--- Log opened Sun May 20 00:00:26 2018
00:06 < fuze> djph: ok im going to do some research but if you could let me know what you think that would be awesome!
00:57 < djph> yes, but 2.4 GHz SHOULD be kept to 20 MHz.  There's only three channels that don't overlap (and if you run 40 Mhz, you need two of them)
00:58 < fuze> so you think it would be best not to take advantage of the 160mhz?
00:58 < fuze> or run 4 40mhz?
01:00 < fuze> djph: is it possible to run 4 40mhz channels?
01:03 < pclov3r> Why must people talk like experts on net neutrality when they have zero clue how the Internet works?
01:03 < pclov3r> at least people here do
01:03 < pclov3r> dealt with one moron who said Tier1's are dying and no longer mater as everything is edge based now.
01:05 < fuze> pclov3r: are you from the usa?
01:05 < pclov3r> yes
01:06 < SporkWitch> TIL: i should tell all my customers to get rid of their t1's, because pclov3r said so
01:06 < SporkWitch> sorry, misread, some OTHER moron said that, apologies, mate
01:07 < pclov3r> no problem
01:07 < pclov3r> this idiot also says that somebody like Netflix should get free pipes pretty much because consumers buy upload and download bandwidth at the consumerl evel
01:08 < fuze> would either of you be able to help with my home networking questions
01:09 < SporkWitch> pclov3r: poor phrasing, but not ENTIRELY wrong.  customer's paying for one connection speed, netflix is paying for another, triple-dipping like comcast tried to pull isn't okay; everyone already got paid
01:09 < SporkWitch> fuze: If you have a question, just ask! For example: "I have a problem with ___; I'm running Debian version ___. When I try to do ___ I get the following output ___. I expected it to do ___." Don't ask if you can ask, if anyone uses it, or pick one person to ask. We're all volunteers; make it easy for us to help you. If you don't get an answer try a few hours later.
01:09 < pclov3r> SporkWitch, Of course there is ground for abuse
01:09 < pclov3r> grounds
01:10 < pclov3r> SporkWitch, i'm just shocked nobody said a dman word about the Level3 and Centry Link merger here in the US
01:10 < pclov3r> and the NN people didn't say a damn word about that one
01:10 < SporkWitch> pclov3r: where's the abuse, though?  your customers (as the ISP) are paying you for access; netflix is paying for access.
01:10 < pclov3r> SporkWitch, Abuse on rates
01:11 < SporkWitch> pclov3r: because most people don't know what those companies are, let alone what a backbone provider is
01:11 < pclov3r> no they don't
01:11 < pclov3r> and it creates major issues and any time i try to explain this
01:11 < SporkWitch> pclov3r: i deal with enterprise customers exclusively, and most still don't have a clue
01:11 < pclov3r> i get called a ISP lobbyist
01:12 < SporkWitch> pclov3r: really, i'm kind of okay with consolidation on the backbones, it'll help alleviate the BS like what comcast tried to pull on netflix, but it also requires strong regulation to prevent preferential treatment.
01:13 < pclov3r> I'm not consolidation provides a lack of competition
01:13 < SporkWitch> pclov3r: it's the last mile where we either need to make it a straight-up utility or greatly increase competition
01:13 < pclov3r> yep
01:13 < pclov3r> but the same thing could happen to Tier1's
01:13 < SporkWitch> it does, but infrastructure is a natural monopoly
01:14 < pclov3r> and business will start to face the same issues
01:14 < fuze> i am looking to get a new router and am wondering if i get a tri band router with 160ghz how do i setup the bands?
01:14 < SporkWitch> fuze: read the documentation on the router
01:14 < pclov3r> SporkWitch, but than as you said nobody wants to hear how the interent works
01:15 < SporkWitch> pclov3r: honestly the best thing we could do is reinstate the rules we had after we broke up AT&T.  When you make the infrastructure maintainer and the service provider separate companies you get a positive insentive for both to improve their offerings while reducing prices
01:15 < SporkWitch> *incentive
01:15 < pclov3r> YES
01:15 < pclov3r> but somehow people think that regulating them on price will solve the problem
01:16 < fuze> i dont mean the actual sets to do it i mean is there a better configuration over another. if i have the 2.4 on 20 ghz, do i setup the 5 ghz tri bands on 40/40 or 80/80?
01:16 < SporkWitch> price regulation is always dicey; as long as you prevent unfair and anticompetitive practices, one thing capitalism is _really_ good at is setting prices
01:16 < fuze> steps to do it*
01:17 < pclov3r> SporkWitch, it can't be open free will and can't be overaly bearing as well.
01:17 < SporkWitch> fuze: it's a REALLY broad question, so much so that i'm not even sure how to start googling it to try to prase out a good answer for you
01:17 < pclov3r> but people want to have polar extremes on the issue
01:17 < pclov3r> and nobody in the middle
01:18 < SporkWitch> pclov3r: well at least i'm not the only one that sees that :)  but yes, less regulation is _usually_ better, but no regulation is almost invariably bad.  The trick is fostering competition and setting up a balance that profit incentives align with cusumer interests
01:18 < pclov3r> fuze, You should only use a 20 Mhz channel with 2.4 Ghz and a 40 Mhz channel with 5 Ghz in a residential area.
01:18 < SporkWitch> pclov3r: it's one of the reasons google was so good for so long: their profit incentives aligned with making their customers happy and providing cool new stuff.  also why their taking ideological positions is so bad: they're letting religion get in the way of profit AND consumer interest
01:19 < fuze> SporkWitch: im not sure which questions to ask since i dont really understand this yet, but i just want to know enough to setup the router. i found this: http://bestwirelessroutersnow.com/what-channel-bandwidth-should-i-use/ and i dont understand how using 40mhz channels would be better over two 80mhz channels
01:19 < pclov3r> yeah
01:19 < fuze> also wouldnt i be using 4 40mhz channels?
01:19 < SporkWitch> fuze: that's a more specific question and one much easier to help with :)
01:20 < pclov3r> fuze, wifi actually uses 20 mhz channels. If you set a 80 mhz channel for AC your actually using 4 20 mhz channels
01:20 < pclov3r> and one of them is a primary channel
01:20 < fuze> whats the advantage of lower mhz on 5g bands?
01:20 < pclov3r> lower attenuation
01:21 < SporkWitch> i should actually see if i can do a bit more with mine; crappy neighbourhood, i doubt more than one or two have something other than the horrible all-in-one the ISP bullies them into renting lol
01:21 < fuze> also does 40mhz use two 20mhz channels?
01:21 < pclov3r> path loss ratehr i should say
01:21 < pclov3r> SporkWitch, i jsut really wish people would educate themsleves on how the internet works vs being a echo chamber.
01:21 < djph> fuze: yes
01:21 < at0m> it works using magic
01:22 < djph> ^
01:22 < fuze> why would two 40mhz channels be better over four 40mhz channels?
01:22 < pclov3r> SporkWitch, Perhaps they can't understand what a ASN is, BGP, settlement free vs transit etc.
01:22 < fuze> is 160 tri band just referring to the range of channels available and selecting the mhz is a different thing?
01:22 < pclov3r> let alone traffic policy to balance your traffic between peers
01:23 < SporkWitch> pclov3r: it's the nature of things, and as more and more things get invented it becomes less reasoanble to expect everyone to be an expert; this is another reason some regulation is good lol (ask an ancap, there shouldn't be laws about not poisoning people, let the market boycott them lol)
01:23 < at0m> it would be progress if people knew the difference between wifi and cellular data
01:23 < djph> because if *anyone* is broadcasting *anywhere* in the 160 MHz channel you're using, you have to shutup and wait for them to finish.
01:23 < pclov3r> ^^^^^
01:23 < SporkWitch> at0m: cellular data is radio, wifi is not
01:23 < pclov3r> why 40 Mhz channel should be default for AC imo
01:24 < at0m> SporkWitch: in the sense that i can listen to cellular data and not to wifi?
01:24 < Apachez> spaces: sure it is
01:24 < djph> so 20 MHz is the most likely to work "all the time(tm)", 160 MHz is the "fastest throughput, if no one else is talking".  40 and 80 are in the middle.  It's all a game of give and take.
01:24 < djph> SporkWitch: what?
01:24 < pclov3r> SporkWitch, I guess i should stop trying to waste my time with these people that want to come up with their own opinion on how the interent works
01:24 < djph> SporkWitch: it's *all* radio
01:24 < Apachez> 200MHz gets you braincancer guaranteed
01:24 < SporkWitch> at0m: no, in the sense that cellular data is protected under existing laws regarding radio broadcasts, and the rule saying you can't passively listen to open wifi effectively says "wifi isn't radio"
01:24 < Apachez> what could possibly go wrong? ;)
01:25 < SporkWitch> djph: not according to the american court system :)
01:25 < Apachez> SporkWitch: depends on which country
01:25 < pclov3r> SporkWitch, ignoring 30+ years of how it has worked
01:25 < Apachez> in most countries you are free to listen at whatever goes over the air
01:25 < djph> oh, you're talking the difference between licensed and unlicensed radio bands...
01:25 < SporkWitch> pclov3r: 100+
01:25 < pclov3r> probably more accurate
01:25 < Apachez> but you are not allowed to broadcast on licensed radio bands
01:25 < SporkWitch> djph: no, i'm talking about that idiot that ruled non-secure wifi isn't a non-secure radio broadcast
01:25 < Apachez> and not allowed to forward whatever you picked up while listening to the eter
01:26 < djph> *facepalm* stupids are stupid
01:26 < at0m> Apachez: here you can't listen to wifi unless it's listed as public, you got invited or whatever. even on non-secured wifi.
01:26 < djph> of course it's an insecure radio broadcast
01:26 < pclov3r> SporkWitch, i guess only senior network admins in companies actually how about peering agreements etc.
01:26 < SporkWitch> djph: not anymore :)
01:26 < Apachez> at0m: then how do you join a public wifi then?
01:26 < pclov3r> entry level people will never touch it
01:26 < Apachez> and where is "here" ?
01:26 < at0m> Apachez: when it's advertised as such, like in a bar or coffeeshop
01:26 < SporkWitch> pclov3r: not gonna lie, i only understand them in concept; i've never looked at one in detail, because it isn't relevant to me, generally.
01:26 < SporkWitch> Apachez: USA
01:26 < at0m> Apachez: belgium
01:27 < Apachez> belgium is part of EU so I doubt the rules are much different from the onces in sweden
01:27 < pclov3r> SporkWitch, same here but it makes sense to me.
01:27 < Apachez> so I would say you misinterpret something
01:27 < SporkWitch> at0m: i suspect he's referring to actually CONNECTING to the AP, in which case, yes, there are already laws in the US and elsewhere that prohibit unauthorized ACCESS to a network.  I was just talking about a plaintext radio broadcast and passive listening, though :)
01:28 < fuze> ty everyone
01:28 < pclov3r> SporkWitch, do you deal with Tier1's directly or no?
01:28 < at0m> SporkWitch: so passive snooping is ok. lol. suits me.
01:29 < at0m> getting late, i'm off. good eve and all!
01:29 < SporkWitch> at0m: well that's what i'm talking about.  that was the braindead ruling in the US: google was passively listening to plaintext radio broadcasts, and the judge ruled that non-secure wifi doesn't count as a plaintext radio broadcast, and as such is NOT legal to passively listen to.  it amounts to saying that you can shout at the top of my lungs, and everyone around has to pretend they didn't hear
01:30 < SporkWitch> pclov3r: not directly.  if a customer is having connectivity issues and they have a t1 with us i'll check the logs and error counts, but once i've identified the issue i pass it off to another team who deals more directly with the carrier
01:31 < pclov3r> ah
01:31 < Apachez> SporkWitch: murican judges are fraud
01:31 < SporkWitch> pclov3r: ironically, they're listed as NOC monitoring in the menu system, but i've had them call and ask me networking questions >_<
01:31 < SporkWitch> Apachez: sometimes you get a good one, like Alsup in the first round of oracle v google
01:31 < Apachez> wifi uses a radio transmitter
01:31 < pclov3r> "I fail to see what the problem is.  The concept of a Tier1 provider is becoming irrelevant in the age of peering and edge distribution.  Why does the Internet even need a "core"?  More than 60% of my network's traffic is peering or CDN edge." was the dumb comment i was talking about earlier SporkWitch
01:31 < Apachez> ergo its a radio broadcast
01:31 < Apachez> ergo you are free to listen to whatever is sent on the unlicensed 2.4 and 5.0GHz bands
01:32 < SporkWitch> not anymore lol
01:32 < pclov3r> SporkWitch, it also ignores the fact that anycast CDN exists
01:32 < djph> it almost sounds like there's supposed to be something more to that ruling
01:32 < Apachez> pclov3r: because its not cheap to put down a fiber cable between EU and murica
01:32 < SporkWitch> much like coffee causes cancer (but only in california) wifi is not radio, but only in america
01:32 < Apachez> or EU and asia
01:32 < Apachez> or asia and australia
01:32 < Apachez> and so on
01:32 < pclov3r> yep it's not
01:32 < Apachez> so in my opinion those who move traffic across continents are tier1
01:33 < Apachez> tier2 within continents
01:33 < Apachez> tier3 within countries
01:33 < Apachez> and so on
01:33 < pclov3r> it's not set in stone and can be subjective of course
01:34 < SporkWitch> software patents depend on similar insanity.  no BS, in terms of US law, when you run a program on a general purpose computer, that general purpose computer becomes a completely new PHYSICAL invention, and it's THAT that the patent is on (the same ruling said software itself can't be patented, which is correct, because it's math, which can't be patented)
01:34 < pclov3r> IMO a Tier1 is somebody who can get data form one end point to another without having to rely on somebody else
01:34 < djph> SporkWitch: I mean, like, it almost seems like the judge is trying to avoid the implication that it's legal to "listen to(tm)" wifi transmission in general (because let's face it, SOMEWHERE down the road, some breach would happen with some basic "sniff the air" attack and they ... )
01:34 < Apachez> which part of "in my opinion" was it you didnt understand? ;)
01:34 < pclov3r> i missed that sorry :)
01:34 < Apachez> SporkWitch: but running pirated software on a computer means its not a computer any longer
01:34 < pclov3r> Tier2 is somebody like Comcast but they do own a Tier1 network so it makes it tricky.
01:34 < Apachez> so you are not breaking any laws by running pirated software ;)
01:34 < pclov3r> how to define somebody like that
01:35 < Apachez> pclov3r: telia company is another example
01:35 < Apachez> they co own some ocean links
01:35 < SporkWitch> djph: as i've said in the past, the issue isn't making it illegal, the issue is HOW they did it. There's an explicit legal exception for cordless phones, because it was determined that phones had a reasonable expectation of privacy, but their use of plaintext radio meant that, legally, anyone could listen in.
01:35 < djph> yeh
01:35 < SporkWitch> djph: rather than make an absurd ruling that said cordless phones aren't radio, laws were passed to create an exception
01:35 < djph> it's all a mess
01:36 < Apachez> but in short tier1 should be an isp where a single AS is used both at site A at continent X and site B at continent Y
01:36 < Apachez> so you never change AS along the road
01:36 < SporkWitch> djph: if we INSIST that non-secure wifi not be listened to, then it needs to be done through law, not through a nonsensical court ruling that has wider consequences.  because again, the effect of this ruling is to overturn centuries of law stating that non-secure broadcasts are not private
01:36 < Apachez> tricky part here is "so what about if you tunnel the traffic through he.net?"
01:36 < SporkWitch> *over a century
01:36 < pclov3r> Apachez, can't they use multiple ASNs in some cases?
01:36 < Apachez> this way I can expose a single AS towards my customers
01:36 < pclov3r> but they are the same network
01:36 < Apachez> even if I dont even own the fiber outside the building
01:37 < Apachez> so techincally the packets remains within the same AS
01:37 < pclov3r> yeah
01:37 < Apachez> even if I outside the tunnel uses other ASes
01:37 < SporkWitch> djph: that said, i still wouldn't support it, because the very nature of a non-secure AP precludes a reasonable expectation of privacy.  you connect without doing anything but clicking on it in a list, the initial setup warns you about it, and modern operating systems all warn you when you connect.  at no level do you have a reasonable expectation of privacy on non-secure wifi, and as such, no
01:37 < spaces> catphish it can be but the max will allways be wirespeed
01:37 < SporkWitch> protection should be afforded to stop people simply listening passively
01:38 < spaces> catphish depends on your backend if it's doing distributing and such, not een HA
01:38 < spaces> even
01:40 < SporkWitch> djph: hell, under the current ruling i might even argue that a radio station has the right to go after people for listening to it; if i, as the broadcaster, say "if your name is not joe smith, change the channel now" i'd have done MORE than the "victims" in that google case, and it's still every bit the same open broadcast as non-secure 802.11
01:41 < SporkWitch> djph: (it probably wouldn't hold up, because even though it's logically consistent with the ruling, the ruling wasn't based on logic, but the judge's personal feelings)
01:41 < pclov3r> SporkWitch, i should probably stop going on but I'm sure Netflix would love settlement free peering as they see fit. That would free them of alot of cost.
01:42 < SporkWitch> pclov3r: it's hard for me to feel bad for the ISP in those scenarios; their margins are enormous, they overprovision like crazy, they don't give you anywhere near what they advertise, and realistically, their customers are paying for netflix when they pay their ISP, it's one of the main things they're interested in, and at the end of the day, it shouldn't matter where it's coming from.  your
01:43 < SporkWitch> customers are requesting more traffic from peer A? how is that netflix's problem? netflix is paying their bills, a third party (comcast) shouldn't be able to try to bill netflix extra, it's something they need to deal with their direct peer on, who is probably already paying them too
01:44 < SporkWitch> pclov3r: i'd also argue something along the lines of requester-pays, just due to the nature of the relationship.  netflix isn't a mass marketer sending out a bunch of cold calls or asking to send people stuff; people request they send them stuff
01:45 < pclov3r> i think what stated this entire debate
01:45 < pclov3r> tho historically it's worked that each side pays for the pipe
01:46 < pclov3r> SporkWitch, i think what started the debate is Netflix had settlement free peering that got congested in light of the NN issues.
01:48 < Apachez> funny how once you get big enough you get settlement free peering
01:48 < Apachez> but if you are a smaller player you have to pay all sort of snakeoil prices
01:48 < pclov3r> lol yeah
01:49 < spaces> pclov3r netflix will never do free peering, or at least not to everyone
01:49 < SporkWitch> i've said it before: the natural end state of a true free market is monopoly; it's only regulation that can prevent it.  (and before some ancap flips out, that doesn't mean that bad regulation can't create monopolies too)
01:50 < pclov3r> IMO net neutrality simple needs to be no ISP can block services for anti-completive reasons or block websites and demand extra payment like YouTube for example.
01:51 < pclov3r> as for peering i have no idea how you'd do that
01:52 < pclov3r> spaces, afik nobody will do settlement free until you get to at least a 60/40 traffic split.
01:52 < SporkWitch> pclov3r: so it's okay to throttle them and set up fast lanes?
01:52 < pclov3r> i should have added that as well
01:52 < spaces> pclov3r indeed or you need to buy openpeering ;)
01:52 < pclov3r> fast and lanes and throttling is going to be a heated debate with peering
01:52 < spaces> or some IX, but still then on an IX can you rout to an AS but if someone does not route back...
01:53 < SporkWitch> not so heated if we go back to the post-AT&T-breakup rules :)
01:53 < pclov3r> that seriously needs to happen
01:53 < pclov3r> when the broke up at&t and CELC could occur things where much better
01:54 < pclov3r> CLEC rather
01:54 < pclov3r> SporkWitch, i figure ISPs could claim we don't throttle yet we have badly congested peering points for all services verizon *cough*cough*
01:55 < SporkWitch> it just happens the congestion is intentional lol
01:55 < pclov3r> as you said we need last mile competition
01:55 < pclov3r> but it seems nobody wants to address that
01:55 < SporkWitch> my current ISP is great :) i get 99.9% of advertised, and they don't give a shit what i do :)
01:56 < pclov3r> i use Comcast here since again they are the monopoly here
01:56 < SporkWitch> last mile competition is hard because it requires cables in the ground; only so much room
01:56 < pclov3r> it works most of the time
01:56 < pclov3r> SporkWitch, it doesn't help matters when cities are allowed to sign contracts to block competition
01:56 < djph> SporkWitch: definitely.
01:57 < pclov3r> If you wanted to go to some city and start a ISP you'll likely get rejected
01:57 < SporkWitch> pclov3r: it was a way to get buildout early; such agreements haven't existing in 20+ years, if not longer
01:57 < pclov3r> even if you front the cost
01:57 < pclov3r> they do in the US
01:57 < SporkWitch> i'm talking about the US
01:57 < djph> SporkWitch: who you runnin' with?  Someone smalltime in the midwest?
01:58 < SporkWitch> djph: https://www.greenlightnetworks.com/
01:58 < pclov3r> those contracts exist in the US
01:58 < SporkWitch> pclov3r: 30 years ago
01:58 < djph> that's up fingerlakes way, isn't it?
01:59 < SporkWitch> pclov3r: what you may be thinking of is cases like south carolina, where the ISPs forced through a bill that said the city could use taxpayer money to build infrastructure, but they had to sell them access at cost
01:59 < SporkWitch> pclov3r: needless to say, the initiative died before it started, because the whole point was getting away from the ISPs that were fucking everyone
01:59 < SporkWitch> djph: yup
01:59 < pclov3r> it was stupid
02:00 < djph> beautiful country thataway, I hear
02:00 < pclov3r> here they have a franchise agreement with Comcast
02:00 < SporkWitch> djph: college area, there's a relatively high degree of stupid these days
02:01 < pclov3r> SporkWitch, but for the ISPs that actually want to provide a competitive service they will get a black lash from NIMYBs and months of approvals and delays instead of greenlighting it.
02:01 < pclov3r> that occured here
02:01 < pclov3r> a local ISP working on FTTH but they had to go though months of red tape
02:01 < spaces> I like it, monday a day off :)
02:01 < pclov3r> even tho they a fully footing the bill now
02:02 < SporkWitch> pclov3r: that has nothing to do with an ongoing exclusivity deal and everything to do with limited room, disruption from construction, etc., combined with legal bribery
02:02 < pclov3r> yeah there is that too. IMO they need to cut the red tape and let people do it.
02:03 < pclov3r> and not take years to approve it
02:03 < pclov3r> there is at&t here as well. Funny part is when the local ISP is doing this at&t is now starting to deploy fiber too
02:04 < SporkWitch> and then you have chaos; have you seen pictures from the industrial revolution?  the cables EVERYWHERE?
02:04 < pclov3r> SporkWitch, of course like everything there is reason
02:05 < spaces> no-one a day off monday ?
02:05 < Apachez> you want a reason?
02:05 < Apachez> YOU CANT HANDLE THE REASON!
02:05 < spaces> Apachez no-one can handle you
02:05 < SporkWitch> no there isn't, not without regulation; you can't have it both ways.  Either there's red tape and permits, or you get to reenact those knots of cables from the industrial revolution
02:05 < dogbert2> bwhahaha
02:05  * Apachez pets himself and sings soft kitty...
02:06 < spaces> dogbert2 heh you only pickup the good jokes today :P
02:06 < Apachez> pclov3r: you gave me a small boner when you mentioned CELC
02:06 < Apachez> but that faded fast when you corrected yourself into CLEC
02:06 < SporkWitch> spoiler: his boners are always small; you can guess why ;)
02:06 < spaces> Apachez keep that information for yourself, you are in a BigMansClub here ;)
02:06 < pclov3r> SporkWitch, IMO redtape defines excessive regulations that makes impossible for anybody to do something about it.
02:07 < pclov3r> when it takes forever to get anything done
02:07 < dogbert2> this NAS is pretty good, though the built in backup solution from PC to NAS definitely sucks ass
02:07 < Apachez> spaces: is everything food too you?
02:07 < pclov3r> and it becomes so costly you say forget about it
02:07 < SporkWitch> pclov3r: then we don't have redtape, by your definition; what we do have are legal bribes and ways to intentionally slow things down
02:07 < Apachez> BigMacsClub wtf?
02:07  * spaces spreads the news, Apachez admitted he has a tiny one :P 
02:07 < Apachez> if you pull the bluetape everything continues as before
02:07 < Apachez> if you pull the redtape all hell breaks lose
02:07 < SporkWitch> in any case, it's beer oclock; o/
02:07 < pclov3r> SporkWitch, depends how you look at it but there is both imo
02:07 < Apachez> loose
02:07 < Apachez> moose
02:08 < spaces> Apachez I don't see your boner as food, sorry for you mate, find someone else ;)
02:08 < Apachez> spaces: everything is relative....
02:08 < spaces> Apachez indeed ;)
02:08 < pclov3r> SporkWitch, perhaps as you said perhaps re-instating the rules after the at&T breakup is the best way to deal with it.
02:11 < spaces> Apachez we can forget what you earlier said about your little mate because of the GDPR ;) just ask
02:11 < pclov3r> SporkWitch, when it comes to red tape IMO there is a reasonable regulations that make sense and can be done quickly vs being overly bureaucratic and having to go though multiple agencies for approval and taking forever. Perhaps as you said this has to do more with legal bribery.
02:12 < pclov3r> lol nice phishing email english "We discover bill payment been send out of your account, we current suspend all access to your account, we current suspend all pending or schedule transaction you authorized or not been authorized"
02:12 < spaces> pclov3r do I need to change that line you think ?
02:13 < pclov3r> lmao
02:13 < spaces> it was actually generated onto your IQ :P
02:13 < spaces> based onto
02:13 < spaces> or i have old NSA info
02:13 < pclov3r> wonder if it's botched google translate
02:14 < Apachez> spaces: so thats what you call your penis? "your little mate"?
02:14 < pclov3r> lmfao
02:14 < Apachez> its ok...
02:14 < Apachez> nothing to be ashamed of...
02:15 < Apachez> https://i.redd.it/4pybdxldx1yy.jpg
02:15 < spaces> Apachez no my big friend
02:15 < spaces> Apachez I only like huge friendships
02:16 < spaces> I can only sleep for 3 hours :S
03:50 < blurry_light> anyone use CloudFlare's DNS server? 1.1.1.1
03:50 < blurry_light> is it any good?
03:52 < tds> blurry_light: the numbers I've seen generally show pretty low latency, so it sounds good to me
03:52 < tds> personally I'd say to run your own recursive resolver rather than using one provided by some company, but that's just me
03:58 < redrabbit> i use it
03:59 < nomercy777[m]> What's so special about that DNS server?
04:00 < blurry_light> its speed, seemingly
04:00 < varesa> new and shiny
04:00 < varesa> and according to them, faster
04:01 < blurry_light> well, that's why I said seemingly
04:01 < blurry_light> it's why I came here to ask if, indeed, it's worth it
04:02 < varesa> I wonder if you can notice any difference between any of the decent ones
04:02 < varesa> like sure one might be 5ms faster than the other...
04:03 < varesa> apparently for me 1.1.1.1 takes ~5ms while 8.8.8.8 for instance takes around 50ms
04:04 < varesa> but still, not that those milliseconds matter that much
04:04 < blurry_light> interesting... that's actually a whole order of magnitude, though i'm not sure if that's something we can readily notice as humans
04:05  * varesa runs his own resolver and gets "0ms" resolution times for repeated requests
04:07 < varesa> the only way those milliseconds would be meaningful would be if an application did lots of requests in series
04:07 < varesa> like that 45ms difference x 20 is 0.9 seconds of waiting
04:08 < tds> I get "0ms" to cloudflare's resolver according to dig, but I suspect that querying from a box peered with them is cheating ;)
04:08 < varesa> but I'm fairly certain that anything that deals with loading lots of resources does so in parallel or somewhat pipelined
04:08 < blurry_light> tds, lol, yeah
04:09  * varesa logs into resolver and runs dig
04:09 < varesa> now that's cheating ;)
04:10 < tds> some of the security features in cloudflare's resolver sound neat though (eg dns over tls), assuming you trust cloudflare
04:13 < varesa> cloudflare gets half your internet traffic anyway :)
04:13 < varesa> well maybe not half but I'd imagine some significant amount anyway
04:19 < varesa> at some point I was thinking about DIYing a GPS-NTP clock just for fun
04:20 < varesa> but I kinda lost motivation when I noticed that I had sub-millisecond latencies to the local university NTP servers which IIRC were reporting as stratum 1
04:32 < Falkaofalk> Hello all, I have the following problem: Running latest CentOS with Apache. Then, I have got a domain, which points to my routers external IP. Inside the router I forwarded ports 80 and 443 to the locals server IP and added firewall exceptions on the Server. I also included the dns servers of the domain provider to the servers DNS's. I can access the server via the domain from inside my local network, but not from outside. Would appreciciate any
04:32 < Falkaofalk> help/ideas. Btw I am really new to networking and Linux so I might just have done some stupid mistake. Thank you in advance :)
04:34 < varesa> Falkaofalk: what is the external IP? (at least two or three first octets)
04:34 < Falkaofalk> 95.157.27
04:34 < spaces> cloudflare.. just create your own CDN, it's simple as f*ck
04:35 < nomercy777[m]> Do tell
04:36 < varesa> Falkaofalk: does the hostname resolve to the IP externally? E.g. if you run `dig yourhost.name @8.8.8.8`
04:36 < spaces> his full IP is 95.157.27.26 ;)
04:37 < spaces> Falkaofalk the port does not seem to be open/forwarded right ?
04:37 < Falkaofalk> yeah something seems broken
04:37 < spaces> have you set as outer port 80 and 44 as well ? keep them empty
04:37 < spaces> 443
04:37 < varesa> I doubt the issue is on the server if it works from the internal network
04:38 < spaces> varesa I think he bounded outer ports to 443 and 80 as well.
04:38 < Falkaofalk> lemme check the dig command real quick.
04:38 < varesa> and if it is using the external IP from the internal network as well then the router should have at least somewhat functional NAT configuration as well
04:38 < spaces> you never know where a client comes from
04:38 < Falkaofalk> no, i forwarded 80 tp 80 and 443 to 443
04:39 < spaces> Falkaofalk screenshot please
04:39 < varesa> Falkaofalk: if that was your IP above (.27.26) then the dig part should be irrelevant
04:39 < Falkaofalk> screenshot of router port forwarding?
04:39 < spaces> yes
04:39 < varesa> there's source port, destination port and translation port. Should be any,80,80 and any,443,443
04:40 < spaces> indeed, you never know the source
04:40 < varesa> but the fact that it works internally makes me wonder if the ISP blocks the ports
04:40 < spaces> varesa likes to come from 666 for an examples
04:40 < spaces> varesa these days ?
04:41 < varesa> I wouldn't be too surprised
04:42 < Falkaofalk> well yeah the issue is that my router has a shit interface...
04:42 < Falkaofalk> https://ibb.co/e7JCO8
04:42 < Falkaofalk> might be a setup issue aswell
04:42 < spaces> and now firewall
04:43 < spaces> looks good there
04:43 < spaces> oh !
04:43 < spaces> can you try to let the external IP on 0.0.0.0 ?
04:43 < Falkaofalk> will try that sure
04:45 < Falkaofalk> https://ibb.co/kRVbi8
04:45 < Falkaofalk> firewall settings
04:45 < spaces> Falkaofalk FW of your router ;)
04:45 < Falkaofalk> oh ^^
04:46 < Falkaofalk> says no ports restricted
04:46 < spaces> huh ? all open ? I doubt it
04:46 < spaces> what brand ?
04:46 < Falkaofalk> https://ibb.co/m4rowT
04:46 < varesa> you could also try an external port of lets say >5000
04:46 < Falkaofalk> brand is technicolor i really hate it.
04:47 < Falkaofalk> probably will grab a new one
04:48 < spaces> yes or varesa his satan port, he likes it :P
04:48 < Falkaofalk> cannot set 0.0.0.0 as external ip
04:49 < spaces> ok
04:49 < Falkaofalk> did you mean adding a port forward to a different port?
04:49 < spaces> I wonder if it does auto FW allow on NAT
04:49 < Falkaofalk> sorry, im really new to this
04:50 < varesa> Falkaofalk: yeah
04:50 < Falkaofalk> I already experienced issues with NAT regarding my router in online games
04:50 < varesa> test if ISP block <1024 or common ports like 80/443 or something
04:51 < Falkaofalk> so both internal and external ports f.e. 5555 or should external port forward to 80?
04:52 < varesa>  5555 -> 80 for example
04:53 < Falkaofalk> 5555 -> 5555 works but 5555 to 80 dosent
04:53 < varesa> works? how?
04:53 < Falkaofalk> well i can create the forward
04:54 < varesa> ah
04:54 < Falkaofalk> but the router dosent accept 5555 -> 80 apperantly
04:54 < varesa> it doesn't let you add 95.157.27.26:5555-5555 -> 192.168.0.14:80-80?
04:55 < Falkaofalk> yep
04:55 < Falkaofalk> oh wait
04:55 < Falkaofalk> i tried internal port 5555...
04:56 < Falkaofalk> and i think my router just crashed
04:56 < varesa> lol
04:56 < varesa> sounds like an amazing piece of tech :)
04:57 < Falkaofalk> 95.157.27.26:5555-5555 -> 192.168.0.14:80-80
04:57 < Falkaofalk> works
04:57 < varesa> doesn't seem to really work though
04:57 < Falkaofalk> yeah
04:58 < Falkaofalk> sorry meant I could add the forward
04:58 < Falkaofalk> cannot access the server tho
04:58 < varesa> I figured
04:58 < Falkaofalk> so it may have to do with the NAT of the router?
04:59 < varesa> possibly
05:02 < ash_mobile> So, I started setting up vms to test network configurations using virtualbox. There are some elaborate things you can configure, but vbox is not the most shareable thing. So I turned to vagrant, since you can source control a vagrantfile, but this doesn't use all the features available to vbox. Is there anything you all use in particular?
05:06 < varesa> I use libvirt(KVM) via virsh/virt-manager
05:06 < varesa> with or without openvswitch for networking
05:07 < Falkaofalk> varesa: I also got a "Port Triggers" page in my router setting which seems to be similar to port forwarding
05:07 < Falkaofalk> https://ibb.co/kA98wT
05:09 < Falkaofalk> i like the typo in the description of the function. such a high quality device ^^
05:16 < ash_mobile> varesa can you source control the configuration using libvirt?
05:18 < varesa> ash_mobile: it is stored as an XML you can export do whatever you want with
05:19 < tds> varesa: out of interest, how is the openvswitch integration with libvirt? I'm using proxmox at the moment which makes it easy to give VMs interfaces on specific VLANs (or with a group of tagged VLANs), is there something similar with libvirt?
05:20 < varesa> you can move VMs between machines by running `virsh dumpxml yourvm > yourvm.xml` on one host and `virsh define yourvm.xml` on another, assuming that you either copied the disk image as well, the hosts have shared storage or it doesn't need one
05:22 < varesa> tds: here is the XML config of one of the "networks" defined on one of my libvirt boxes: https://paste.esav.fi/ibuzajonam.xml
05:23 < varesa> then I can assign VM interfaces e.g. network=intnet, portgroup=vlan-trunk
05:23 < tds> ah, that's exactly what I was hoping for, thanks :)
05:24 < varesa> Falkaofalk: trying to figure out what those *actually* do is too much to do at 6AM :p
05:24 < Falkaofalk> varesa: yeah dont worry about it ^^
05:26 < varesa> on the other hand it is nice to have something to think/chat about as this shift has been dead quiet
05:27 < Falkaofalk> I figured that i got a modem router combination. Since I would like to replace it with a better one, can you (or anyone else) recommend such a combo?
05:27 < Falkaofalk> Oh you are at work? :O
05:29 < varesa> Falkaofalk: what modem? DSL? Cable/DOCSIS?
05:29 < varesa> and yes, at work monitoring stuff
05:30 < Falkaofalk> well its a 2 in 1 unit. let me see if I can find it online
05:32 < Falkaofalk> its a cable modem form what i can tell
05:32 < Falkaofalk> Technicolor TC7200.20
05:33 < Falkaofalk> but cannot find any english manuals for it...
05:33 < varesa> yeah, looks like some cable DOCSIS stuff
05:33 < Falkaofalk> i think that says enough ^-^
05:33 < varesa> I've never had cable so can't comment much. I've heard Surfboards mentioned a lot but that's all I can say
05:35 < Falkaofalk> Thanks for the hint. I will look into it. I might aswell just call my ISP and ask them about how to access a local machiene
05:42 < Ashstar> I need to hook up with someone w good business writing abilities
05:43 < Ashstar> I mean good prospectuses
05:43  * varesa leaves to wander the isles of the datacenter below him
05:44 < Falkaofalk> In the networking channel? What exactly do you mean
05:44 < Ashstar> business plans, with track records ie- Elance
05:44 < Ashstar> I know
05:44 < Ashstar> networking bout the closest thing listed on irc freenode
05:45 < Ashstar> need some business minded writers
05:58 < SynfulAck> which is the correct network statement to include all of the 172.16 private address space, 172.16.0.0 255.240.0.0 or 172.31.0.0 255.240.0.0?
05:59 < spaces> Falkaofalk fixed ? I was devving, sorry
05:59 < varesa> 172.16.0.0 something
05:59 < SynfulAck> Thats what i thought but i got it written differently in my vlan
06:00 < Falkaofalk> not yet unfortunately. Router seems set up correctly but it still does not work
06:00 < Falkaofalk> might still have to do with some configuration of the server or my router having issues with NAT
06:01 < spaces> hell inplementing Google services is a LOT of work!
06:30 < skyroveRR> Morning, folks.
08:43 < cluelessperson> So i'm setting up my firewall generally for my network, but I'd like to allow all my debian server subnet access to ftp.us.debian.org or similar IPs
08:44 < cluelessperson> how do I get the range they typically use?
08:44 < cluelessperson> just use dig?
08:45 < detha> you make a script that runs every couple of hours, runs dig +short, and puts those addresses in an ipset.
08:45 < skyroveRR> :)
08:46 < at0m> cluelessperson: you can set up apt-cacher-ng that has access to these sites. and students can access the acng proxy.
08:46 < at0m> cluelessperson: that would be much more efficient bandwidth-wise, too
08:47 < cluelessperson> at0m: hmm, I actually happen to have an aptcache machine setup. :)
08:47 < at0m> cluelessperson: voila :)
08:47 < at0m> cluelessperson: then you know how you can cache for other repo's too, etc
08:48 < at0m> server subnet? how did i come to make students of that? lol. more coffee.
08:52 < cluelessperson> at0m: debian preseeding is a pain in the ass unfortunately.
08:53 < detha> there is something call apt-mirror
08:53 < detha> *called
08:54 < linux_probe> FAP mirror
08:57 < at0m> cluelessperson: /msg dpkg preseeding if you haven't yet. and, probably, #debian can help out
09:04 < cluelessperson> at0m: thanks for the help
09:05 < at0m> you're welcome
09:12 < cluelessperson> at0m: thanks for the idea.  Now I can completely block all port on those servers except for what they specifically need out :D
09:13 < skyroveRR> :)
09:13 < skyroveRR> Don't lock yourself out, though.
09:14 < cluelessperson> skyroveRR:  already done. :D
09:14 < cluelessperson> IPv4 and IPv6
09:15 < linux_probe> lololol
09:17 < cluelessperson> linux_probe: what's funny?
09:18 < linux_probe> <skyroveRR> Don't lock yourself out, though.
09:18 < linux_probe> <cluelessperson> skyroveRR:  already done. :D
09:18 < linux_probe> nough said
09:22 < very_sneaky> hi all, I've got a question regarding error control at the data link and transport layers. I understand that error control serves different purposes for each of these layers, but what I'm not clear on is whether they use/prioritise different methods. Can anybody shed some light on this for me? Cheers
09:22 < very_sneaky> From what I've been able to find in my research so far they seem to use the same methods
09:27 < LeelooMinai> I am looking for humans. I need help.
09:27 < LeelooMinai> I see 1217 nicks. Is any of those a human?
09:28 < LeelooMinai> I am not a troll. This is a serious question.
09:29 < LeelooMinai> I cannot see humans here. I am so alone.
09:30 < LeelooMinai> I will seek until I can find one.
09:42 < detha> very_sneaky: all error detection/error correction is basically 'make your data redundant'. Parity bits do that at the octet level, checksums/CRCs at frame or packet level. Depending on what you can do when you detect an error, and on if you are more worried about single-bit or burst errors, you use one or the other
09:43 < linux_probe> redundancy LOOOOL
09:45 < very_sneaky> detha: so those are the detection and correction techniques (i think i'm delineating correctly here), what I'm more interested in is the ARQs - Stop and Wait, Go-Back-N and Selective Reject. are these all implemented by the transport and data link layers?
09:46 < very_sneaky> my understanding is that this is "error control" - what to do when errors have been detected. happy to be corrected though, i'm literally just learning about this
09:47 < detha> Each layer can implement error detection. There is also L7 error detection (like CRCs in .zip files).
09:49 < detha> Mostly it's semantics, but split it into 'error dectection' and 'error correction'. Detection: you know it's wrong, but you tell the layer above you 'something went wrong, dunno'. Error correction: you see it's wrong, and you deal with it within the layer (NAK, selective ACKs, etc)
09:50 < detha> (or for FECs: you see it's wrong, and you can reconstruct the right thing from the extra bits)
09:50 < very_sneaky> yeah alright. so to confirm, any of these techniques is as applicable to any layer as another, depending on the specific application?
09:51 < detha> yes
09:51 < very_sneaky> excellent, thanks for the help mate :)
09:53 < cluelessperson> So all, Unifi responded to my bug reports and apparently put out a fix for the firewall resetting stuff. :D
09:54 < linux_probe> if it waas that fscked, of course they woukd
09:54 < linux_probe> show us the bug report and results
09:55  * linux_probe feels not bad about calling out swiss-cheese bulshit CPU's, bios/UEFI
09:55 < linux_probe> :))))
09:55 < linux_probe> aka government backdoor
09:56 < linux_probe> fucking the govt andf foreing govts isnt the intended, helping to unfuck common sheeple is
10:13 < system16> Hi. im trying to block a url. my modem has this feature : url filtering . but when i cp this https://www.google.com/search?q=potato+mashed&rlz=1C1CHBF_enIR765IR765&oq=potato+mashed&aqs=chrome..69i57j0l5.4481j0j7&sourceid=chrome&ie=UTF-8 it says Url address must be less than 128 characters
10:13 < system16> btw that link was an example
10:15 < system16> should i use bit.ly ?
10:17 < system16> ?
10:18 < at0m> system16: why not just clean up that link and do away with the aqs, sourceid etc
10:18 < system16> what ?
10:19 < at0m> system16: https://www.google.com/search?q=potato+mashed takes you to the same page.
10:19 < system16> oh
10:19 < system16> let me try that
10:20 < system16> what about the port ? (default is 80)
10:23 < system16> wow this modem is junk. i cant remove the url it says : unable to remove .
10:31 < system16> now i cant delete it . wtf
10:37 < Jmabsd> a question, you know QSFP+ ethernet, is that actually *FOUR SEPARATE* ethernet connections?
10:37 < Jmabsd> so you could use FOUR PORTS on ONE  SFP+ (10gbps) hub.. or not?
10:37 < Jmabsd> are there one or four MAC:s here :)
10:43 < cluelessperson> https://hastebin.com/raw/hiquzihiki
10:44 < cluelessperson> can someone tell me how I can maybe know what these ip addresses would be in advance?
10:44 < cluelessperson> youtube's ip range
10:53 < horse> morning all
10:54 < cluelessperson> horse: hi horse
10:54 < horse> cluelessperson: hi!
10:54 < cluelessperson> sup
11:05 < Jmabsd> are there any office or home use, silent, QSFP+ (40gbps) switches around today?
11:11 < ejr> hi. i am trying to copy files via scp over a network that seems not to allow scp. is there a way to circumvent that?
11:11 < skyroveRR> ejr: nope.
11:11 < ejr> ok.
11:38 < horse> Jmabsd: dont think so.  why do you need a 40GBps switch for home use?
11:39 < horse> ejr is port 22 blocked?
11:46 < dminuoso> horse: Why wouldn't you want a 40GiB/s switch at home?
11:46 < horse> dminuoso: because it's probably pointless and your not gonna get anywhere near 40Gbps from most stuff you'd do at home
11:49 < horse> i can't really think of a reason why you'd need that bandwidth on a home network anyway.
11:49 < dminuoso> Jmabsd: At any rate. Ditch the silence requirement and just put it into another room?
11:49 < Apachez> horse: why not?
11:49 < detha> horse: /r/homelab would probably disagree
11:49 < dminuoso> horse: That's not really helpful.
11:49 < Apachez> why wouldnt you need 40G at home?
11:50 < horse> why would you?
11:50 < dminuoso> horse: Just because _you_ dont have a use case, doesn't mean someone else has some legit use case. Whether it's just toying around, or maybe he has some valid need for it.
11:50 < Stryyker> Future planning!
11:50 < horse> i can't honestly think of a reason why though?
11:50 < Stryyker> SuperDupereXtremeUHDVD
11:50 < Apachez> 40gbps is about 5 000 000 000  bytes/sec
11:51 < Apachez> so slighly below 5Gbyte/s
11:51 < horse> and what could you possibly need that for?
11:51 < dminuoso> What is rather interesting is that these speeds can usually not be handled by linux anymore.
11:51 < Apachez> when you need to move your movie backup a 4 TB drive would then take 800 seconds give or take to process
11:51 < dminuoso> (So if you have these speeds you need out-of-tree drivers)
11:51 < Apachez> so lets round it up to 15min
11:51 < Apachez> while with 10Gbps network it would take 1 hour
11:52 < Apachez> and 1Gbps it would take 10 hours
11:52 < horse> where you gonna get a 40Gbps NIC from?
11:52 < dminuoso> horse: ebay.
11:52 < horse> do they even exist?
11:52 < Apachez> "why do you need a 1Gbps switch for home use?"
11:52 < Apachez> sure
11:52 < dminuoso> horse: Yes.
11:52 < Apachez> 100 hours with 100Mbps network
11:52 < horse> what are they, fibre?
11:52 < Apachez> "why do you need a 100Mbps switch for home use?"
11:52 < Apachez> oh fair enough
11:52 < Apachez> 1000 hours with a 10Mbps network
11:53 < horse> 100Mbps is usable
11:53 < Apachez> thats like close to 42 days
11:53 < Apachez> so 15 minutes vs your 42 days
11:53 < Apachez> I know what I would choose :)
11:53 < dminuoso> horse: At any rate, they didnt necessarily imply they wanted to use this at home.
11:53 < horse> Apachez: you're making the assumption that the stuff inside the guys the PC can stream at line rate
11:53 < dminuoso> Since they asked for "office or home"
11:54 < dminuoso> I suspect they are actually looking for a silent switch.
11:54 < dminuoso> (And the only reason you'd want a silent switch is if you want that sitting in front of you, which would only happen at home or in the office)
11:55 < detha> dminuoso: maybe you want to mount it in a submarine, that has to go into 'absolute silence' to avoid detection once in a while
11:56 < dminuoso> detha: I wouldn't be surprised if military contractors posted their problems on SO, reddit and freenode.. :D
11:56 < horse> brb
11:57 < detha> dminuoso: I'm pretty sure they sometimes do. At least the 2nd or 3rd level sub-contractors
12:09 < Aleksandar86> MGMT port on DLINK switch is isolated, can I connect this port with another ports. Please look image. https://imgur.com/a/wrxbF1a
12:09 < Aleksandar86> I set IP in same subnet of Mikrotik
12:09 < Aleksandar86> I wanna access from PC
12:12 < Apachez> so horse fled the scene?
12:12 < Aleksandar86> some answer please
12:17 < Apachez> sure
12:17 < Apachez> if you set an ip on it then you can access it
12:17 < Apachez> some mgmt itnerfaces dont support default gw so you must SNAT or sit directlty on the same network as the mgmt interface
12:20 < Aleksandar86> Not working, I try...
12:20 < Aleksandar86> default ip on ethernet is 10.90.90.90
12:21 < Aleksandar86> from WEB I can set only mgmt IP
12:21 < Aleksandar86> and I set 192.168.88.250 in same subnet of Mikrotik
12:21 < Aleksandar86> but I can't access from ethernet
12:22 < Aleksandar86> only I can when I set manual ip on PC like a 10.x.x.x subnet 255.0.0.0
12:22 < Aleksandar86> on 10.90.90.90
12:23 < Aleksandar86> I can change this IP only from telnet
12:23 < Aleksandar86> Apachez, I whink you understund what I wanna :)
12:23 < Aleksandar86> *Think
12:54 < ImQ009> I've got a REALLY strange problem
12:55 < ImQ009> When trying to access certain websites, it somehow ends up redirecting me to my modem's admin interface
12:55 < ImQ009> I flushed DNS cache, even changed it to Google's DNS
12:55 < pikapika> quick eli5, if a group of persons shares a wifi (everyone one password), does it mean anyone can see anything from all devices in the wifi?
12:55 < ImQ009> It's definitely not a problem with that
12:56 < ImQ009> In the browser I can see that I keep getting 302
12:56 < pikapika> *everone knows
12:56 < ImQ009> What could be up with that?
13:00 < varesa> ImQ009: some routers hijack traffic when they want to show you some notification like for example an firmware update
13:01 < ImQ009> Yeah, it definitely is hijacking it
13:01 < ImQ009> I'll reset it, maybe it'll hep
13:01 < ImQ009> brb
13:07 < ImQ009> Seems like resetting the thing helped
13:07 < ImQ009> At least for now
13:07 < ImQ009> I'm gonna call my ISP though. It's been causing a lot of issues lately
13:07 < ImQ009> Like, it's been constantly loosing DOCSIS at random
13:20 < pikaro> hi! for a month or so now, I sometimes get "malformed hello" SSL errors when connecting to Google websites. they always go away when reloading, so there's nothing inherently wrong, and I've never seen that behavior elsewhere (I think). happens on my linux box at home and on osx at work. I use firefox on both OSs, that's about the only commonality, but it doesn't seem like this is very common according to my searches. has
13:20 < pikaro> anyone here seen that problem and knows why this is happening?
13:23 < varesa> never seen that myself
13:23 < qman__> that type of behavior can happen if you're behind a proxy that does a man in the middle
13:25 < pikaro> well at work there's an IPS that might get in the way and at home I'm connected through PIA
13:25 < pikaro> but as I said this only started a while ago and both of those were in place long before
13:28 < zenix_2k2> i have a question, what if i have 2 scripts like this --> https://pastebin.com/epZXp6HA, so how can i detect the client's OS ?
13:28 < zenix_2k2> btw, those are python
14:04 < hey2> Currently doing 11 hour overnight shift work at a data center... was offered a change to either 6am-430pm or 1pm-1130pm, on 2 days off 2 days on 3 days off 2 days on 3 days off 2 days, repeat
14:04 < hey2> which one should I take?
14:07 < mardraum> hey2: depends on if you like early morning starts or not, and what your personal/family life is like to suit? only you can decide
14:29 < Apachez> every day is a cakeday https://twitter.com/GripenNews/status/997601298051751936
14:31 < dogbert2> hey Apachez...whazzup?
14:34 < Apachez> dogbert2: just fine, and you?
14:35 < dogbert2> oh, got some lower back pain...other than that, just ripping some DVD's
14:36 <+catphish> spaces: "the max will allways be wirespeed" that's not really. with LACP you can push far more data than one link can carry
14:37 <+catphish> spaces: the only restriction is that with most bonding (including LACP), one stream (however you define that) will only use one link
14:50 < sleepy6> what is your 2 cents on fiber optic cables?  thumbs up or down?
14:52 < dogbert2> depends on if you really need fiber...long distance like in a large warehouse, it's pretty much a given, or building to building, etc
14:55 <+catphish> sleepy6: you can't "thumbs down" a fiber optic cable, they're magic, but there are certainly circumstances when they're not necessary and copper is easier / cheaper
14:58 < ben8472> just remember to deploy single mode not multimode
14:59 < ben8472> and plan ahead and buy like 6 pairs of fiber per cable not just 2, they are so thin and the price difference is not huge
14:59 < Apachez> catphish: depends on if per-flow or per-packet is being used to loaddistribute over available links
15:00 <+catphish> Apachez: indeed, LACP is always per flow afaik, but other schemes exist, linux can do round robin
15:08 < Apachez> depends on vendor
15:08 < Apachez> but yes its usually perflow
15:08 < Apachez> its time for some swedish fika https://www.youtube.com/watch?v=oRIeytEXGhQ
15:14 < Alexander-47u> hi
15:14 < Alexander-47u> can anyone tell me how a relay differs from a tunnel
15:15 < Alexander-47u> i know what a tunnel is, but cant seem to find what a relay
15:15 < Alexander-47u> is
15:16 < Alexander-47u> is that something like rinetd?
15:16 < Apachez> relay in what context?
15:16 < Apachez> a relay is something that accepts a packet and just forwards it
15:16 < Apachez> like a mailrelay accepts a mail and then forward it
15:16 < Apachez> a tunnel is when you encapsulate a packet within another packet
15:17 < Alexander-47u> for example, relay address = 0.0.0.0 and remote is 8.8.8.8
15:17 < Alexander-47u> does that mean that, packets going to 0.0.0.0 get relayed to 8.8.8.8
15:18 < Alexander-47u> ?:P
15:18 < Apachez> huh?
15:18 < Apachez> where did you see that shit?
15:21 < Alexander-47u> oke, its like I said , i tried lol
15:34 < Emperorpenguin> hey how would you call in English the fixed number portion of a DDI range?
17:03 < connorburt> Hi, I was on here the other day asking why some of my wall ports weren’t working, and I got some pictures of the switch panel (I think?); would any of you mind taking a look and giving me a better idea of what I’m looking at if I post some of the pictures?
17:13 < Drakonan> is there something in the ballpark of a pi with two ethernet interfaces?
17:13 < Drakonan> i am looking for a cheap router that would run something  like pfsense
17:14 < turtle> pcengines makes stuff like that
17:14 < abdulhakeem> ubquiti ER-X?
17:14 < tds> pfsense also do some of their own arm based boxes, those might work for you?
17:14 < turtle> https://www.pcengines.ch/apu2.htm
17:15 < Drakonan> are yall familiar with the aes-ni being a requirement
17:15 < tds> oh, there's espressobin as well
17:15 < Drakonan> in the new pfsense? is that going to be a serious show stopper for someone that wants to run the newer pfsense when it comes out?
17:15 < Kingrat> aes-ni isnt required yet, supposed to be for upcoming version 2.5
17:15 < Kingrat> you do need a 64-bit x86 cpu, only arm platforms supported are the netgate devices
17:15 < tds> that's just a single gbit nic though, and then a tiny managed switch attached, as far as I can tell
17:15 < Drakonan> thats what i was wondering is that just going to be an official sticker thing or
17:16 < Drakonan> would we be able to recompile something and go ok?
17:16 < Kingrat> and by upcoming i mean its probably another couple of years out with how quickly they release
17:17 < Drakonan> is there no way to hack support for arm?
17:18 < Drakonan> i was kind of even wondering about trying to vlan a single pi interface or something
17:18 < Drakonan> my internet at home is only 20mb down 2 up so
17:18 < Kingrat> i wouldnt attempt to build pfsense
17:18 < Drakonan> dont need anything super amazing
17:19 < tds> that would probably work fine on a pi, the 3b+ has better network bandwidth as well
17:21 < compdoc> aes-ni is good to have if youre going to set up encrypted vpns, like ipsec
17:21 < tds> making it a requirement seems odd to be, I'll be interested to see what they add to justify it
17:22 < compdoc> I doubt a pi would be a good choice if you have a fast connection
17:22 < Drakonan> yeah i was really surprised when i was looking at my gaming pc granted its old as dirt now but i can still run what i need lol full graphics eve full graphics but router? nope...
17:22 < Drakonan> i7-920 doesn't have aes-ni
17:22 < Drakonan> quad core cpu 6gb ram yeah not a lot, apparently not good enough for a router
17:23 < tds> if you're reusing old hardware like that, it's also worth keeping in mind power usage
17:23 < Drakonan> well im using it as my gaming rig hoping to wait out the ddr4 crash that has to happen at some point (please)
17:23 < Drakonan> but even power is that for real lets see it cant be 50-100 a year?
17:24 < Drakonan> i used to have a kill a watt around here somewhere
17:28 < Drakonan> well surprisingly... apparently that's 115 - 230 a year
17:28 < Drakonan> idle -> max
17:29 < Drakonan> that'll pay for the special purpose router in the first year
18:00 < longxia> is port knocking in order to make ports accessible a common practice, for example to hide management ports, or do network admins have better ways to guard against remote attacks?
18:00 < qman__> No, it's pretty atypical
18:01 < qman__> Using sane protocols, current TLS, and a reasonable firewall is generally enough
18:02 < qman__> You can add things like fail2ban or rate limiting rules
18:02 < GenteelBen> Port knocking is the next level of paranoia.
18:02 < GenteelBen> You wouldn't expose management services over the WAN anyway.
18:02 < tds> for management stuff though, I'd just say toput it on an isolated network, get to it via a vpn/jumpbox/whatever
18:03 < qman__> Yep
18:03 < GenteelBen> Well, you shouldn't - plenty of companies allow their staff to directly connect to their router management interfaces over the WAN.
18:03 < qman__> Use SSH or VPN for external access and hop from there to tge management interfaces
18:03 < longxia> but if i remember correctly, there was a sshd vulnarability some years ago which allowed access by spamming "keyboard" access method by the client. Things like that.
18:04 < GenteelBen> tds, even then, in practice lots of companies have any/any rules between VLANs due to not having any brain cells or an ability to test/define which traffic to allow.
18:04 < GenteelBen> The dreaded Cisco ASA any/any rule.
18:04 < qman__> That's why you patch your shit
18:04 < GenteelBen> lol yeah if you have Smart Net.
18:05 < qman__> No system is perfect
18:05 < GenteelBen> Cisco are uniquely cuntish for not giving people security fixes unless they subscribe.
18:05 < GenteelBen> They can literally ship you a defective product
18:05 < GenteelBen> And if you/they discover the defect 1 second after your initial warranty, you're out of luck.
18:05 < qman__> I was referring to the sshd comment, but yes
18:05 < GenteelBen> MS get a lot of shit, but they push out security fixes for their OSes for 10+ years.
18:06 < GenteelBen> For free...
18:06 < GenteelBen> And it's a much harder job for MS given the hardware/software permutations they have to support.
18:06 < longxia> GenteelBen: agreed
18:06 < GenteelBen> tl;dr: many switches and routers remain unpatched due to expired support contracts.
18:06 < GenteelBen> At least Cisco, unknowingly, make IOS image piracy really easy.
18:07 < GenteelBen> Log into Cisco.com, browse to the image downloads section, find your device, copy and paste the file name (which they list) into Google, download that image from a random FTP server, and check against the hash which Cisco.com also provide you.
18:07 < GenteelBen> That's how I built my virtual lab.
18:07 < qman__> yep, which is why you don't expose that stuff to the internet
18:08 < GenteelBen> Depends on the size of the company - you'd expect a bigger org to have beefy threat detection/prevention protections in place.
18:08 < qman__> if nothing else, the interney facing gear needs to be patched
18:08 < GenteelBen> For a smaller org? Yeah, I'd expose the single interface to the interwebs with no management services, just VPN.
18:09 < qman__> I've got old, unpatchable gear, but it's zoned off
18:09 < GenteelBen> Lots of shit online is unpatched.
18:09 < GenteelBen> Around 2010 there was an epidemic of unpatched LAMP servers.
18:09 < qman__> No excuse for that
18:09 < GenteelBen> Stupid Linux sysadmins don't know how to configure patch schedules, unlike the awesome chad Windows sysadmins.
18:10 < GenteelBen> I'd argue it's because the default state of Windows Server is "we're going to shove patches in your face and keep bitching about them unless you accept".
18:10 < GenteelBen> It was ironic - MS software has more security holes but is probably the most-patched, up-to-date mainstream software apart from iOS.
18:11 < qman__> I'd argue it's because you can't leave a windows server alone for 5 years and expect it to stay up
18:11 < GenteelBen> So in the real world, it's pretty difficult to use W10 exploits, say, because the boxes auto-patch.
18:11 < GenteelBen> qman__: you can, but you can't have any third-party services running on it.
18:11 < GenteelBen> And anyway
18:11 < GenteelBen> Only neckbeard sysadmins care about individual node uptime.
18:12 < qman__> That's not the point
18:12 < GenteelBen> The true metric is service uptime. And you get that by implementing rolling upgrades across a cluster.
18:12 < qman__> LAMP is literally set and forget
18:12 < GenteelBen> So is AD, Exchange, etc.
18:12 < qman__> So they install it and never touch it again
18:12 < qman__> Pfft, no
18:12 < GenteelBen> Difference is those MS services are self-patching unless you make a concious choice to deploy WSUS or SCCM on your network.
18:13 < GenteelBen> If you don't bother to set up enterprise patching in an MS environment, the default state (client downloads patches and installs them without asking you) protects clients reasonably well.
18:13 < GenteelBen> I have been pissed off a few times by Windows rebooting without asking me, though.
18:14 < GenteelBen> Anyway
18:14 < GenteelBen> Patch your routers, people.
18:14 < purplex88> which uml diagram is used for network topology?
18:14 < GenteelBen> And also, don't forget that the bigger threat is from within e.g. someone jacking into your LAN and spreading viruses everywhere. So implement RADIUS, or use Cisco port security, or something.
18:15 < purplex88> i want to show how a switch is connected with computers
18:15 < GenteelBen> purplex88: maybe the communication diagram? But UML is a software engineering description language, not really suited to physical stuff.
18:15 < GenteelBen> purplex88: you wouldn't use UML for that.
18:15 < purplex88> UML has many diagrams
18:16 < GenteelBen> purplex88: but still geared towards software engineering.
18:16 < purplex88> it can plot flow charts
18:16 < GenteelBen> There isn't really a standard for documenting network topologies, anyway.
18:16 < GenteelBen> Yes but they're logical flows...within or between software components.
18:17 < purplex88> i don't know what it means
18:17 < GenteelBen> UML claims to be general-purpose but it's not suited for stuff like network topology diagrams. For that, you  produce something like this https://www.smartdraw.com/network-diagram/img/network_diagram.png?bn=1510011130
18:17 < GenteelBen> Who's the audience for your diagrams, purplex88?
18:18 < GenteelBen> Unless it's software engineers, UML is a waste of time.
18:18 < purplex88> just me
18:18 < purplex88> i'm audience
18:18 < GenteelBen> Then do what every other network admin does - use Visio + some nice shiny stencils.
18:18 < GenteelBen> This is a fairly typical topology diagram: https://www.pcwdld.com/wp-content/uploads/2016/01/Microsoft-Visio-Network-Diagrams.jpg
18:19 < purplex88> are you saying it doesn't have a "physical" flow but only "control flow" and "object flow" arrows?
18:19 < GenteelBen> purplex88: it claims to, but it's not very good at it.
18:19 < GenteelBen> A network diagram isn't supposed to be some abstract thing with rectangular boxes and classes.
18:19 < GenteelBen> The convention is that you either do it yourself, using stencils
18:20 < GenteelBen> Or you rely on a network monitoring application to build the diagram for you.
18:20 < GenteelBen> I would suggest you create a high-level diagram yourself with Visio. If your company is small you can list all routers/switches. If you're big, you can just stop at the distribution switches.
18:21 < GenteelBen> In addition to that you'd probably want to use something like Solarwinds to create more dynamic, up-to-date topologies for use when troubleshooting.
18:21 < purplex88> it has a lot of arrows: association, information flow, control flow, transition flow, object flow
18:21 < GenteelBen> SW or whatever tool you want will interrogate your network equipment and figure out what's connected to what.
18:22 < GenteelBen> That isn't really a network topology diagram then, purplex88.
18:22 < GenteelBen> Network diagrams aren't supposed to convey things like information flow.
18:22 < GenteelBen> You're describing the plumbing, not the individual turds.
18:24 < purplex88> okay, you're just saying to use custom shapes and generic connectors
18:25 < GenteelBen> No
18:25 < GenteelBen> What vendors are your network equipment?
18:25 < GenteelBen> You can use generic "switch" and "router" stencils, or you can use vendor-supplied ones: http://www.visiocafe.com/
18:26 < GenteelBen> I'd say just keep it simple, unless you think your boss will be impressed by actual Cisco stencils.
18:26 < purplex88> vendor doesn't matter here
18:26 < GenteelBen> You have to remember what the network diagram is for, purplex88: troubleshooting (e.g. when a switch dies) and aiding in design/deploy/config work (e.g. when adding a new switch).
18:27 < GenteelBen> If a switch dies, you can look at the diagram
18:27 < purplex88> i'm using sparx architect
18:27 < GenteelBen> "Ah, switch023F is connected to switch024 and switch 027A, so that part of the building has no network access.
18:27 < GenteelBen> Hah.
18:27 < GenteelBen> Sparx is like several Swiss army knives glued together.
18:28 < GenteelBen> The "correct" language to use to describe network topologies is ArchiMate, but precisely zero people use it for that.
18:28 < purplex88> I think its "deployment diagram"
18:29 < GenteelBen> Just set your building on fire and be done with it, purplex88.
18:29 < purplex88> its got a communication path arrow :D
18:30 < GenteelBen> I recommend you trigger the fire by covering the vents of your routers with dynamite.
18:32 < purplex88> I see. You mean "just get it done without thinking too much".
18:35 < purplex88> GenteelBen: https://www.sparxsystems.com.au/enterprise_architect_user_guide/13.0/model_domains/deploymentdiagram.html
18:36 < purplex88> one thing i'm confused about is: how a node is different from a device in networking?
18:37 < purplex88> and also "host".
18:37 < purplex88> node vs device vs host
18:37 < purplex88> all sound same
18:40 < detha> purplex88: 'node' can be a VM, or a container. As can host. Device is a thing you can kick.
18:41 < purplex88> I see.
18:41 < purplex88> The terms "node" and "host" are used for a virtual device?
18:43 < detha> Not necessarily. 'host' is often a VM or physical server, doing running services. Node is often a router or router VM. But that is not a strict thing, the terms are used mostly interchangeably
18:44 < DEEP_freeze> I like to think of nodes are branches in a tree, while a host is the leaves.
18:49 < purplex88> Hosts as I learned are just client computer systems.
18:50 < Reventlov> Wikipedia writes « A network host is a computer or other device connected to a computer network. »
18:50 < Reventlov> good enough.
18:51 < Reventlov> (in the networking context)
18:51 < purplex88> I still don't get the difference.
18:51 < purplex88> I guess its all the same.
18:51 < Reventlov> purplex88: difference between what and what?
18:52 < purplex88> those three things: host, device, node.
18:52 < Reventlov> purplex88: in general or in the network context?
18:52 < purplex88> in networking
18:53 < purplex88> is there general meaning too?
18:53 < Reventlov> well, yeah, you can talk of node when talking of graphs (as opposed to vertice, or link)
18:53 < longxia> purplex88: if you're confused, then that's because everybody is confused about these terms. Except for a device, that's something tangible, mostly...
18:54 < purplex88> can I node be a computer, switch, router, or vm?
18:54 < Reventlov> yes
18:54 < purplex88> can a*
18:54 < Reventlov> purplex88: basically, in network, you often differentiate two kinds of things: "node" (entity, at one place, physically or logically), and "paths", or "links" (that are things that connect node)
18:54 < Reventlov> that's all: a node can be a computer, a switch, a router, a vm, depending on the level you want to consider
18:54 < Reventlov> You can consider stuff inside your computer as "nodes" connected by some bus
18:55 < purplex88> and host can also be a computer, a switch, a router, a vm?
18:55 < Reventlov> yes!
18:55 < Reventlov> like usb: my usb mouse is a node on the usb bus
18:55 < Reventlov> but, in the context of virtualization
18:55 < Reventlov> a host is often the "physical" machine "hosting" the virtual machines
18:55 < purplex88> host  sounds like something that hosts
18:55 < Reventlov> don't sweat it too much
18:56 < purplex88> e.g. a computer hosting a server
18:56 < Reventlov> well, a server is a computer depending on the context, also
18:56 < Reventlov> see, that's not written in stone
18:56 < Reventlov> purplex88: hosting a server, or hosting a client
18:56 < printingwhyyyyyy> Hello, my printer used to be functioning properly but now it stopped all of a sudden, and when I try to go through the setup wizard and locate my Wi-Fi's SSID again, it's not there
18:56 < printingwhyyyyyy> Any idea why?
18:56 < printingwhyyyyyy> It's a Brother printer by the way
18:56 < purplex88> ok
19:19 < Tegu> that nanoSouffle.net link doesn't seem to work
19:40 < pauliunas> hey guys, i need to implement EIGRP in a sort of simulation app or something... don't ask, university stuff. anyway, is there a place where i could find a technical guide to EIGRP? like how the tables get populated etc., i already have a rough idea of how it works, i just need to put some dots on i's
20:15 < Jmabsd> what *DUAL* Intel XL710 chip NIC:s are there today? Hotlava Systems makes one. More?
20:15 < Jmabsd> in other words *quad* QSFP+ port
20:22 < lakiluki> Hey, I'm trying to query a www.mit.edu with nslookup for a NS type record and while my ISP DNS returns the authoritative answers with corresponding IP addresses, 1.1.1.1 does not return the IP addresses of the name servers, but only the hostnames. Can anyone explain why my ISP DNS returns the corresponding IP addresses, while 1.1.1.1 does not?
20:23 < lakiluki> mit.edu, not www.mit.edu*
20:35 < lakiluki> Can anyone help?
20:40 < SporkWitch> lakiluki: If you have a question, just ask! For example: "I have a problem with ___; I'm running Debian version ___. When I try to do ___ I get the following output ___. I expected it to do ___." Don't ask if you can ask, if anyone uses it, or pick one person to ask. We're all volunteers; make it easy for us to help you. If you don't get an answer try a few hours later.
20:41 < longxia> SporkWitch: he did :), at 20:22
20:41 < SporkWitch> ah, all i see before "can anyone help" is a netsplit lol
20:41 < longxia> or she
20:42 < SporkWitch> "he" is standard in english when sex is unknown
20:42 < longxia> SporkWitch: i thought they used they for that ;)
20:42 < SporkWitch> longxia: only idiots with an agenda and people who didn't earn decent grades in english
20:44 < SporkWitch> you'll find that most of the "masculine" words in english used to be neuter, we just got rid of most of the male-specific ones, which became male/neuter, and kept some of the female ones
20:45 < Jmabsd> if you have an SFP+ port (10gbs) with a 10GBASE-T RJ45 transceiver in it, will it be able to do 1GBASE-T also?
20:50 < fnDross> option wpa_group_rekey '86400'  << security risk?
20:53 < SporkWitch> fnDross: arguably; 3600 (one hour) would probably be better
20:53 < SporkWitch> if not less
20:53 < Aleksandar86> I lost 5 hours in searching how to enable ethernet 1 port for only 1 MAC adress on DLINK 1510 switch layer3
20:54 < SporkWitch> fnDross: not sure what the current average to crack a WPA2 key is, but basically you'd want it below that, if you're worried about that
20:54 < Aleksandar86> only 1 MAC address can access on port 1
20:54 < Aleksandar86> how?
20:55 < Aleksandar86> I try ACL, port security, any options... :(
20:55 < Aleksandar86> I wanna set MAC filter on port1, only this mac can access
20:56 < Aleksandar86> I know how to block for one mac
20:56 < Aleksandar86> but how to give access for only 1 MAC?
20:56 < Aleksandar86> in which options I can do that?
20:56 < Aleksandar86> ACL?
20:56 < SporkWitch> port security is the feature you're looking for
20:58 < Aleksandar86> I have port security, but not working for me :(
21:14 < fnDross> SporkWitch: is 10mins too low?
21:15 < fnDross> tryin to fix "deauthenticated due to local deauth request"
21:44 < Apachez> when using 802.1x in cisco catalyst series, is there a way to auth the user just locally that is without an external radiusserver?
21:44 < purplex88> anyone heard the term "malicious server"?
21:45 < Apachez> fnDross: I think that depends on the equipment but usually the 10Gbase-T SFP+ supports 1G too
21:48 < SirJoker2188> hello
22:04 < fnDross> ?
22:24 < jason85> In TCP, why does the sequence number get incremented after a SYN which carries no data?
22:28 < SporkWitch> jason85: because it's still a packet; sequence is incremented each packet
22:29 < Apachez> seq tells the other side how much data has arrived
22:29 < jason85> SporkWitch: Does that mean a TCP packet with data of length 1 will have the sequence incremented by two?
22:29 < Apachez> think so
22:29 < Apachez> wireshark and such will convert that shit for you automagically
22:30 < SporkWitch> should still just be 1; 1 packet, +1 sequence
22:30 < Apachez> because initial seq is random due to avoid spoofing
22:31 < jason85> SporkWitch: but it gets incremented by the amount of bytes in the payload?
22:31 < jason85> Apachez: Yes true
22:32 < Apachez> syn 0
22:32 < Apachez> synack 2
22:32 < Apachez> ack 0
22:32 < Apachez> err
22:32 < Apachez> ack 1
22:32 < SporkWitch> that doesn't sound right, jason85
22:33 < Apachez> no sorry
22:33 < Apachez> wrong flow :)
22:33 < Apachez> syn 0
22:33 < jason85> SporkWitch: It does, sequence number denotes the amount of bytes received so far, not the amount of packets
22:33 < Apachez> synack 0, 1
22:33 < Apachez> ack 1,1
22:33 < Apachez> first is seq the other is acked
22:34 < Apachez> client sends client hello 583 in total length
22:34 < jason85> Apachez: Are you testing this in wireshark?
22:34 < Apachez> serve rresponse with 1514 total length
22:34 < Apachez> yes
22:34 < Apachez> then client acks 518, 1449
22:34 < jason85> Apachez: what happens if you send a packet with a payload of length 1, does it increment by 1 or 2?
22:35 < Apachez> server sends junk 1514
22:35 < Apachez> client 518, 2897
22:35 < SporkWitch> i stand corrected, it's incremented by the byte-length of the payload; http://packetlife.net/blog/2010/jun/7/understanding-tcp-sequence-acknowledgment-numbers/
22:35 < Apachez> server sends 110
22:35 < SporkWitch> been a while since i dug into it
22:35 < Apachez> client 518, 2897
22:36 < Apachez> err
22:36 < Apachez> client 518, 2941
22:37 < Apachez> so the initial should be that it acks the opposite side's seq
22:37 < Apachez> so initially when there is 0 bytes as payload then 0 byte is acked
22:37 < Apachez> and then you start to send data
22:37 < Apachez> if you for whatever reason send a packet with 0 payload then 0 will be acked (that is previous ack num will be sent since no data aka payload was received)
22:38 < Apachez> somewhere in the settings of wireshark you can disable its auto calc of seq/ack
22:39 < SporkWitch> the linked article does a nice step-by-step on it
22:39 < Apachez> yup
22:40 < Apachez> so back to my 802.1x question :)
22:40 < Apachez> when using 802.1x in cisco catalyst series, is there a way to auth the user just locally that is without an external radiusserver?
22:41 < SporkWitch> i want to say no, but i honestly don't know; i've never heard of doing it without some kind of auth server that you tie into something like LDAP/AD
22:42 < jason85> Okay, so it is increased by the amount of bytes in the payload, with the exception for SYN packets, in which case it is increased by one. Thanks guys.
22:42 < Apachez> because there is some fallback mode "if radius isnt reached, let clients in based on mac instead" or something
22:42 < SporkWitch> Apachez: at that point isn't it just port security?
22:43 < Apachez> hey Im asking the questions here :P
22:44 < Apachez> there is MAB but that seems to require a radiusserver anyway (macaddress is used as password)
22:44 < SporkWitch> Apachez: just saying, that sounds like exactly what port security is, which makes sense as a fallback if the auth server can't be reached
22:45 < Apachez> ?
22:45 < Apachez> because this usercase still needs the guestvlan and then switched into prodvlan as with regular 802.1x
22:45 < Apachez> but I failed to figure out if the cisco catalyst somehow supports 1x without an external radius
22:45 < SporkWitch> Apachez: MAC-to-port mappings, lock the port if a different MAC is seen
22:45 < SporkWitch> yeah, dunno :(
22:46 < Apachez> so its not a mac acl ala portsecurity Im looking for
22:49 < purplex88> when computer A sends a packet to computer B, does computer B finds ip address of computer A in the source or destination field of TCP/UDP packet?
22:49 < purplex88> i think source
22:50 < purplex88> because thats its source
22:51 < Apachez> the packet (ipv4) contains both srcip and dstip
22:51 < Apachez> srcip is the one who sent the packet
22:51 < Apachez> so when computer B gets packets from A the the srcip in these packets say ip(A)
22:53 < SporkWitch> purplex88: think of it like a paper letter, just with extra info on the envelope
22:55 < purplex88> why does ipv4 and tcp both have srcip and dstip fields again? can't we use only ipv4?
22:55 < purplex88> maybe because tcp is encrypted?
23:00 < t0x0sh> purplex88: TCP doesn't have ipsrc/ipdst...Only portsrc/portdst are present in header.
23:03 < Apachez> purplex88: different layers
23:03 < Apachez> purplex88: ip is layer 3, has srcip/dstip
23:04 < Apachez> tcp is layer4, has srcport/dstport
23:10 < purplex88> i captured some packets in wireshark, will try to understand what goes where
23:12 < turtle> gotta catch 'em all
23:21 < purplex88> are Frame and Ethernet two protocols as well above IPv4 and TCP as I am seeing in wireshark?
23:22 < purplex88> i don't even know use Ethernet cable, only wifi
23:22 < SporkWitch> frames are to ethernet what packets are to IP
23:22 < purplex88> I mean I use Wifi not Ethernet cable*
23:22 < SporkWitch> this is easily googled, and covered in any introductory networking course or textbook
23:23 < SporkWitch> i can't recall if wifi does ethernet directly or if there's another encapsulation layer around the ethernet...
23:24 < qman__> Pretty sure wifi is just straight ethernet, with some extensions
23:25 < purplex88> i was expecting to see a WiFi protocol
23:26 < qman__> 802.11
23:27 < dan01> On VBox If I want to share the network with the guest OS, I set the interface as 'bridge', but I saw a strange technique: Have one NAT interface and one as host-only adapter, how the hack does that work?
23:27 < purplex88> well, in this case I sent tcp packets from mobile app to PC
23:28 < purplex88> why do i see the line: "Frame 34: 66 bytes on wire (528 bits), 66 bytes captured (528 bits) on interface 0"?
23:28 < purplex88> on wire?
23:32 < qman__> Because that's what was on the wire
23:32 < qman__> With wifi, the air is your wire
23:33 < Apachez> qman__: with wifi there is a wire from the antenna to the transceiver ;)
23:35 < purplex88> ah ok
23:35 < purplex88> in the air sounds interesting
23:35 < Falkaofalk> Hey all, I have difficulty finding my ISP's nameserver. As far as I know, it is necessary to use this nameserver at the domains registrar, so that it knows where to point. I only get a connection specific DNS-Suffix but that does not seem to be the correct one... Any idea on how I can find out the nameserver (not just one IP of it)
23:37 < SporkWitch> Falkaofalk: you're talking about different things.  domain registrar determines authoritative nameservers for your domain. ISP nameserver is just the first one you ask if you don't have a local entry
23:37 < SporkWitch> Falkaofalk: usually people recommend using google's (8.8.8.8 and 8.8.4.4) or another free DNS provider, to avoid some nastiness by the ISP
23:39 < Falkaofalk> SporkWitch: Thanks. Yeah I am using googles DNS. For some reason I cannot seem to connect to my local server via Internet. I already tried a bunch and hoped, that could solve my issue.
23:41 < SporkWitch> Falkaofalk: https://lmgtfy.com/?s=d&q=port+forwarding
23:42 < SporkWitch> Falkaofalk: see also https://lmgtfy.com/?s=d&q=nat
23:44 < Falkaofalk> SporkWitch: Already forwarded the needed ports. My router seems to have issues regarding NAT but I cannot seem to figure out where the issue lies. Thanks for the input, will keep digging :)
23:47 < SporkWitch> Falkaofalk: figured it was worth mentioning given the initial confusion
23:47 < SporkWitch> are you sure you're trying to reach the external address?
23:48 < Apachez> there are two types of dns servers, resolvers and authoritive
23:48 < Apachez> resolvers finds out who is authoritive and ask any of those about a specific domainname
23:48 < Falkaofalk> SporkWitch: Thanks for the heads up. And jep, port forwards are set up properöy
23:48 < Apachez> so in your case setup authoritive dns servers
23:48 < Apachez> most registrars offer this as a service
23:48 < Apachez> there are also free services elswhere like dns.he.net
23:49 < Apachez> or use your own servers
23:49 < Apachez> or a combo, your server as master and slaves at dns.he.net
23:49 < Apachez> I do the later
23:49 < Falkaofalk> yeah my registrar has default dns servers which I can use without any issues i suppose.
23:50 < scientes> is there any way to figure out if two coaxials are connected?
23:50 < scientes> without spending money on a moca adapter?
23:51 < Falkaofalk> Apachez: Do you know a general way on how to change a routers NAT-type? I guess it might be router specific but forwarding specific ports did not seem to fix the issue.
23:53 < Reventlov> scientes: use a multimeter?
23:54 < halftroll> my android doesn't let me assign a static IP instead of DHCP. On my computer ( WICD ) I have no problem..
23:54 < zeldafan78> Why does this keep happening? A torrent downloads at several megabytes per second until like 76% (it varies, but always more than 50%, not seldom like 99%) when it stops completely and then remains like that until I eventually give up and delete it?
23:54 < scientes> Reventlov, but they are so far apart, i guess i would have to run a wire between them?
23:55 < scientes> halftroll, https://it.uoregon.edu/node/3559
23:56 < Reventlov> zeldafan78: that's because torrents are split up in multiple pieces, some pieces may not be available
23:56 < halftroll> scientes: thanks, I am reading it
23:56 < scientes> halftroll, thats a lmgtfy.com
23:58 < halftroll> scientes: when I click static instead of dhcp in advanced setings, all inputs have default fields and the phone doesn't let me change them
--- Log closed Mon May 21 00:00:12 2018