> tcp is all layer 4 05:23 < `7hr34t_hvntr> but the PDU of the transport layer is the segment right, so isn't it the segment which has the sequence number, not the packet 05:23 < Holo> we have a nasty habbit of reusing words 05:24 < `7hr34t_hvntr> lol 05:33 < buu> 14:46 < buu> Anyone know of a good udp based file transfer program designed for high speed wans? 05:34 < rewt> nc 05:35 < batch> maybe aria2c ? 05:35 < Holo> um 05:35 < Holo> tftp batch 05:35 < Holo> err buu 05:35 < Holo> :P 05:35 < batch> tftp? 05:36 < Holo> Anyone know of a good udp based file transfer program designed for high speed wans? 05:36 < Holo> :P 05:36 < batch> trivial file transfer protocol i know 05:36 < Holo> TFTP 05:36 < Holo> :P 05:36 < Holo> there is a reason most use tcp 05:37 < batch> curl? 05:37 < batch> wget? 05:37 < Holo> oh 05:37 < Holo> DCC 05:37 < batch> i use aria2c for torrents but torrents are tcp only i think 05:39 < batch> tar and netcat prolly like rewt said Holo 05:39 < batch> :p 05:39 < Holo> -lol 05:43 < batch> oh i see 05:43 < batch> buu asked the question 05:44 < Milos> Does anyone know why using socat to forward UDP DNS to TCP DNS does not seem to work? socat is able to contact the TCP DNS server with the original DNS request, but it seems the reply never gets sent back to the originating machine who sent the request over UDP. 05:44 < Milos> the command I'm using: socat udp-listen:53,fork tcp-connect:127.0.0.1:53 05:45 < Milos> I tested the same thing with a simple python TCP server and python UDP client and that worked fine... 05:46 < batch> Milos iptables? 05:46 < Milos> None 05:46 < batch> is it possible to connect to 0.0.0.0 maybe 05:47 < Milos> ?? 05:47 < batch> i thought like 127.0.0.1 is only sending and receiving in localhost 05:47 < batch> maybe you are receiving from external host 05:47 < Milos> No 05:47 < batch> ah ok 05:47 < batch> no clue then 05:51 < buu> I'll have to try netcat in udp mode sometime lol 05:51 < buu> Not a very good answer though 05:52 < xtrWrithe> buu: i recommend yoy ncat (nmap devs) 05:52 < xtrWrithe> more features 05:57 < xtrWrithe> jackbrown: how was that? 05:58 < jackbrown> xtrWrithe, good morning 05:58 < jackbrown> xtrWrithe, what are you talking about? 05:59 < jackbrown> xtrWrithe, dl ylj th 05:59 < jackbrown> do you guys think that buying a wifi card like this will improve my laptop wifi speed and stability ? https://www.ebay.it/itm/DELL-LATITUDE-E7440-INTEL-MINI-PCI-WIFI-CARD-7260HMW-08TF1D-INTEL-WIRELESS-AC/253685610654?hash=item3b10d7389e:g:cvYAAOSwxjxa8H8t 06:00 < xtrWrithe> jackbrown: why you dont fix the router 06:00 < jackbrown> xtrWrithe, how ? 06:01 < xtrWrithe> jackbrown: just change the txpower of the card , nobody mentioned that? 06:01 < xtrWrithe> in lan card 06:01 < jackbrown> xtrWrithe, I have another FRITZ!Box 7490, i just swapped and set the same setting as previous and I have the same signal 06:01 < jackbrown> xtrWrithe, how can I change the txpower of the card I'm using in the laptop ? 06:01 < jackbrown> xtrWrithe, you mean in the wifi card on my laptop ? 06:05 < xtrWrithe> jackbrown: yes, iwconfig will do that and be sure to set BO (bolivia) the region 06:06 < jackbrown> xtrWrithe, Bolivia ? because that's the country where it's allowed ? 06:06 < xtrWrithe> jackbrown: ye 06:06 < xtrWrithe> https://null-byte.wonderhowto.com/how-to/set-your-wi-fi-cards-tx-power-higher-than-30-dbm-0149606/ 06:06 < jackbrown> xtrWrithe, ok let's try 06:06 < xtrWrithe> jackbrown: skip the driver compiling part 06:07 < jackbrown> iw reg set BO 06:07 < jackbrown> iwconfig wlan0 txpower 30 06:07 < xtrWrithe> yes set it down first 06:07 < jackbrown> ok I have to shut down wireless first 06:08 < xtrWrithe> also make sure it doesnt left networkmanager/wpasupplicant/dhcp etc PIDs opened 06:08 * BenderRodriguez 06:09 < jackbrown> xtrWrithe, dunno how to do that 06:09 < xtrWrithe> do you have aircrack installed' 06:09 < xtrWrithe> it comes with a process killer in airmon 06:09 < xtrWrithe> so it shutdown all the related stuff 06:10 < LissajousPattern> man I need to figure out a better solution to my home networking 06:13 < LissajousPattern> I am now starting to feel the pain of being limited to a mobile hotspot. downloading a game is painful. 06:14 < jackbrown> xtrWrithe, didn't worked 06:15 < skyroveRR> BenderRodriguez. 06:15 < jackbrown> xtrWrithe, trying this https://www.linuxquestions.org/questions/linux-wireless-networking-41/howto-adjust-tx-power-of-atheros-ar9285-wireless-card-4175428414/ 06:21 < zenix_2k2> one question, is there any book that easily guide beginners through modern networking ? most i found was either out-dated or confusing 06:22 < xtrWrithe> zenix_2k2: what you mean by modern? 06:22 < xtrWrithe> zenix_2k2: focus on getting something done and you will find out which way is need to end it 06:23 < zenix_2k2> well, i mean that the information isn't out-dated ? 06:23 < zenix_2k2> well cause i was reading a book and then ask a few questions here which was confirmed to be out-dated 06:23 < zenix_2k2> like IP classes i guess and a few more 06:23 < zenix_2k2> but maybe people here have better suggestions 06:24 < zenix_2k2> but luckily it was only a few first pages so i can still save my time :P 07:25 < squ> what is the best way to buy domain and create 20 e-mails in it 07:30 < light> step 1, buy the domain 07:30 < squ> https://www.hostgator.com/shared-compare 07:30 < squ> here they offer unlimited e-mails for $4/mo 07:31 < squ> https://www.godaddy.com/hosting/email-hosting 07:31 < squ> https://www.godaddy.com/email/professional-email 07:31 < light> zoho.com has 25 free mailboxes 07:32 < squ> godaddy offers £3 per user per month 07:32 < squ> which is kinda expensive 07:32 < light> it's not expensive really 07:32 < light> I wouldn't host someone elses email for that little 07:33 < squ> https://www.zoho.eu/mail/ 07:33 < squ> Secure, fast, ad-free email for business. Free for up to 25 users. Plans start at €2 /month. 07:34 < squ> light: zoho is not hosting? 07:34 < light> eh? 07:34 < squ> I'll have to buy domain elsewhere and delegate mx records to zoho? 07:35 < light> Right 07:35 < squ> and its $2 per month for 25 users? 07:35 < light> No.. 07:35 < light> < squ> Secure, fast, ad-free email for business. Free for up to 25 users. 07:35 < squ> free? 07:36 < squ> 25 emails for free? 07:36 < light> Yes. 07:36 < squ> what is the catch 07:36 < light> Go read the terms and conditions. 07:36 < squ> but you've read it already didn't you 07:37 < light> What matters to one person doesn't to another 07:37 < light> One should do their own due diligence 07:37 < light> Although since it's free it's not like you can lose 08:22 < jackbrown> Could anyone suggest me a good motorized dome surveillance camera for outdoor ? 08:26 < jackbrown> hello 08:38 < Atro> No 08:41 < jackbrown> Atro, ? 08:41 < Atro> Wrong channel 08:44 < jackbrown> Atro, where can I ask? 08:44 < jackbrown> Atro, isn't related to networking? last days some user talk about surveillance systems etc. 08:45 < Atro> Idk look up reddit 08:50 < detha> The only thing 'networking' about security cameras is: put them on their own vlan, with no direct internet access. Doesn't matter if it's a $900 Axis, or a $99 Finest Chinesium, firewall it off. 08:52 < Atro> And eat all their shitty traffic 08:57 < detha> shitty traffic? we put cams in the toilets now too? 08:59 < detha> hmm. there's a product idea. rear-view camera, with a monitor on the toilet door. 09:00 < Atro> I meant all the call home, broadcast, multicast 09:02 < detha> Ah, you mean the ITCH - the Internet of Things Calling Home 09:10 < Atro> hahah 09:14 < jackbrown> detha, why no internet access ? 09:15 < jackbrown> detha, you are afraid that someone can hack the system and gather access to the camera to use against ? (for example studying how to work around the camera ) 09:16 < detha> jackbrown: because buggy or less-than-trustworthy firmware 09:16 < jackbrown> detha, ? 09:17 < jackbrown> detha, what happen if the came have buggy firmware? 09:17 < detha> basically what you said. a significant part of one of the recent DDoS botnets was security cameras 09:18 < jackbrown> detha, gosh 09:19 < jackbrown> detha, do you have any brad or system to suggest for my home surveillance ? There are too many from chinese kit all included to AXIS ultra expensive 09:20 < detha> Sorry, not enough personal experience to compare. Only IP cameras I've worked with were Axis and some other similar brand. Bit expensive for home use 09:21 < squ> detha: how expensive? 09:21 < jackbrown> detha, definitely too expensive, they don't need to break into your home to steal, they can just grabe the cameras if you install Axis 09:21 < jackbrown> squ, search i found some Axis arount 3900€ 09:21 < jackbrown> squ for a single camera 09:22 < squ> obama dollars? 09:22 < detha> squ: random Axis dome: $799 on amazon 09:22 < squ> detha: why so expensive? 09:22 < squ> that's gopro price 09:22 < detha> EUR 4K you are talking outside, color, full res under low light conditions, etc. 09:23 < squ> how do you connect them? 09:23 < detha> ethernet PoE 09:24 < jackbrown> yep PoE 09:24 < squ> into what? 09:24 < squ> local hardware server or cloud? 09:24 < detha> proprietary systems 09:24 < squ> that means homemade? 09:24 < Atro> lol 09:25 < squ> Atro: proprietary noname, what else? 09:25 < detha> that means especially made for one purpose by $company 09:25 < Atro> Organic 09:25 < squ> especially made 09:25 < squ> allright :) 09:26 < squ> detha: made with love I suppose? 09:26 < squ> what software are you using to display feeds? 09:27 < detha> given how badly the first models performed, not much love involved. After many complaints they improved them a bit 09:28 < detha> also, no feeds involved (except for setting up/debugging) 09:28 < squ> one friend told me they deployed NVR recently, plug in and that's all. I assume it has dynamic dns or camera has setup cloud account 09:41 < kur0mi> :D 09:59 < jamesP> hi, a friend of mine is performing an attack in my web server(local that i built), i found on the net that i could use wireshark and then monitor it while im not there, so i got a tcpdump file, but there is many information in there.. 09:59 < jamesP> what should i do to track something paranormal in there? 10:01 < jamesP> there many pink colour packets and some amount of green 10:02 < jamesP> the pink ones as i can see are ssh 10:02 < jamesP> and some tcp's with the ACK message 10:04 < h0dgep0dge> that's a really non-specific question 10:25 < jamesP> ohhh i found it out, its a metasploit fake file jpeg 10:25 < jamesP> from an upload form 10:50 < regdude> Is 2.5, 5G a physical standard or can it be added using software? I mean, does the OSC frequency change from 1.25G or 10G? 10:56 < mjauschwitz> G literally refers to frequency 10:56 < mjauschwitz> 2.5GHz vs 5GHz band 10:56 < mjauschwitz> 2.4 10:59 < jackbrown> hey 10:59 < jackbrown> can anyone help me to check which is the difference between the two WiFi board ? 10:59 < jackbrown> 1) https://www.ebay.it/itm/Intel-7260AC-802-11AC-AC-BT-4-0-DUAL-BAND-WiFi-WLAN-Wireless-Card-7260HMW-W041/291886890290?hash=item43f5d07d32:g:MdcAAOSw5NJakVk4 10:59 < jackbrown> 2) https://www.ebay.it/itm/Intel-HP-7260AC-802-11ac-BT-4-0-DUAL-BAND-WiFi-WLAN-Wireless-Card-7260HMW-W009/292460456940?hash=item4418006bec:g:~5QAAOSwd9Za2Gsr 10:59 < jackbrown> thanks 11:00 < squ> jackbrown: ebay page may not have specs 11:00 < squ> seller could paste anything 11:00 < jackbrown> squ, there are specs, they should be the same jut for the fact that one end with W009 and the other W041 and there's a small price difference 11:01 < jackbrown> squ, if i didn't misunderstood Intel produces just ONE 7260 Dual Band AC compatible with 300/867 speed 11:01 < jackbrown> squ, so they should be the same 11:01 < jackbrown> squ, anyway I'm looking for a mPCIe card to upgrade my laptop if you have any suggestion i'd appreciate 11:02 < squ> I'd search official website for specs 11:02 < squ> maybe it has a compare function like ark.intel.com 11:02 < jackbrown> squ, https://ark.intel.com/compare/75440,78541,75439 11:03 < squ> that's the answer, right? 11:03 < jackbrown> squ, so intel produces just one board correct ? 11:04 < jackbrown> squ, I mean with ac and Dual Band 11:04 < jackbrown> squ, 7260 of course 11:04 < squ> I have no idea, but website marked all 3 Discontinued 11:05 < jackbrown> squ, don't worry thanks for helping 11:06 < squ> you are welcome 11:06 < regdude> mjauschwitz: not wireless, Ethernet 11:11 < zenix_2k2> so guys, is there any suggestion on what networking book i should read ? 11:11 < mcdnl> regdude: i dont think so 11:11 < zenix_2k2> and please something that isn't too out-dated, like IP classes 11:11 < mcdnl> ccna its a good start 11:14 < ne2k> mcdnl, does CCNA mention IP classes? 11:18 < ne2k> zenix_2k2, I would stay well clear of Cisco, but that's just my opinionated opinion 11:18 < Roq> I think the current version still mentions classes but you don't get questions on it on the exam, everything is CIDR. CCNA is to get you introduced to various networking topics and so it still mentions classes as legacy content 11:19 < Roq> ne2k: What's your vendor flavour? 11:19 < djph> jackbrown: intel produces dozens of boards ... although if you have specific needs (e.g. 2x2), you may find that options are limited. 11:20 < jamesP> Can someone tell me whats this command do that i found from tcpdump that was run in my webserver? GET /uploads/a.gif?c=sudo%20tcpdump%20-ln%20-i%20enp0s3%20-w%20/dev/null%20-W%201%20-G%201%20-z%20test%20-Z%20root HTTP/1.1\r\n 11:20 < jamesP> the malicious user had access by uploading a .gif(metasploit file) and he was running commands through url 11:21 < djph> GET is a request to ... well, GET ... things 11:22 < jamesP> 11:22 < jamesP> that was inside in the gif file 11:22 < djph> he told your server to "get" a.gif (which it ran) 11:22 < jamesP> yea 11:22 < jamesP> and it run the above statement 11:23 < jamesP> so is this gif file a metasploit, is that how it is called? 11:23 < djph> so it ran the command "sudo tcpdump ls inp0s3 -w /dev/null -W 1 -G 1 -z test -Z root 11:23 < jamesP> yea 11:23 < ne2k> djph, minus the typos, yeah 11:24 < djph> err, some typing errors on my part, but otherwise that. 11:24 < djph> shutup ne2k :P 11:24 < djph> in other words, your webserver sucks. 11:24 < jamesP> he also run a command where he addauser 11:24 < ne2k> jamesP, are you sure it says echo '$c'; and not echo `$c`; in the file? 11:25 < ne2k> not sure how it would run it if not 11:25 < jamesP> its the second 11:25 < zenix_2k2> ne2k: and by Ciso you mean CCNA ? 11:25 < ne2k> jamesP, why did you write '' then? 11:26 < jamesP> sorry typo i couldnet get it copy paste 11:27 < jamesP> so i have to fix better the files that someone can post, like filtering them 11:27 < jamesP> anyway thanks a lot guys! 11:27 < jamesP> so that was a metasploit attack or something right? 11:28 < ne2k> zenix_2k2, I mean Cisco generally. they're overpriced, think they know everything, think their way is THE WAY, give stupid names to things that everyone else knows by other names, and are generally annoying 11:30 < djph> jamesP: well, it was someone exploiting your shitty webserver. Whether or not it was "metasploit" specifically, we can't tell. 11:31 < ne2k> why your webserver is configured to run php in files ending in .gif I have no idea 11:31 < jamesP> as i can see it was passed like a gif file 11:31 < jamesP> from the form where i only accepted gif and jpeg 11:32 < ne2k> but why is your webserver running as PHP a file ending in .gif? 11:32 < ne2k> any why is your server running as PHP anything that has been uploaded? 11:33 < ne2k> it's just configured extremely badly 11:33 < jamesP> yeaa probably chmods(executing files) or something like that, and bad filtering, anyway thank you guys for the help 11:40 < mjauschwitz> 11:40 < mjauschwitz> this code will fail 11:41 < mjauschwitz> if this is literally what was uploaded then it is non-functional 11:41 < mjauschwitz> PHP does not interpolate in single quotes 11:42 < mjauschwitz> oh i read the rest of it nvm 11:45 < zamba> i need a tool to visualize network throughput (graph) 11:45 < zamba> ntopng only graphs while the transfer is going.. i need a way to sample often and then create a detailed graph 11:46 < zamba> and i should also be able to filter out traffic 11:48 < zenix_2k2> ne2k: so can i have the title of their book please ? 11:48 < mjauschwitz> zenix_2k2: cacti? 11:48 < mjauschwitz> er 11:48 < mjauschwitz> zamba: ^ 11:49 < zenix_2k2> no i don't mean software, i mean the networking books of CIsco 11:49 < zamba> mjauschwitz: that takes a bit too much to get up and running 11:52 < zenix_2k2> oh and i also found this book https://www.amazon.com/Networking-Dummies-Computer-Tech/dp/111925776X/ref=pd_sbs_14_2?_encoding=UTF8&pd_rd_i=111925776X&pd_rd_r=6aa9bb23-785d-11e8-b657-fff5d677929c&pd_rd_w=MvqQh&pd_rd_wg=ALFHJ&pf_rd_i=desktop-dp-sims&pf_rd_m=ATVPDKIKX0DER&pf_rd_p=5825442648805390339&pf_rd_r=FW38ES3PDWDGHVQEYJAS&pf_rd_s=desktop-dp-sims&pf_rd_t=40701&psc=1&refRID=FW38ES3PDWDGHVQEYJAS, but not sure if it is too out-dated 11:52 < zenix_2k2> can someone who has read that please give me some advises ? 11:53 < djph> zenix_2k2: Tanenbaum is typically the recommended go-to in the channel (IIRC, it's even noted in the /topic) 11:54 < zenix_2k2> but there are too many versions of them 11:54 < zenix_2k2> idk which to go for 11:54 < djph> the latest? 11:55 < zenix_2k2> hm, i can't really see the releasing dates 11:55 < zenix_2k2> i think i have to get the book to know 11:55 < djph> I mean if there's version 1-4 (for example), you'd want version 4 11:55 < zenix_2k2> well ok then 11:55 < zenix_2k2> thk 11:57 < zenix_2k2> but let's just say when i have finished version 4 and in the future it releases version 5, should i also buy a read it ? 11:59 < djph> probably not 11:59 < djph> hypothetically you wouldn't need an "introductory" type book by then - so you'd just read the specs on whatever's new (or a book on the new tech) 12:01 < zenix_2k2> book on new tech ? like what 12:01 < zenix_2k2> just wanna know so i can save it back after "for dummies" 12:03 < jackbrown> hey but the AC standard is just for 5GHz? 12:25 < h0dgep0dge> got some unexpected good news this morning, some guys from the telecom are coming to install my fibre tomorrow 12:25 < h0dgep0dge> though unfortunately i won't actually be able to use it for another week, not sure why 12:46 < AlexCDev> Hi 12:46 < Gollee> AlexCDev: hi 12:46 < AlexCDev> I have a weird looking packet appearing in a tcpdump output 12:46 < Gollee> cool 12:46 < AlexCDev> "192.168.4:8888 > 192.168.1.3.rplay" 12:47 < AlexCDev> Any ideas what the .rplay is? 12:47 < Gollee> a protocol 12:47 < Gollee> https://www.arcam.co.uk/products,rSeries,Music-Streamer,rPlay.htm 12:47 < Gollee> probably 12:48 < vver> talking about wierd things i saw that chrome does wierd dns requests like lfajnhzridrxmm ; omfnlsi etc what are those? 12:48 < Phil-Work> catphish, that layer 3 provider you mentioned the other day got lost in my scrollback 12:48 < Phil-Work> who was it? 12:49 < detha> vver: chrome trying to see if anything is hijacking your DNS 12:51 < detha> AlexCDev: that's just tcpdump trying to be friendly. use 'tcpdump -nn' to see the actual port number 12:52 < AlexCDev> detha: ah cheers 12:53 < vver> lets say i have google.com in dnsmasq.conf (router) pointed to 127 will chrome be able to go back to google servers? 12:53 < AlexCDev> Gollee: Someone's been using the office raspberry pi for airplay streaming hahah 12:53 < vver> to report this "hijacking" or smth? 13:01 < detha> vver: google has many domains besides google.com. I do not think it is for reporting back to them, but if something is hijacking nxdomain the browser may warn you 13:02 < vver> i have a list of google domains added 13:05 <+catphish> Phil-Work: hSo? 13:06 <+catphish> Phil-Work: we use them for transit, and i know they provide various related services, leased lines, etc 13:26 < ne2k> jackbrown, 802.11ac is only meant for use in the 5GHz band, yes 13:31 <+catphish> ne2k: yes 13:31 <+catphish> ne2k: see https://en.wikipedia.org/wiki/IEEE_802.11#Protocol 13:40 < djph> Watch that table though -- there's a footnote somwehere that admits the "2.4GHz" rates are specific to 802.11n 13:49 < o0oScoRcHo0o> do any of you use smokeping? if so, I am trying to figure out what i did wrong. I get the data I need but my host is showing 2 graphs for each time period. One is correct. One says Last X Hours from "master server" and its blank.. Where "master server" is my main smokping server. I have the data i need but just want to clean up those weird duplicates 13:49 < o0oScoRcHo0o> i tried just removing the rrd files from /var/lib but no luck 13:58 <+catphish> djph: err what? the rates are all listed for specific protocols 14:02 < djph> catphish: oops, I'm thinking of this page -- https://en.wikipedia.org/wiki/IEEE_802.11ac#Advertised 14:04 < djph> someone was getting confused by that table Wed or Thu last week, since the *page* is for 802.11ac ... but it's showing info for the 802.11n capabilities on dual-band products 2.4Ghz. 14:04 < djph> *2.4GHz radio 14:05 <+catphish> a lot of people don't realise the advertised speeds on ac devices are for 5GHz only :) 14:06 < djph> catphish: the guy was getting confused, and was a tinfoil nutter that the 2.4 GHz was going to give him cancer or something. 14:06 <+catphish> lol 14:07 < djph> so he wanted to use 802.11ac, but get the max throughput with 5 GHz only ... and was a bit broken-record on "but the table shows it's using both!" 14:07 <+catphish> oh those ratings that add both together are just dumb 14:13 < djph> no, it wasn't a rating -- he was thinking that to get the "full throughput" of 802.11ac, he needed both the 5 GHz (to get ~800) and the 2.4 GHz (to get ~300), and didn't understand that to get 1300mbps (or whatever), he needed a 3x3 802.11ac card / AP 14:14 < djph> and the table on that page didn't help any, at least when he was reading it, because he mistook the "oh, and it does 300mbps on 802.11n 2.4 GHz" column as "see, it does 802.11ac on 2.4 GHz" 14:16 < sparrowsword> connected to my vpn.. how to i get port 80/443 forwarded to 1194? im using a raspberrypi as my server and a ubuntu vm as my client 14:18 < ne2k> sparrowsword, wut 14:19 < djph> ^ 14:19 < sparrowsword> ne2k: perhaps i misunderstand vpn, but why does my ip of my physical computer resolve to the same ip as my vm? 14:19 < sparrowsword> when i am connected to the vpn 14:19 < djph> it doesn't 14:20 < sparrowsword> do i need something like... sudo iptables -t nat -A PREROUTING -p tcp --dport 443 -i eth0 -j REDIRECT --to-port 1194 14:20 < ne2k> sparrowsword, take a step back and explain slightly more about what you're actually trying to do, and what the setup is, as we currently have no clue what you're doing 14:20 < sparrowsword> im trying to connect to a vpn to alter my ip address on the virtualmachine using workstation 14:20 < mercxry> sparrowsword Your traffic goes to your vpn then from your vpn to the site you're connecting, then the response goes back to your pc 14:21 < sparrowsword> the workstation vm is connected to my openvpn server on my pi 14:21 < ne2k> sparrowsword, you're talking about "my vpn" and "the vpn" and "my physical computer" and "my vm", but we have no idea what any of those things is or how they are connected together 14:21 < sparrowsword> mercxry: thats what i thought... perhaps im not connected... 14:22 < sparrowsword> ne2k: i am using pivpn on my raspberrypi 14:22 < sparrowsword> ne2k: and i am using this computer, the one i am talking to you with to run a virtual machine, and that virtual machine is connected the the pivpn/raspberrypi 14:23 < sparrowsword> however, when i go ipchicken for example, it resolves this computers ip as the same ip as the vm 14:23 < djph> sparrowsword: I assume that "this computer" and "the pi" are in two physically separate locations. Correct? 14:24 < sparrowsword> yes 14:24 < djph> OK, and that you've enabled "push redirect def1" (or whatever) on the ovpn server.conf, correct? 14:25 < ne2k> did anyone mention openvpn? 14:25 < ne2k> oh, yes, he did 14:25 < djph> ne2k: it's "pivpn" on a raspberry pi ... pretty sure that's ovpn based. 14:25 < djph> ne2k: although I could be wrong :( 14:25 < ne2k> sparrowsword, where is the pi? 14:26 < sparrowsword> on my desk, this computer is at my feet 14:26 < sparrowsword> will this not work sudo iptables -t nat -A PREROUTING -p tcp --dport 443 -i eth0 -j REDIRECT --to-port 1194 if i am using a bridged connection to the vm? 14:26 < sparrowsword> not sure what nat is 14:26 < ne2k> sparrowsword, so when you said "yes" to " sparrowsword: I assume that "this computer" and "the pi" are in two physically separate locations. Correct?", that was incorrect? the pi and the computer are both in the same location? 14:27 < sparrowsword> this computer is not the same as the pi 14:27 < ne2k> sparrowsword, the question was not whether the computer was the same as the pi, the question was whether they were located at the same physical location 14:28 < sparrowsword> are they local? yes 14:28 < ne2k> by which we mean, you know, like, building level, not, like, to the millimetre 14:28 < sparrowsword> yes 14:28 < mercxry> And you have separate public ip for them? 14:28 < sparrowsword> no 14:29 < sparrowsword> thought vpn changes this 14:29 < mercxry> The VPN IP should be different to change 14:29 < mercxry> It's not magical 14:29 < sparrowsword> you mean the pi ip has to be different to change the public ip of the vpn? 14:30 < ne2k> sparrowsword, NO ONE IS CHANGING ANY IPS 14:30 < ne2k> you cannot CHANGE your IP. you can masquerade certain traffic behind a differnet public IP address by means of tunnelling 14:30 < sparrowsword> that is what i am trying to do 14:30 < djph> sparrowsword: to clarify my enquiry -- the "two locations" are, e.g. your home and your mom's house (or home and office, or home and starbucks, etc.) 14:31 < sparrowsword> home & home 14:31 < mercxry> ne2k Thanks for the explanation, by changing the IP he mean masquerading 14:31 < djph> not "one is upstairs, and the other in the basement" 14:31 < sparrowsword> they are in the same room 14:31 < ne2k> sparrowsword, and, by the way, a "service that offers you masquerading behind a remote IP address" is NOT what "a VPN" means 14:31 < sparrowsword> mercxry: i am attempting to create something like a proxy 14:32 < mercxry> sparrowsword Yeah I understood that, but you can't with the same IP on 2 machines 14:32 < ne2k> sparrowsword, what is your end goal? that the apparent public IP of the VM should be something remote? if so, what is the purpose of the Pi? why not just run the masquerading proxy client on the VM? 14:33 < sparrowsword> the purpose of the pi was to masquerade the public ip for the vm 14:33 < sparrowsword> my end goal is to have the vm have a different public ip than the one on this computer 14:33 < djph> sparrowsword: that's not doing to work if the pi (and the VM) are on the same network (i.e. at home) 14:33 < sparrowsword> or the pi vs this computer 14:34 < djph> your router (presumably provided by the ISP) will be the ultimate arbiter of the IP address masquerade. 14:34 < sparrowsword> djph: so something like privatetunnel offers a vpn that is different than the vpn that i can create at home? 14:35 < ne2k> djph, my understanding is that the pi was running a masquerading proxy client 14:35 < djph> yes, you connect to *their* servers somewhere "not at home". 14:35 < sparrowsword> was under the impression from ##programming that this was possible at home :-/ 14:36 < djph> ne2k: I think he's perhaps getting confused about two different things. (1) general IP address masquerading and (2) what a VPN actually does. 14:36 < sparrowsword> let me ask another question... 14:36 < ne2k> sparrowsword, are you saying you don't already have an account with one of these masquerading proxy "VPN" services? 14:37 < sparrowsword> if i am going to ipchicken.com using this computer, i will get a specific ip address, when i use privatetunnel vpn i get a different ip address 14:37 < sparrowsword> ne2k: at this current moment, no 14:37 < ne2k> you are contradicting yourself. what is privatetunnel if it isn't one of those services, and how are you using it if you don't have an account? 14:37 < sparrowsword> why is it when i use someone else's vpn, i get a different ip address, but when i use my own vpn, i get the same public ipv4 14:38 < sparrowsword> ne2k: i was using them as an example of something besides my own vpn 14:38 < ne2k> sparrowsword, it is not at all clear what "your vpn" is 14:38 < ne2k> sparrowsword, yes, but you're saying it works, so you must have used it? 14:38 < sparrowsword> an openvpn server on the raspberrypi 14:39 < sparrowsword> privatetunnel works, yes i have used it 14:39 < sparrowsword> it seems that they route all traffic to one port 14:39 < djph> they do 14:39 < ne2k> sparrowsword, and you are running privatetunnel client on the pi? 14:39 < sparrowsword> ne2k: no 14:39 < ne2k> djph, dafuq 14:39 < sparrowsword> privatetunnel was in the past 14:39 < ne2k> sparrowsword, so what is the apparent public IP of the pi? 14:40 < sparrowsword> the same 1 as this computer 14:40 < ne2k> sparrowsword, so have you examined your brain for damage? 14:40 < sparrowsword> 73.190.110.8 14:40 < ne2k> sparrowsword, how on earth is it going to give a different apparent public IP to the VM? 14:40 < sparrowsword> thats a contradiction.. 14:40 < djph> ne2k: here's what he's doing (1) had a tunnelbear/privatetunnel/pia/etc. account, got tired of paying money. (2) set up a pivpn (ovpn) server at his house. (3) is confused that "remote masquerade" is different than the "local masquerade" of his router. 14:40 < sparrowsword> thought creating my own vpn was the same thing as privatetunnel creating theirs 14:41 < djph> sparrowsword: it is; but you're thinking about it backwards. 14:41 < ne2k> sparrowsword, yes, and this sort of thing is the exact reason why I absolutley cannot stand people referring to their service as "a VPN" 14:41 < sparrowsword> wtf... 14:41 < sparrowsword> what else to call it? 14:41 < djph> ne2k: mind slowing down for a moment, lemme explain this to the guy. 14:42 < ne2k> djph, sure 14:42 < djph> sparrowsword: OK, so PIA/tunnelbear/etc. they run a series of openVPN servers "somewhere on the internet". When you connect to their services, they "hijack" your routing table to send everything through their service. 14:42 < sparrowsword> so lemme clarify.. remote masquerade is not possible at home 14:43 < ne2k> but you agree that the entire reason for this confusion is people saying that that service /is/ "a VPN"? it's not a fcuking VPN. it might use a VPN as part of the service, but that does make it "a VPN" 14:43 < sparrowsword> okay 14:43 < djph> sparrowsword: correct; at least not when routing through two machines "at home". 14:43 < djph> ne2k: yes, I agree. 14:44 < sparrowsword> does or does not make it a vpn ne2k: 14:44 < djph> sparrowsword: now, since they're "somewhere on the internet", when you connect to them and test your public IP, the site you use (ipchicken, whatever) sees the request coming from PIA (etc.) 14:44 < ne2k> sparrowsword, perhaps you ought to explain what it is you are ACTUALLY trying to do. it may be possible to offer a solution that doesn't involve any of this. !xy 14:44 < lupine> run yo own 14:44 < sparrowsword> djph: okay... so for in order for my vpn to work... i need to have the raspberry pi at a different location 14:45 < djph> sparrowsword: or have the "testing computer" itself at a different location. 14:45 < sparrowsword> right 14:45 < sparrowsword> so proxies it is? 14:45 < sparrowsword> dedicated proxies* 14:45 < sparrowsword> or vps...yeah 14:45 < djph> sparrowsword: here's the thing though, a VPN isn't really *intended* to do this kind of proxying. I mean, it can and does ... but that's like saying a 1k horsepower musclecar is a "family car" 14:46 < sparrowsword> hence proxies 14:46 < sparrowsword> what im trying to do is hide all my hardware 14:46 < sparrowsword> or masquerade it 14:46 < djph> use a NAT router, done. 14:46 < ne2k> sparrowsword, it depends what you are actually trying to do this for. perhaps you want to test accessing a service you are running at your location from outside. perhaps you want to prevent your traffic being tracked. perhaps you are just doing it for fun. please tell us what you are actually trying to do this for 14:47 < sparrowsword> prevent it from being tracked, trying to start goldfarming 14:47 < djph> I mean, "hardware" information (MAC address) doesn't traverse NAT. 14:47 < djph> (granted, some javascript can always ask the browser for that info) 14:48 < sparrowsword> not using a browser 14:48 < sparrowsword> using a .jar 14:48 < sparrowsword> or .exe 14:48 < djph> the point being, *a program* can always tell you what it's running on. 14:48 < sparrowsword> no idea what port is being used 14:48 < sparrowsword> even with vpn? 14:48 < djph> since, well, it's physically on the machine. 14:49 < ne2k> sparrowsword, what are you trying to prevent from tracking what? 14:49 < djph> a VPN just moves traffic points, kinda like taking a detour when the freeway is being worked on. 14:50 < sparrowsword> i want to run this .exe/.jar on 5 instances having no apparent connection to the computer running it, hate to say it, but kinda like a botnet 14:50 < ne2k> sparrowsword, spin up five VMs with tails.iso, run in that 14:50 < sparrowsword> djph: so the destinations are still the same? from A to B? 14:51 < sparrowsword> ive heard of / used tails very very very briefly before.. does it allow dedicated ips? 14:51 < sparrowsword> i mean i dont think it does... 14:51 < sparrowsword> since it runs live 14:51 < ne2k> dedicated IPs? 14:51 < djph> sparrowsword: yeah, but the route changes. (and ofc, when we throw masquerade into the mix, other things "look" different) 14:51 < sparrowsword> i need static ip addresses... 14:51 < ne2k> sparrowsword, you can pin to an exit node in tor 14:51 < sparrowsword> oh? 14:52 < sparrowsword> onion router? 14:52 < ne2k> https://www.torproject.org/docs/faq#ChooseEntryExit 14:52 < ne2k> sparrowsword, tor is included in tails 14:52 < sparrowsword> interesting 14:53 < sparrowsword> does tails mask hardware? 14:53 < ne2k> anyway, your support has just come to end as you've basically told us that you're trying to do something illegal, so, see ya later, kthxbai 14:53 < sparrowsword> or whatever is running the exe/jar 14:53 < sparrowsword> not really illegal... 14:54 < sparrowsword> do appreciate the help though ne2k: djph: 14:55 < djph> "goldmining", as in "running wow or whatever the fotm-rpg is?" 14:55 < sparrowsword> is it? 14:55 < djph> I have no idea, which is why I'm asking what you meant. 14:55 < sparrowsword> dont think its illegal... just not in the terms of service... so frowned upon, but not illegal 14:56 < sparrowsword> as far as i am aware 14:56 < ne2k> djph, goldfarming, afaik, is running bots to earn in-game currency so that you can then sell it for real money 14:56 < djph> ... i mean, if that's what you're doing; you're a douchenozzle and should be mercilessly hunted and murdered by every player of whatever game it is (ingame, of course). 14:56 < sparrowsword> so if i bought gold is that illegal too? 14:57 < sparrowsword> perhaps im just creating alternate accounts for myself? 14:57 < ne2k> sparrowsword, anyway, clear off 14:57 < djph> ne2k: far as I've ever seen, trading real money for "ingame items" isn't breaking any laws. Ingame rules, sure. Not to mention they're shady as all fuck, and now in addition to your gold, you've also bought several swedish-made penis enlarging pumps. 14:58 < sparrowsword> loL 14:58 < agent_white> Mornin' folks 14:58 < sparrowsword> djph: ^ 14:59 < sparrowsword> ne2k: * 14:59 < djph> with the (afaik) only real legit one (at the time I still played MMOs) having been Eve Online, with their ability to sell "game time cards" (30d sub extension for ~$14.99) for ingame money. 14:59 < sparrowsword> yeah... arcage 14:59 < sparrowsword> did the same lolz 14:59 < sparrowsword> redefining P2P 14:59 < ne2k> djph, computer games are a waste of computers 15:00 < djph> but they were CRAZY strict with it -- to the point where if you scammed the GTC sales, you get permabanned. 15:00 < ne2k> agent_white, 14:00 but hey 15:00 < djph> ne2k: meh, Eve was really more a spreadsheet frontend than a game. 15:02 < djph> ne2k: but yeah, I don't have time for that fun either. 15:03 < sparrowsword> eve was fun tho 15:03 < djph> sparrowsword: short version - don't. Long version - goldsellers/buyers should all be mercilessly hunted to extinction, they're the bane of any games economy. 15:03 < sparrowsword> the game im playing actually cant function without them... 15:03 < djph> yeah, it was, until the WoWtards ruined it (also, Greed is Good). 15:04 < sparrowsword> its why they stopped chain banning... 15:04 < djph> then the devs have to put in proper floor / ceiling items (e.g. the racial shuttles in Eve) to keep the economy from going too tits up. 15:06 < djph> but in either event, it's not a "networking" thing. 15:06 < johnwick200> hello! 15:07 < johnwick200> so my isp company have an offer of 200mbps 15:08 < johnwick200> well im connected with fttc 15:08 < johnwick200> fiber to the cabinet 15:08 < johnwick200> so i have other 250 meters of coaxial cable 15:08 < johnwick200> how is possible from this 250 coaxial cable to pass up 50 mbps? 15:08 < johnwick200> close to 100 15:10 < dogbert_2> hey djph 15:18 < djph> johnwick200: what? 15:18 < djph> hey dogbert_2 15:19 < dogbert_2> what is new? 15:19 < djph> johnwick200: DOCSIS 3.x can do 1gbps or better ... IIRC it's something like ~40 mbps per channel (and it bonds up to 32 channels or something) 15:19 < djph> not much here dogbert_2; you? 15:21 < dogbert_2> same here, gonna get into the shower 15:28 < superkuh> Plenty of bandwidth in a coax cable that can pass up to 2.5 GHz. Even just the normal <100 MHz channel. 15:28 < superkuh> Er, s/channel/span/ 15:30 < superkuh> http://x264.nl/dump/ziggo_docsis3.0_2018-03-23-full-spectrum.jpg 15:39 < wind_swept> i have an HP C7000 blade chassis which keeps shutting down certain ports for what HP support claim is a "broadcast storm" 15:39 < wind_swept> no other devices on this subnet / vlan appear affected, including other C7000 chassis, though those are located on separate physical switches 15:41 < lithiumpt> humm, maybe PSU problems? 15:42 < wind_swept> power supply? 15:42 < lithiumpt> yes 15:42 < lithiumpt> aah nevermind 15:42 < lithiumpt> broadcast storm as in 15:42 < lithiumpt> arp broadcast 15:43 < wind_swept> as in broadcast traffic supposedly 15:49 < ice9> there is no 3com routers anymore? 15:49 <+catphish> i doubt it 15:49 <+catphish> in fact i've never seen one 15:50 < ice9> so if we compare 3com vs linksys, both old models, which one is better? 15:50 <+catphish> i think you'd have to compare the devices, not the manufacturers 15:59 < djph> although, it also depends *when* the devices were made. I mean, for a while there 3com was (IIRC) pretty highly reputable. Linksys has had good models (WRT54G), but well, one of many isn't that great of a track record. 16:00 <+pppingme> 3com was highly reputable in the enterprise market, their consumer stuff was junk 16:00 < Fieldy> ^ 16:03 <+catphish> yeah, i remember 3com being a good brand, but looks like they made cheap stuff too, probably similar quality to any other soho gear 16:04 < djph> pppingme: ah, I never saw their stuff in "consumer" arenas (but then again, they were near on dead by the time I was consciously in networking) 16:05 < spaces> where are the sexy admins ? 16:05 <+pppingme> most of their superstack stuff seemed ok 16:05 <+pppingme> spaces I'm here 16:05 < spaces> pppingme good, now someone sexy :P 16:05 < lupine> clearly me 16:05 < djph> I think he's looking for the goatse guy ... or maybe tubgirl 16:06 < spaces> lupine clear === virginity ? 16:06 < spaces> djph you are just jalous :P 16:06 < lupine> not in any language I know 16:06 <+catphish> spaces: could you maybe just stop being weird? 16:06 < lupine> have a sexy picture: https://github.com/lupine 16:06 < spaces> lupine maybe as Brandson 16:06 < spaces> oh damn can we handle that ? 16:07 < lupine> doubtful 16:07 < spaces> my PC is haviung dififculties rendering that photo, it tries to block it 16:08 < spaces> catphish yeah I try :) 16:08 < djph> lupine: I don't even want to know ... 16:09 < spaces> djph it makes you curious doesn't it ? 16:09 < djph> lupine: ... I mean, internet-senses are tingling, and I'm expecting it to redirect to http://goatse.cx or something. 16:09 < lupine> it's just my github profile pic, from before I got a bit fat :p 16:09 < spaces> the right moment to idle on any social media as well :P 16:10 < spaces> IRC is the way to go then 16:10 < spaces> meh my coffee @ 3pm kicked in werid 16:10 < spaces> weird 16:11 < spaces> I need to collect hay in about 2 hours 16:11 < spaces> 200 packs at least 16:14 < djph> lupine: that's not nearly as fun as the deeply-ingrained reaction to most (every) link posted by someone else. 16:15 < djph> lupine: it's probably enough that in our current left-wing libtard society, I should be screaming how you're promoting hatespeech and I need a safe space to protect me from the images... or ... something like that ... maybe? 16:19 <+catphish> lol @ libtard society 16:23 < djph> catphish: better than the UK at the moment (errr, if news isn't just trying to be inflammatory ... which it may well be being) 16:24 <+catphish> i have no idea, you can't compare a country you're in to another country based on international news 16:24 < djph> yup 16:25 < djph> I mean, I'm only ever gonna see the "big" stuff 16:26 <+catphish> indeed 16:27 <+catphish> most international news about the USA these days is the president doing something retarded, dunno about the UK, i assume something about brexit 16:27 <+catphish> we're really screwing ourselves on that one 16:28 < kuahara> hey, catphish can I pick your brain on something this morning 16:28 <+catphish> we didn't really have much political polarization until brexit, now it's (hopefully temporarily) awful 16:28 <+catphish> kuahara: ytes 16:28 <+catphish> *yes 16:28 < djph> maybe, maybe not. Seems EU's kinda sending themselves down the crapper. TBH, most of the international news I see is "ohwait, open borders for middle-easterners was a bad idea" 16:29 <+catphish> oh yeah, i forget america thinks the UK is being overrun by dangerous muslims 16:29 < kuahara> I brought this question to the channel yesterday. https://pastebin.com/id1EuYaU and qman__ suggested a problem in utilizing SMB that might be causing this. Just curious what you think. 16:29 < regdude> does anyone knows when UK will leave EU? Just wondering when ordering stuff from there will cost a fortune 16:30 <+catphish> regdude: 29 Mar 2019 16:31 < djph> catphish: nah, that's just the news slant on it (also "was overrun" -- past tense) 16:31 <+catphish> regdude: unless agreed otherwise, and frankly, it doesn't seem like we can agree our way out of a paper bag 16:31 <+catphish> the reality is that most of our immigration problem (if you believe immigration is a problem which many people do) is from cheap labourers, not religious crazies 16:32 < regdude> aren't you happy that you can have sub-primates do the dirty work for you for a slice of bread? 16:33 <+catphish> there's not much religion here to speak of, i always find it ironic that the UK (a country with an official religion) has almost no religious involvement in politics, whereas the USA (a country with laws against interference of religion in politics) seems to have a lot more of it 16:33 < kuahara> For what it's worth, I am having the same problem this morning in 2 out of the 3 test counties. The 3rd one is working fine. 16:34 <+catphish> like, politicians here would never mention their religion, and while some poeple have a bit of a fear of eastern religion, you wouldn't win any votes by being a christian :) 16:34 * catphish looks at kuahara's wall of text 16:34 < kuahara> it's a small wall =o 16:35 <+catphish> kuahara: i'd put 1 of my british pounds on it being an MTU issue 16:36 <+catphish> put some aggressive MSS clamping on the vpn server 16:36 < kuahara> is it easy to resolve? 16:36 <+catphish> yes 16:36 <+catphish> if i'm right 16:36 < djph> catphish: it's the other way around. "Separation of Church and State" isn't "religion can't sway you" it's "the state leaders cannot ALSO be religious leaders" -- as opposed to The Church of England, etc. 16:36 <+catphish> you just need a firewall rule to limit the TCP MSS on packets going through the vpn 16:36 <+catphish> djph: that makes sense 16:36 < kuahara> Can I set such a rule in Windows Firewall? 16:37 < kuahara> Also, would that explain why the problem seems intermittent on 2 of the 3 test machines? 16:37 <+catphish> djph: i guess that's why you can't have the state trying to indoctrinate children into any particular religion in schools, etc 16:37 < kuahara> My home PC for example had this issue once, but all other days I tested, it worked fine. My work PC had this problem every other day. The public workstation that the user initially called in about has the problem religiously, every day. 16:37 <+catphish> kuahara: i'm not sure about windows firewall 16:37 < lupine> in .uk, state schools have a legal duty to inculate christianity into their children 16:37 < lupine> acts of christian worship, etc 16:38 <+catphish> lupine: actually we have different schools with different religions, but many are "church of england" and do indeed teach christian worship 16:38 < djph> catphish: well, that's actually more recent, with (IMO) crazies who were pissy we'd have prayer in class (or not) depending on the teacher / class / whatever. (Or prayer services - even if 'nondenominational' - for a kid killed in a horrific accident / cancer / etc.) 16:38 < dw5304> good morning guys i have an issue with a cisco asa 5510 with an ipspoofing related issue and was looking for some help as to how to fix it. from inside the network if we attempt to goto a wan address that is routed to us from upstream im getting a IP spoof denied message, that said ip spoofing is disabled and was looking for a littel insight on how to fix it. 16:38 < lupine> catphish: I am referring to non-religious schools, owned and operated by local authorities 16:38 < kuahara> I'll call the clerk's office and see if they have a hardware firewall I can get access to 16:39 < lupine> as distinct from religious schools, owned and operated by local religious communities such as the church of england, catholics or muslims 16:39 <+catphish> lupine: well they can practice whatever religion (or none) that they want, we have muslim schools, christian schools, probably atheist schools 16:39 < lupine> they are actually exempt from thw requirement, IIRC 16:39 < lupine> catphish: right, but the official state schools *must* inculate christianity 16:39 < lupine> it is their legal duty to do so 16:39 < djph> catphish: although, I really haven't done much research into it; barring seeing *some* news coverage lately that teachers are apparently trying to indoctrinate islam. 16:39 <+catphish> lupine: that seems plausible 16:40 <+catphish> lupine: most state schools i see are christian, it is our official religion (lols) 16:40 < lupine> yeah 16:40 <+catphish> i don't thin many take it very seriously these days though 16:40 < lupine> no. we're an official theocracy and it has concerete implications for our schooling and other systems 16:40 <+catphish> and luckily, regardless of what religion they practise, they have a more serious legal duty to teach about all religions 16:41 <+catphish> my school was christian, all but about 2 students there thought it was retarded 16:41 < kuahara> catphish they have a cisco meraki firewall 16:41 <+catphish> so i'm not particularly worried about it 16:41 < kuahara> The fix can be implemented there? 16:41 < jackbrown> Something that I still don't understand can you help me ? I'll explain 16:41 <+catphish> kuahara: probably not, depends where the VPN endpoints are 16:42 < djph> jackbrown: ask away 16:42 <+catphish> kuahara: it has do be done somewhere the traffic isn't encrypted 16:42 < kuahara> The is on the client's networko by the way, not ours. The VPN endpoint is inside our datacenter. I have no idea what they are using. Our parent company actually owns the datacenter. 16:42 < jackbrown> Smartphone : Xiaomi Mi5 connected in front of the router 5Ghz 433Mbps, trying to transfer a file from the USB attached hard drive (it's 3.0 and the router has 3.0 port ) I only get 5 Megabyte per second. Is that normal ? 16:43 < jackbrown> Router FRITZ!Box 7490 16:43 <+catphish> lupine: as long as theresa doesn't start thinking anything can be solved with thoughts and/or prayers i'll be ok 16:43 < djph> jackbrown: USB is CPU-limited ... I imagine your router has a pretty shit CPU. 16:43 < jackbrown> djph, it's a FRITZ!Box 7490 16:44 < kuahara> catphish we have lots of cloud based customers that operate out of that same datacenter, though. They are spread across multiple counties in Texas. Only this 1 customer on this 1 PC has this issue. Does that still lend itself to the idea of this being an MTU issue in our datacenter? 16:44 < djph> jackbrown: not to mention actual capabilities of the phone itself, whether or not you're holding it wrong (note, typically limited to Apple iDevices), etc. 16:44 <+catphish> jackbrown: there are loads of likely bottlenecks there, i'd always test the wifi speed before anything else 16:44 < jackbrown> djph, https://wiki.openwrt.org/toh/avm/fritzbox.7490 16:45 <+catphish> kuahara: the MTU issue can be caused anywhere along the route, it could be at either end, or between 16:45 <+catphish> most likely at the customer end 16:45 < kuahara> so can I fix this on their firewall instead of our datacenter's? 16:45 <+catphish> if it's suddenly happening to lots of customers, i admit it's less likely 16:45 < djph> 500MHz dual-core proc -- yeah, that's pretty slow ;) 16:45 < dw5304> sure is :) 16:45 <+catphish> kuahara: anywhere on the route where the traffic isn't encrypted 16:45 <+catphish> kuahara: even on the client PC 16:46 < jackbrown> djph, really? does it limits just USB ? 16:46 < kuahara> catphish well. I can log into this 1 customer's product from a completely different county, pull up the same case in our software, and reproduce the problem here. I am more than a hundred miles away from the customer. 16:46 < djph> jackbrown: well, it limits *everything* that's reliant on the CPU 16:46 < jackbrown> djph, or for example if I have a 500Mbps incoming from internet I'll have the same issue? 16:46 < kuahara> But 0 other customers have this issue. and we have customers in 70 counties 16:46 <+catphish> kuahara: i could of course also be wrong 16:46 < dw5304> catphish have you guys looked at mms yet? 16:46 < kuahara> the traffic is not encrypted by the way 16:46 <+catphish> but it's an easy fix to test on one client 16:46 < jackbrown> djph, why does it have 3.0 USB ports then ? Doesn't make any sense don't you find ? 16:47 <+catphish> dw5304: no, i don't even have sms 16:47 < djph> jackbrown: depends - many router chips tend to have a "routing processor" that's separate from the CPU. Think using an nVidia graphics card instead of intel onboard (etc.) 16:47 < kuahara> This is a public viewstation and everything it has access to is public information 16:47 < dw5304> catphis mms is not sms :) 16:47 <+catphish> no it's not 16:47 < jackbrown> djph, ok I got the concept but i don't undersand why it has 3.0 usb port 16:47 < kuahara> how would I fix it just on that 1 machine? 16:47 <+catphish> dw5304: but it's related :) 16:48 < djph> jackbrown: cost; because bigger is better; because consumers; because everyone else does it; because any number of reasons 16:48 < jackbrown> djph, this is a really serious brand it's german a lot of good reviews 16:49 < dw5304> jackbrown, if u want fast transfer speeds have a dedicated device to it something thats not doing everything else speeds will drop depending on what is being used on it... some times mfg just suck 16:49 < dw5304> when it comes to cpu related things 16:50 < kuahara> I issued "netsh interface ipv4 show subinterfaces" on the problem machine. It shows 6 entries and the MTU is 1500 in all cases. 16:50 < djph> jackbrown: so? they can have "meh" models just as well as good ones. 16:51 < jackbrown> djph, meh ? 16:51 < kuahara> The MTU is 1500 in all 3 counties where I am testing. Things are only working properly in 1 of those counties right now. 16:52 < kuahara> On my home and work machines, I have some entries that are 1300 and 1400, but the openvpn interface is 1500 on all of them. 16:54 < dw5304> anyone able to help with a cisco asa 5510 ip spoofing related issue? 16:56 <+catphish> kuahara: right, so the VPN is trying to send 1500 byte packets, but if anything along the way is smaller than that, it will break 16:56 <+catphish> kuahara: you can probably do a quick test fix by setting the MTU on the vpn interface to 1200 16:57 <+catphish> that's how i normally test this, it's not the right fix, but it's a quick way to test 16:57 < SoniEx2> can we fix the web yet? https://cybre.space/@SoniEx2/100265981412168793 17:01 <+catphish> SoniEx2: LTE cells don't see plain data? 17:05 < SoniEx2> catphish: no, core network data (MME/NAS messages) are encrypted separately 17:05 < djph> jackbrown: essentially "nothing special". 17:05 < djph> jackbrown: (e.g. "cheap" or "poor quality") 17:05 < SoniEx2> so the LTE cell can't read your texts 17:06 <+catphish> SoniEx2: that's cool 17:06 < SoniEx2> idk about IP 17:06 <+catphish> SoniEx2: nothing could be worse the GSM :) 17:06 <+catphish> no authentication of the provider at all 17:07 <+catphish> i wonder if there are downgrade attacks against LTE to get people onto an unauthenticated GSM network 17:07 < nickster> so brocades require a license to use sfp+ 17:07 < SoniEx2> yes 17:07 < djph> catphish: "probably" 17:07 <+catphish> i suspect there are, since 17:07 < SoniEx2> I use them 17:07 <+catphish> *since phones will fall back to that if they fail to connect to LTE 17:08 <+catphish> so all you have to do is break it 17:08 < nickster> anyone got any recommendations for a switch with 4 sfp+ and some normal gigabit 17:08 < SoniEx2> actually I'm in the middle of testing one 17:08 <+catphish> nickster: those are absurdly expensive :( 17:08 < nickster> like $200-$250 is the cheapest from what im seeing 17:08 <+catphish> yeah 17:09 < nickster> https://www.ebay.com/itm/CISCO-WS-C4948-10GE-48-Port-Gigabit-Layer-3-Switch-entservices-15-0-ios-4948-10G/263234706193?epid=74127873&hash=item3d4a02db11:g:WDIAAOSwurVZzSS0 17:09 < nickster> too bad the brocade one is like $150 17:09 <+catphish> i have a couple of netgear ones, i use netgear switches for everything, and they're the only people to have a sanely priced device with 4 x SFP+ 17:09 < dw5304> nickster look into CRS328-4C-20S-4S+RM 17:09 < SoniEx2> we'll see if my attacks on LTE work 17:09 < SoniEx2> :) 17:09 < djph> nickster: sounds a bit ... specialist. I mean, for a couple hundred you can get 48 copper + 2-4x SFP (or 2/2 SFP/SFP+) 17:09 <+catphish> though these days i'd probably look for a second hand juniper 17:10 < kuahara> ok, so I did the test using ping 4.2.2.2 -f -l 1272 and I get successful responses. As soon as I bump it up to 1273, it errors out saying the packet needs to be fragmented but DF set. 17:10 < kuahara> (sorry, had to afk for a bit, just now getting to this) 17:11 < kuahara> Random google result says that I shouldn't be setting MTU below 1400. So what's the right answer in this case? 17:11 < kuahara> I guess I need to set the MTU to 1272 and see if this image works real quick as well. 17:11 <+catphish> kuahara: anyone that says you shouldn't set the mtu below 1400 is just plain wrong, there's nothing special about 1400 17:12 <+catphish> but setting a low MTU is a good way to test if you have a problem with packet sizes 17:12 <+catphish> what you actually need to set it to is more complicated, but get it tested first 17:12 < lupine> pmtudisc 17:12 < lupine> what the endpoint mtu is doesn't matter very much 17:12 <+catphish> kuahara: if ping stops at 1272 the your mtu is already quite low 17:13 <+catphish> and probably negotiating properly 17:13 <+catphish> if it's not that then it's something in windows and i wouldn't like to guess :( 17:15 < kuahara> I looked at the MTU on the openvpn interface via the windows gui and it showed it was set to 1500 by default only. Not sure any negotiating happened. I also changed it to 1272 using that same interface. Not sure if you're a Windows person or not, but will setting it via the GUI be persistent? 17:16 < kuahara> ugh... well... this does not solve the problem. 17:16 < kuahara> I guess I can try setting it lower than 1272 instead of putting it right at the max 17:21 < kuahara> I've set MTU all the way down to 1200. This image is still taking forever to open via our software. When I open the same document via Adobe reader by browsing into the share and just double clicking on it, it opens instantaneously. 17:21 < dw5304> sounds like a software bug 17:22 < kuahara> it would sound that way, except this exact same software is running in the same configuration, connected via the same VPN, on test machines in other locations, opening up the same civil cases, and viewing the same document without issue. 17:22 < kuahara> we've reinstalled it from the ground up just to rule that out, too. 17:22 < dw5304> how about the age of the machine thats running the software? 17:23 < kuahara> and removed all the various protection software for testing. Turned off firewalls, removed antivirus and antimalware software, etc... 17:23 < Poster|n> Are you running a standard 1500 MTU on the server at the datacenter? 17:23 < kuahara> Poster|n I would imagine so, I don't have access to that. The image itself is sitting on a Buffalo Terrastation. 17:24 < Poster|n> Ok yeah probably running 1500 there, I've had some issues where a large packet was sent that needed fragmentation to traverse a VPN link. If ICMP fragmentation needed is not permitted, the connection will seemingly "freeze" 17:24 < kuahara> I don't want to go changing the MTU there right now anyway because I noticed when I changed it on the VPN interface on the client machine that it was disconnecting the VPN for a few seconds, then reconnecting 17:25 < kuahara> if I did that server side, I'd be disconnecting a lot of customers during business hours. It wouldn't go well. 17:25 < kuahara> Poster|n the image loads, it just spends 40-60 seconds loading before the first page of it shows up. Another 10 seconds go by and the 2nd page shows up in our document viewer. 17:26 < kuahara> I guess what confuses me is that when different software requests the same document over the same connection, it's received in 1-2 seconds instead of 40-60 seconds. 17:26 < Poster|n> Yeah something else may be in play, are you able to install wireshark on an impacted client? 17:26 < kuahara> I can. 17:27 < kuahara> it's already installed there. 17:27 < kuahara> I'm no pro with wireshark though. 17:27 < dw5304> when you open this is it on the same computer? 17:27 < Poster|n> might give that a shot to see if you're getting any indicators there, also take a closer look at the OpenVPN logs, make sure the connection isn't getting reset, especially if you're using the same cert/key in multiple places, by default OpenVPN only permits 1 connection per certificate 17:27 < kuahara> dw5304 open what? 17:28 < dw5304> when you are opening this in adobee 17:28 < dw5304> is it on the same machine 17:28 < dw5304> or different 17:28 < kuahara> The document lives on a server in a datacenter somewhere else, not on the client machine. 17:28 < kuahara> If I move the document to the client machine and use the same document viewer to open it, it loads instantly. 17:28 < Poster|n> I had inadvertently had the same certificate/key installed on a old and new (replacement), the end result was that they would "ping pong" their VPN link causing all sorts of trouble 17:28 < dw5304> have you considerd their bandwidth is slow? 17:29 < kuahara> The bandwidth was pretty good when I tested it. I think it was 80up/down. Also, I did a large file transfer between that PC and the file server and could sustain a 45Mbps connection for a long period of time in both directions with almost no variance. 17:30 < Poster|n> Do you have access to a Windows or UNIX host at the same location which you can install/run iperf? 17:32 < kuahara> I may, but give me a minute. I know it's a longshot, but I'm noticing 2 different versions of openvpn are installed at the client machine and it's a different version than what I am running on my work machine. 17:32 < kuahara> The client machine was using a newer version and a separate TAP installer. 17:33 < Poster|n> you may also try a continuous ping to the Buffalo Terrastation while testing to see if you get any indications of packet loss or a latency spike 17:39 < jackbrown> Is there a test I can do to check my Wireless router file transfer speed within my home LAN ? I can connect to it a smartphone in 5Ghz 433Mbps 17:39 < jackbrown> thanks 17:40 < kuahara> There's a freeware app you can use. lanspeedtest, server and client versions 17:40 < Poster|n> iperf is another option as well 17:43 < kuahara> wait.. if I set the MTU on the openvpn adapter to 1272, do I also need to do that on the primary ethernet adapter? 17:43 < kuahara> just hit me that I didn't do that when testing earlier 17:44 < kuahara> also, with the openvpn reinstall, I can ping 4.2.2.2 -f =l 1472 and get replies 17:44 < kuahara> -l * 17:45 < kuahara> just using a different, slightly older version of openvpn. Problem still persists with this version, though. 17:47 < kuahara> I guess on the adapter for the physical nic, there's no option to adjust the MTU 18:01 < dw5304> Deny IP spoof from (63.246.10.X) to 63.246.31.X on interface outside looking for any insight as to how one can fix this :) 18:29 < jackbrown> kuahara, thanks 18:52 < wtflux> hey guys i just ran a port scan across two of my servers for all open ports, is there an easy way to "check" all the ports to see which ports are "serving" http dashboards? for example i know i have a vray license server on port :30304 but what about printers, other license servers w/ http dashboards, etc. is there an easy way to "loop" thru these and check for dashboards? 18:53 < wtflux> i understand that HTTP doesnt have to be served thru port 80 especially on LAN servers such as these, but thats where i run into trouble, how to check if HTTP is running on non port 80 ports? 18:55 < Poster|n> if it's truely http, you should be able to just issue an HTTP GET, if you're running from a *n?x host, you could loop a curl for a list of ports, something like; 18:55 < Poster|n> for n in 80 8080 8100 30304; do curl -v http://192.168.10.100:${n} ; done 18:56 < Poster|n> only those running http will respond 18:56 < Poster|n> well, with an HTTP reponse that is 18:56 < varesa> might want to keep a lookout for those listening to HTTPS as well 18:57 < wtflux> Poster|n: the part -v http://192.168.10.100:${n} ; is the ip of the server right? 18:58 < wtflux> Varesa whats the difference between serving http and listening? 18:58 < wtflux> none? 18:58 < varesa> eh, serving is more what I meant 18:58 < wtflux> I would just be adding HTTPS as well as HTTP to my list of services im checking for? 18:58 < varesa> the point being HTTP vs HTTPS :) 18:58 < Poster|n> yeah sub in your IP of interest for 192.168.10.100 18:59 < Poster|n> if you have a list of addresses in a file called "serverips" you could nest it; 18:59 < wtflux> Ok i get it, but i still dont know what listening is exactly. I hear it thrown around from time to time, is it simply an "address" that is checking or accepting connections across a port? in a "waiting" state? 18:59 < Poster|n> for server in $(cat serverips); do for n in 80 8080 8100 30304; do curl -v http://${server}:${n} ; done ; done 18:59 < varesa> yeah, listening to port is accepting client connections on said port 19:01 < wtflux> Poster|n: last question, because im very noob to linux shell scripts, the bit in the for loop "for n in 80 8080 8100 30304" the numbers are the ONLY ports that will be looped thru? Is there any way i can do 80-65535 ? 19:02 < wtflux> in fact i only wrote my first shell script last friday thats how green i am 19:03 < Poster|n> yeah it is, you can include all but it will produce a lot of output, adjust it to be "for n in $(seq 80 65535) 19:03 < Poster|n> it will try to run curl 65455 times per host 19:04 < Poster|n> you can test seq at your shell, type "seq 1 100" and you'll see it print each number between the first and second argument 19:11 < buu> Does nmap seriously not check for this? 19:11 < buu> This seems like an nmap thing 19:12 < buu> Also there's no reason not to do curl $ip:$port & 19:13 < buu> Also I have this old ass chelsio t320/n320 that only does like 7.5gbps under debian, anyone happen to have some experience making it go faster? 19:14 < Poster|n> nmap can certainly do port scans, I am unaware of a way to make it initiate an http GET or POST natively. I also don't believe it will natively check all 65535 ports (or a large continuous port range) natively, but you can force it to do so with -p 1-65535 or similar 19:16 < varesa> https://nmap.org/book/man-version-detection.html 19:19 < Poster|n> if I am understanding that page, they are correlating port numbers to services, wtflux is looking to find HTTP daemons running on non-standard port numbers which is what prompted the usage of curl 19:19 < varesa> Poster|n: read further 19:20 < varesa> it opens a bunch of connections and tries to talk to the service in order to identify the responding software 19:20 < Poster|n> oh neat 19:20 * Poster|n stands corrected 19:20 < varesa> but it looks like it indeed tries to identify the actual application, not the protocol 19:20 < varesa> like it'll say nginx/httpd/etc.. 19:21 < varesa> but I tried it against a java application running at 8080, it couldn't figure out what it is (despite talking HTTP to it) 19:21 < Poster|n> yeah it may be leaning on service banners/headers 19:22 < varesa> yeah 19:23 < varesa> I like this: "By default, Nmap version detection skips TCP port 9100 because some printers simply print anything sent to that port, leading to dozens of pages of HTTP GET requests, binary SSL session requests, etc." 19:23 < skyroveRR> lol 19:23 < skyroveRR> New for me :D 19:24 < skyroveRR> And exciting :D 19:24 < varesa> I can imagine 20 printers around a building just starting to spew some random code like crazy 19:25 < varesa> and the helpdesk once the calls start coming in various locations 19:25 < Poster|n> bonus points if you go through a ream of dot matrix paper 19:25 < xtrWrithe> varesa: like 15 years ago xD 19:35 < Phil-Work> catphish: thanks (belated) 19:51 < admiralspark> So 19:51 < admiralspark> How do you all deal with documenting ACL's? 19:52 < admiralspark> Just make a table with the rules? 19:52 < admiralspark> looking for a sane way to map this out 19:55 < varesa> documentation, what's that? 19:55 < admiralspark> hahaaaaaaaa 19:55 < admiralspark> tell me about it 19:59 < purplex88> can a server connect to my computer? 20:00 < DoctorDick> Yes 20:00 < purplex88> e.g. can server request my computer for connect 20:00 < purplex88> or is always client makes first connection request 20:00 < varesa> depends on how you define server/client 20:01 < varesa> you need one end that listens on a port and another end that initiates the connection to that port 20:01 < purplex88> opened ports = listening ports? 20:02 < purplex88> suppose my computer has an opened port at 4040 20:02 < purplex88> it has nothing else.. 20:03 < purplex88> can my computer still connect to something? 20:03 < purplex88> if it has no application 20:03 < purplex88> no browser, no client app, no skype etc. no software 20:03 < purplex88> can it make a connection? 20:03 < varesa> the operating system might still have programs that open connections 20:04 < DoctorDick> If there's no software, there's no OS 20:04 < DoctorDick> Because an OS is software 20:04 < purplex88> it has OS 20:04 < purplex88> but say someone knows my local ip address 20:04 < purplex88> can they connect to my computer? 20:05 < DoctorDick> No 20:05 < purplex88> in background 20:05 < DoctorDick> Unless that person is on your local network 20:05 < xtrWrithe> purplex88: as long you run some OS , there will be a TCP/IP stack working 20:05 < purplex88> yes the person is in my local network 20:05 < varesa> they could however just scan the whole address range 20:05 < xtrWrithe> purplex88: as long as you have an IP address asigned on that stack you will be exposed on the network it belongs 20:05 < varesa> it is not that hard to try *every* address 20:05 < purplex88> but how will they connect if theres no app to connect on my computer? 20:06 < xtrWrithe> purplex88: Layer 4 Transport 20:06 < varesa> unless you've firewalled it the OS will by default respond to things like ICMP (for example ping requests) 20:06 < xtrWrithe> purplex88: purplex88 what do you call APP? 20:06 < purplex88> is there an OS built in function which allows connection? 20:06 < varesa> depending on the OS but usually yes, possibly even multiple 20:07 < purplex88> windows 8.1 20:07 < xtrWrithe> purplex88: is called TCP/IP 20:07 < varesa> you really also need to define "make a connection" for us to really get anywhere 20:07 < xtrWrithe> purplex88: https://en.wikipedia.org/wiki/OSI_model 20:07 < DoctorDick> Or it might be easier to tell us what you're trying to accomplish 20:07 < purplex88> well.. 20:08 < xtrWrithe> purplex88: sounds like you are just asking randomly, first time on computers? 20:08 < purplex88> say someone plugs their ethernet to my computer 20:08 < purplex88> can they access everything? 20:08 < xtrWrithe> purplex88: yes 20:08 < purplex88> or say a connection via. wifi 20:09 < xtrWrithe> purplex88: lot of differents vectors but yes at the end 20:09 < varesa> it is one thing to make some low level connection and another thing to get your computer to really do anything useful other than respond "f**** off" and close the connection 20:09 < xtrWrithe> same with wifi 20:09 < varesa> if your system is configured and firewalled properly, they can't access anything 20:09 < varesa> at most they will know that there is a system there but it'll refuse to do anything 20:10 < purplex88> which app or service on my OS will allow this connection to happen? 20:10 < purplex88> is it simply lan network adapter? 20:10 < varesa> I have no idea what numerous things windows runs by default 20:10 < purplex88> i'll disable it 20:10 < varesa> and don't have a machine to test with here 20:11 < varesa> yes, if you disable the network you'll not have issues from people connecting over the network :) 20:11 < kuahara> procmon seems entirely useless in trying to figure out what is going on here 20:11 < varesa> unless they find some fault in the NIC firmware or something like Intel ME and take over the hardware and from there the system anyway 20:11 < purplex88> hm.. 20:16 < purplex88> sounds simple 20:16 < purplex88> its simply a LAN network 20:30 < HrStiefel> someone who works with palo alto networks? 20:32 < varesa> I've touched their stuff once or twice 20:32 < varesa> can't say I really know 'em though 20:35 < HrStiefel> varesa: i have a problem with decryption and skype for business traffic 20:36 < varesa> HrStiefel: sounds like it goes above my knowledge :) 20:36 < varesa> Is the issue with it not being decrypted or skype not working once decrypted? 20:37 < varesa> Could be that skype only trusts the real Microsoft CA to prevent MITM 20:38 < HrStiefel> skype does not work once decrypted 20:39 < wind_swept> what's a worrisome broadcast pps in a /16 vlan ? 20:41 < HrStiefel> i want to exclude that specific traffic, but i can not do it 20:42 < kuahara> ok, so I think qman__ was correct 20:42 < kuahara> I did a wireshark capture on my openvpn interface just now and when I tried to view the image we've been having trouble with, 90% of the entries that showed up are SMB 20:43 < kuahara> when I click one that works fine, 90% or more of the entries are TCP with a few SMB entries mixed in. 20:49 < hex9> is there good way to have open wifi and startup page to have your commercial 20:49 < S_SubZero> Has anyone really been far as decided to use even go want to do look more like? 20:51 < hex9> sort of like wifi garden.. but they all want $ 20:55 < kuahara> hex9, you talking about signing into your wifi via facebook or something like that? 20:56 < mead> rofl, I get some DECA units from directv for free, but they don't send any RF to DC adapters... I can almost hear the At&t executibves laughing at me 21:00 < hex9> kuahara just like a little pop up 21:00 < hex9> when they enter a store so it shows up a book thats on sale 21:00 < hex9> once they connect on our public wifi basically just little pop-up 21:02 < detha> I would certainly hope that is not possible 21:03 < DoctorDick> hex9, So a captive portal? 21:08 < hex9> DoctorDick apperantly it is.. with wifi garden tho but u pay for it 21:08 < hex9> but you have to use their DNS 21:11 < detha> if all you want is a captive portal that releases after time, easy enough - there are some free ones you could probably hack to do that 21:14 < kuahara> I hate the idea of helping anyone wanting to make use of a pop up. 21:14 < kuahara> an unrequested pop up* 21:16 < Apachez> pop pop the jam 21:16 < Apachez> pop it up 21:16 < hex9> its when they try to use the internet 21:16 < hex9> the browser page would be our logo first why not 21:17 < kuahara> even if there are terms and conditions that need to be accepted, I'd propose redirecting them to the page they originally requested as soon as they click the accept button 21:18 < detha> hex9: because annoyance. That would be enough to make me walk straight out of the shop 21:18 < kuahara> not redirecting them to a company page with an ad on it and forcing them to submit their request a 2nd time 21:18 < kuahara> yep. 21:21 < kuahara> That reminds of of this seriously annoying thing happening on the S8+ now where when I submit a request for page or web based service and the phone immediately switched me over to the wifi login screen instead, prompting me to log into some network I don't have the password for 21:21 < kuahara> shit drives me crazy. I wind up disabling wifi on the spot and going back to whatever I was doing. It does this even when 4G/LTE is in great shape. 21:22 < kuahara> Even if wifi is my preferred way to connect, it should only ever try to use it with networks I'm already signed into. 21:30 < hex9> kuahara well many offer it.. but you have to accept the terms.. watch an ad in return perhaps and so on 21:31 < kuahara> yea, I'd nope right out of that 21:31 < kuahara> ok, so on an unrelated note (my original question)_ 21:32 < kuahara> This guy explains exactly the problem I am having: https://blogs.technet.microsoft.com/nettracer/2010/08/11/effects-of-incorrect-qos-policies-a-story-behind-a-slow-file-copy/ 21:33 < kuahara> When I watch a wireshark trace of our document viewer requesting this file, and look at all the TCP lines, there's a .4 second delay on every single one of them 21:33 < kuahara> actually, the delay grows longer and longer with each subsequent entry 21:34 < muffinman8> Hello. Why/how would would a default drop policy on an output chain prevent python from accessing the kernal? 21:34 < admiralspark> kuahara: 21:34 < admiralspark> so 21:34 < admiralspark> SMB? I assume? 21:34 < BenderRodriguez> muffinman8: ##linux 21:34 < BenderRodriguez> I'm assuming you're talking about iptables. 21:35 < kuahara> I think so. I think I am reading the trace incorrectly though. I don't know how to change my output to match the format of his 21:35 < admiralspark> muffinman8: complicated subject, has to do with how networking even locally goes through iptables 21:36 < muffinman8> @benderrodriguez yeah I posted in there as well 21:36 < admiralspark> kuahara: no, if it's SMB, that's exactly how it behaves when it receives too many retransmits 21:36 < admiralspark> it slows the request rates 21:36 < admiralspark> by an increment each time 21:36 < admiralspark> remember, QoS is choosing what traffic you don't care about, not prioritization of certain types of traffic 21:37 < muffinman8> @admiralspark I allowed loopback and established connections though... 21:37 < kuahara> I am letting the tracer run again from the start (when I click the view button) to finish (when the image finishes loading) 21:37 < kuahara> I may need some help with this. 21:37 < admiralspark> muffinman8: can you pastebin your iptables rules? 21:37 < kuahara> There's like 10 zillion SMB 1141 Read Andx response, 1024 bytes lines. 21:38 < kuahara> it gets page 1 of 2, then seems to repeat the process and eventually loads the 2nd page. 21:38 < admiralspark> kuahara: there's always the potential that it's something else too, like bad mtu negotiations :P 21:38 < kuahara> we went down the MTU road earlier 21:38 < kuahara> even when I lowered MTU to 1200 on the client machine on just the vpn adapter, the problem persisted 21:39 < kuahara> I don't know if that rules out MTU or not, but I tested on the command line and it was succeeding at like 1272 21:39 < admiralspark> can you view the switch/router qos queues at time of copy? 21:39 < muffinman8> @admiralspark yeah let me see if I can make one 21:39 < kuahara> I changed openvpn versions and it succeeds at 1472 21:39 < admiralspark> jesus, 12xx is low 21:39 < admiralspark> muffinman8: http://ix.io/ 21:39 < kuahara> yea, I think there was something wrong with the .ovpn file being used with the latest version of openvpn. not sure. 21:39 < admiralspark> ^^ 21:40 < admiralspark> thats something I've seen before, bad adapter settings in the ovpn file 21:40 < kuahara> now I just need someone who knows how to properly read these wireshark logs 21:40 < admiralspark> iirc it had something to do with the encryption scheme set 21:42 < kuahara> where can I look to see if a delay is being added? 21:43 < admiralspark> kuahara: kernel-level polling of the OS? 21:43 < admiralspark> :P 21:43 < admiralspark> just look at the SMB traffic flows 21:43 < admiralspark> in a netflow monitor 21:43 < admiralspark> that'll show you graphically if it's dropping 21:43 < kuahara> is that something within wireshark? 21:44 < admiralspark> do you have retransmits? 21:44 < admiralspark> no.... 21:44 < admiralspark> you'd use a netflow monitor to see it 21:44 < admiralspark> I'm assuming now you don't have one :P 21:44 < admiralspark> can you paste the pcap somewhere? I can look @ it for you 21:45 < admiralspark> kuahara: http://www.lovemytool.com/blog/2017/09/troubleshooting-smb-connection-issue-using-wireshark-by-tony-fortunato.html 21:45 < kuahara> I think this contains just about everything you'd need to wipe out data for multiple cloud customers 21:45 < admiralspark> kuahara: https://osqa-ask.wireshark.org/questions/4472/help-smb-troubleshooting 21:45 < admiralspark> hahaha 21:45 < admiralspark> ahhhhh 21:45 < admiralspark> yeah, time to google then :P 21:46 < admiralspark> that second link has some good stuff to look for 21:48 < kuahara> looking at it now 21:48 < kuahara> if my damn phone will stop ringing 21:49 < muffinman8> @admiralspark I cant even access pastebin or git hub. Yet I can browse the internet fine.... Does github run on a port other than 80 or 443? 21:51 < Casper> Hi, does the newer linux kernel have something about route advertising and discovering? I have 2 nics in my pc and nas, the gbit (192.168.0.0/16) is basically the internet connection, and the 10gbe (10.0.0.0/24) is a direct link to the nas. I get some very weird issue with NFS and even ssh 21:52 < admiralspark> muffinman8: nope 21:52 < Casper> like, earlier, I had 2 ssh session to the nas, one was active, and one died. trying to ssh back I got the no route to host o.O 21:52 < admiralspark> that would be your web filter/firewall prolly 21:52 < Casper> also, nfs was 'paused' 21:52 < admiralspark> Casper: sounds like you have bad routing? 21:53 < tds> muffinman8: what sites are you able to reach? 21:53 < Casper> usual setup is the 10gbe for nfs, but I had issue so I mounted throught the gbit instead... and both ssh was on the gbe instead too... 21:53 < tds> both github and pastebin are ipv4-only 21:53 < Casper> admiralspark: that is why I'm asking, I did not touched the route 21:54 < kuahara> admiralspark when I put smb.cmd == 0x72 into the filter on the trace, nothing shows up in the results. Same when I clear it and filter on: smb.dialect.index == 5 21:54 < kuahara> Does this mean that it is trying to use something other than SMB1? 21:55 < kuahara> That Buffal Terastation only supports SMB1 21:55 < Casper> so I need to fix this like now, I have 1 hour to fix it... 21:55 < admiralspark> kuahara: to confirm, you ARE using smb right? 21:55 < admiralspark> Casper: you need to have routes 21:55 < admiralspark> can you even ping the devices you're connecting to? 21:55 < kuahara> Yes, unfortunately, any connecting clients mapping a drive to the share on that terastation have to have SMB1 enabled or they can't map it. 21:55 < admiralspark> Casper: your machine is now a router 21:56 < Casper> admiralspark: there is routes 21:56 < kuahara> then the software requests the image via j:\path-to-file 21:56 < muffinman8> @tds everything fine youtube, reddit, you name it. However never git hub. Disabled noscript. Also disabled https everywhere. Still no luck 21:56 < admiralspark> kuahara: there's so much wrong with that I don't know where to begin :P so what does the protocol field say on that wireshark trace? 21:57 < kuahara> admiralspark we'd be reliving a conversation I had yesterday. I am vehemently opposed to the way our company does things, but can't change it. 21:57 < Casper> admiralspark: is there anything like route autodiscovery now? 21:57 < admiralspark> Casper: and you can confirm connectivity via, say, ping? 21:57 < Casper> yes 21:57 < Casper> can ping 21:57 < admiralspark> kuahara: haha no I know how it is 21:57 < kuahara> I found mentions of SMB2 in the raw text when I follow the TCP stream, but not sure how to find out what the agreed upon protocol was 21:57 < admiralspark> Casper: reset your NFS stuff then? 21:57 < Casper> and not only ping, but ssh 21:57 < Casper> both server and client has been reboted 21:58 < admiralspark> kuahara: I suspect that was jsut negotiations. I assume your terrastation didnt happen to get WUpdates? 21:58 < admiralspark> Casper: then what's the issue? 21:58 < admiralspark> you said you couldn't do that before and now you can 21:58 < admiralspark> sounds fixed :) 21:58 < kuahara> I doubt it is ever permitted updates of any kind 21:59 < admiralspark> kuahara: it doesn't matter whast you allow or don't on WSUS, windows security updates are pushed out-of-band now and disabling SMB1 happened this spring 21:59 < admiralspark> we had a machine finally get it a week ago 21:59 < kuahara> the terastation is not a windows machine 21:59 < kuahara> It's a Buffalo Nas device 21:59 < admiralspark> It's a buffalo terastation is it not 21:59 < admiralspark> yeah 21:59 < kuahara> yea 21:59 < admiralspark> You're telling me you're running the buffalo OS thing on it? 22:00 < kuahara> I imagine so. I didn't set it up and don't have the login for it. 22:00 < kuahara> I know I can pull up the login screen, just don't have credentials for it. 22:00 < Casper> admiralspark: it used to work fine, then I started to have NFS to stop working, as in it mount, it transfert then the speed drop to basically zero. but then it resume, or not... I tought of an hardware failure, so I remounted via the other nic, which give me 1/10 of the speed but hey atleast it worked 22:00 < kuahara> in other words, I know it's running. 22:00 < Casper> until today, where it did the same 22:00 < kuahara> whether they use it or not. 22:00 < admiralspark> TBH I've only ever worked with Terastations running 2008r2 and newer 22:01 < admiralspark> Id' double check it's not running wserver 22:01 < admiralspark> Casper: there's a million things that could be wrong. I'd start looking at logs. Could be l2, l3, l7 22:02 < Casper> admiralspark: beside dmesg, I don't think there is anything else 22:02 < Casper> and dmesg say: nfs not responding then server ok... 22:02 < kuahara> admiralspark If I try to do something like net use j: \\server_ip\share pass /user:user from a windows 10 machine that doesn't specifically have SMB1 enabled in Windows features, I'll get an error message that tells me I cannot map the drive because it requires SMB1. 22:03 < kuahara> In the latest versions of Win10, SMB1 is turned off by default 22:03 < kuahara> Also, I called Buffalo directly to see if there was different firmware we could use that would enable us to use SMB2+ instead. They said no, there was no such firmware for that model terastation. 22:03 < kuahara> and it wouldn't be getting further updates to support it either. 22:04 < admiralspark> kuahara: right. But. It's a NAS. Server. You can install a different OS 22:04 < admiralspark> most people run a full server for that specific reason 22:04 < admiralspark> anyway 22:04 < admiralspark> I don't 22:04 < kuahara> I'll call and ask 22:04 < admiralspark> know 22:04 < admiralspark> on how to fix it 22:04 < admiralspark> :( 22:12 < kuahara> ok.. so I just talked to our CEO 22:12 < kuahara> As soon as the words SMB1 left my mouth I was hit with, "ok, stop. Let's not go down that road again, we just spent $300,000 on new disk equipment and ...." 22:12 < tds> muffinman8: odd, reddit doesn't support v6, so it's not that 22:13 < kuahara> Anyway, I guess our VP is going to be moving stuff off that terastation at some point and onto whatever this new equipment is. 22:13 < kuahara> He's going to talk to her about moving it tonight. 22:13 < tds> muffinman8: any particular error message, do you get anything useful if you run curl -v https://reddit.com/ ? 22:13 < kuahara> But then said he really doesn't think this has anything to do with SMB1 and he knows I think it does. I had to explain that I really don't know that it does or not, I'm just trying to troubleshoot. 22:14 < kuahara> I just hope this company I am moving off to calls soon. Sometimes those conversations like the one I just had make me uncomfortable. 22:14 < tds> oh wait, my brain isn't working, you said reddit works so try one of the ones that was broken 22:20 <+catphish> Casper: does this happen on both networks right now? 22:20 < Casper> no 22:21 <+catphish> first thing, are both networks totally separate, unconnected from each other, and on different subnets? 22:22 <+catphish> or do they have any infrastructure in common? 22:22 < Casper> 192.168.0.0/16 dhcp 'static' 1gbit pc -> switch -> 1gbit nas 10.0.0.0/24 static 10gbe pc -> 10gbe nas 22:23 <+catphish> so there's no switch on the gigabit interface? 22:23 <+catphish> *10 gigabit 22:23 < Casper> no switch, direct 22:23 <+catphish> ok, but that connection is fine right now? 22:23 < Casper> appear to be fine atleast 22:23 <+catphish> so we can only debug the gigabit connection 22:24 < Casper> ah surprise some message now in dmesg 22:24 <+catphish> Casper: well that's worth reading 22:24 <+catphish> seems to me like one end is just "broken" rather than misconfigured 22:24 <+catphish> but hard to guess for now 22:25 < Casper> [61933.127317] sky2 0000:07:00.0: error interrupt status=0x40000008 [61933.127716] sky2 0000:07:00.0 enp7s0: rx error, status 0x7ffc0001 length 548 22:25 < Casper> will need a reboot on that end... 22:26 <+catphish> yep that's fucked :) 22:27 <+catphish> maybe this is just bad luck, but could be all kinds of bad hardware 22:27 <+catphish> see how it does with a reboot 22:36 < kuahara> The time delta from frame to frame is 0.0000x seconds in every one of these frames. So I don't think this is qos 22:37 < GenteelBen> WHY ARE THERE NO 5GBASE-T HOME ROUTERS 22:37 < GenteelBen> WTF 22:38 < GenteelBen> Don't seem to be any 5GbE network adapters, either. 22:38 < GenteelBen> All in all, this is a disgrace and people should be executed for getting everybody's hopes up. 22:39 < muffinman8> @tds I am not really experienced running the curl command alot but when I curl reddit I get a significant amount more information then when I curl github. I dont get any html when I curl github but I get some html when I curl reddit. Idk if that means anything 22:39 < Casper> does anyone know of a good tool to check for proper networking reliability and benchmarking? 22:39 < Casper> GenteelBen: my NIC is 5GBe capable 22:40 < tds> muffinman8: if you could stick the output of curl -v https://github.com on paste.debian.net, that would be useful 22:40 < Casper> funny enought, the nic do not support 10Mbps :D 22:40 < kuahara> "GenteelBen you don't want 5GbE. And you want to go back to paying a premium to watch ad littered sub prime tv at home." -Your ISP monopoly 22:41 < Casper> 100baseT/Full 1000baseT/Full 2500baseT/Full 5000baseT/Full 10000baseT/Full 22:41 < tds> Casper: yeah, I've heard of that causing issues with new switches and ancient low bandwidth (eg out of band) gear 22:42 < bray90820> Can someone help me manually add an amb share to RuneAudio 22:42 < muffinman8> @tds just pasted it 22:43 < tds> that output looks fine, you'll need to retry it without the www though 22:43 < Casper> 10mbit is long gone anyway. so who care about that old standard, even 100mbit is meh, and you see it only on old gear, junk gear or butcherised laptop 22:43 < tds> since all that's telling you is that www.github.com redirects to github.com 22:43 < Casper> mind you, they put a gbit chip, but a 100mbit magnetics... 22:43 < tds> < HTTP/1.1 301 Moved Permanently 22:43 < tds> < Location: https://github.com/ 22:47 < Casper> hmmm will have to downgrade the kernel on the nas it seems, because I get the same issue... 22:55 < Casper> hmmm I think I have a failed board in my nas... 23:03 <+catphish> Casper: i read that as "in my ass" i think i should sleep soon 23:06 < Casper> catphish: probably I guess 23:07 < Casper> I still get some interrupt issue even with a kernel downgrade so... meh 23:07 < Casper> might be time to upgrade the hardware for a small i3 or something like that... 23:09 <+catphish> ya 23:14 < kuahara> I do a tracert to file server on the other side of the vpn connection. It hits a 5.5.x.y address, then 192.168.249.1, then 192.168.214.14 23:15 < kuahara> wireshark shows TTL exceeded on the very first entry when I did the tracert and on all subsequent entries until the tracert finished 23:15 < muffinman8> @tds ok posted the code when I run curl on the correct url 23:16 < kuahara> is that by itself indicative of a problem? 23:16 <+catphish> kuahara: every hop should return ttl exceeded, that's how traceroute works 23:17 < tds> if you're seeing 5.5.whatever before your rfc1918 addresses in the traceroute, and you don't own that 5.5 space, then something sounds misconfigured 23:17 < tds> muffinman8: can you post the link? 23:17 <+catphish> tds: it's normal for ISPs to use RFC1918 addresses internally 23:18 < kuahara> I click the view button and during the long wait, I am seeing lots of retransmits fly by 23:18 <+catphish> i see them all the time in traceroutes, plus actually this is over a vpn so its probably all internal 23:18 < tds> catphish: oh, I meant if those rfc1918 addresses were their internal network, they were abusing the 5.5 space using it internally 23:18 <+catphish> oh i see yeah, seeing a public address there is odd 23:19 < tds> but yeah, I'd expect most vpn providers to do nat with rfc1918 or the shared address space, since v4 is expensive 23:20 < kuahara> wish I knew what I was looking at in the rest of this trace 23:20 < muffinman8> @tds the code is too long. It says it cant add my entry to the database 23:20 < muffinman8> @tds what do you suggest 23:20 < tds> I'd just post the first 50-100 lines or something 23:20 < tds> either way, if it's all html, then that sounds like it's working 23:21 <+catphish> tds: don't most people use vpn providers for the sole purpose of not having a unique IP anyway 23:21 <+catphish> NAT is a feature for once :) 23:21 * tds wonders when vpn providers are going to start nat66ing all their customers from ula space to one gua address 23:22 < muffinman8> @tds https://paste.debian.net/1030717 23:22 < tds> I've heard of some with "ipv6 leak protection", where they just push you a default route by then null route all the traffic, to avoid it leaking via your actual isp if they have v6 :/ 23:22 < kuahara> wish I could buy someone reddit gold to look at this trace and not sabotage data on the servers 23:22 < tds> muffinman8: that looks fine to me 23:23 < kuahara> but it's worth more than $3 23:23 <+catphish> tds: that seems sensible enough 23:24 < muffinman8> @tds I get the green padlock with the cert of github. But all I get is a white screen 23:25 < tds> catphish: I'm sure some would argue that they should just deploy v6, but again I guess that goes against what lots of people use VPNs for 23:25 < tds> muffinman8: it might be worth checking the browser's console for anything, but if it works with curl then it sounds like it likely isn't the network ;) 23:26 < muffinman8> @tds ok firefox shouldnt be doin this... 23:26 <+catphish> tds: it's just as good if you mask the addresses somehow 23:26 < tds> yeah --- Log closed Tue Jun 26 00:00:13 2018