--- Log opened Tue May 22 00:00:28 2018
00:03 < jadesoturi> hi all.. anyone around?
00:04 < jadesoturi> im trying to solve this puzzle online, and the hint is follow the PTR.. so i did a reverse lookup and both ptr and a records point to the same host.. is there something im missing?
00:05 < drudge`> im not sure
00:06 < tds> out of interest, do you have a link to the puzzle?
00:06 <+catphish> question from earlier, any idea why my websocket connection isn't sending cookies? https://imgur.com/a/LmdXVK5
00:06 < drudge`> prob need more of the project scope
00:06 < jadesoturi> https://puzzle.webhuset.no/step-six-complete
00:08 < jadesoturi> drudge`, previous one was to follow the TXT, which lead me to the link above..
00:09 < jadesoturi> but no matter how i lookup or trace the ip i get, it still leads to the same host, and that leads to step 1 :P
00:11 < drudge`> this looks like a fun puzzle
00:12 < drudge`> i wish these damn customers would stop calling me for the rest of the work day =)
00:12 < jadesoturi> haha:P
00:13 < jadesoturi> yeah, the first steps were pretty easy(once i got what the header was encoded in etc) but the PTR one stopped me right in my tracks:P
00:30 < tds> jadesoturi: looking at the later parts, they don't seem especially difficult compared to how you might solve step7, so I'd suspect it's broken
00:30 < tds> I may have missed something obvious, though ;)
00:31 < jadesoturi> step7-ptr.puzzle.webhuset.no is the answer. found by randomly googly for the puzzle, but i dont get it.. how is this connected. the IP for step7-ptr.puzzle.webhuset.no is nowhere to be found when looking at DNS records for the host
00:32 < tds> yeah, you could scan rdns record for all their prefixes (or just look on bgp.he.net), but I'd suspect they moved the box and forgot to update the ptr record on the new ip
00:32 < jadesoturi> yeah. i suspect it might be broken.. asked a friend and he said they played with it at 33C3 and that its 7 years old.
00:32 < jadesoturi> ahh ic. well. that is possible
00:32 < tds> it also looks like a server 2008 box, so I guess that would line up
00:33 < tds> I'd certainly let them know about it though, if nothing else they might remember to update or shut down the site
00:34 < jadesoturi> the weird thing is that they are apperently using this as a small test for new applicants for job openings
00:34 < jadesoturi> so kinda weird if its broken. found a listing where they link to this puzzle and its like 2 weeks old..
00:36 < jadesoturi> ohh well.. ill solve the rest of it and let them know. maybe they really want you to dig through the DNS records :P
00:42 < drudge`> tried a AXFR but that was denied
00:45 < jadesoturi> well. just found out that a friend of mine knows the guy maintaining the puzzle(works at webhuset) he is gonna check if the "error" is intentional or if there is something we are missing..
00:45 < k12> My friend told me that he can run a command in his web browser that will execute a command on the server, and he said he was able to shut his other friends computer down remotely that way. What is this exploit called?
00:47 < k12> I tried to get him to tell me what it is, but he refuses. So, now I have to come here, because I don't know what search terms to look up.
00:51 < drudge`> oh dude
00:51 < drudge`> jadesoturi
00:51 < drudge`> lol
00:51 < jadesoturi> sup ?
00:52 < drudge`> http
00:52 < jadesoturi> ?
00:52 < drudge`> https://step7-ptr.puzzle.webhuset.no
00:53 < CuriousMind> Are there any telnet servers that I can log onto?
00:53 < jadesoturi> yeah. thats the answer. but how do you get to that from "follow the PTR" ?
00:53 < k12> A guy by the name of Bryan Lunduke that I watch has one: bbs.lunduke.com
00:53 < k12> He's a decent youtuber.
00:54 < tds> depends what you want to telnet into, there are various public route servers if that's what you want ;)
00:55 < k12> CuriousMind: https://www.youtube.com/watch?v=U4yebZR7TkQ
00:55 < k12> He talks about his bbs right there. You could telnet into that.
00:55 < drudge`> jadesoturi https://dnslytics.com/ip/31.24.128.192
00:55 < k12> May not be telnet itself(I don't know since I don't know much about telnet), but you could use telnet for it.
00:56 < tds> drudge`: how did you find that v4 address? or just by scanning ptr records for all their announcements?
00:56 < djph> CuriousMind: telnet towel.blinkenlights.nl
00:56 < CuriousMind> k12: Thanks
00:56 < CuriousMind> djph: thanks
00:56 < jadesoturi> yeah, but how did you get to that IP from puzzle.webhuset.no ? its not showing up in reverse lookup unless you check them ALL like tds said
00:57 < k12> So, does anybody know what that exploit is called? Or no?
00:58 < tds> k12: https://www.owasp.org/index.php/Command_Injection
00:58 < k12> tds: ok thx
01:00 < drudge`> tds jadesoturi i was trying different variants
01:00 <+catphish> finally figured out my cookie problem, i feel dumb, was confusing 127.0.0.1 and localhost
01:00 < drudge`> in google
01:01 < jadesoturi> okok. yeah. i googled for puzzle.webhuset.no and found that same link.. just dont get it how they originally ment for it to be solved..
01:02 < drudge`> ohhh, i gotcha
01:02 < drudge`> if these customers would stop bothering me i could think more on it
01:03 < tds> lol
01:03 < djph> redirect the helldesk line to the 1.99 per minute self-help number you set up?
01:03 < tds> the following stages weren't hard, so it seems likely to me that they just changed the IP and forgot about the old one
01:03 < drudge`> or you were supposed to just guess the domain was step7.ptr
01:03 < jadesoturi> yeah. that is possible.. ill find out once my buddy gets a reply :P
01:03 < geokoh> hello
01:03 < drudge`> but yah, i was doing hte actual reverse look ups as well
01:05 < drudge`> i think im over-engineering step 8 tho
01:05 < geokoh> wondered how bandwidth throttling looks on graph over time
01:20 < banisterfiend> does anyone know any advantages in using routing sockets vs just shelling out to the 'route' command?
01:32 < drudge`> now step 8 is puzzling my pants off
01:54 < spaces> Apachez how is the internets ?
01:55 < spaces> drudge`ask the chick next to you how to get your pants off, she doesn't need to puzzle for that ;)
02:12 < drudge`> lol spaces
02:25 < spaces> drudge`did it work ?
02:32 < Falkaofalk_> Hey, I just found out that my ISP is blocking all ports except Port 8080. Via port 8080 I only get into my routers config panel. Tried forwarding port 8080 to 80 but that dosent fix the issue. (Did external IP port 8080 to internal IP of the server port 80). Anyone has a idea on how to use port 8080 to reach the server on port 80? Gonna ask my ISP tomorrow if they do open the ports in case there is no other way.
02:36 < ntd> if your home routers we interface is exposed to inet you're doing it wrong
02:38 < Falkaofalk_> well that what is happening...
02:42 < xamithan> Some of those gateway modems require to be exposed so the techs can access
02:43 < Falkaofalk_> seemd like i did something wrong when configuring the forwards. deleted all of them and apparently works
02:45 < xamithan> You sure your router isn't the one blocking the ports and not your ISP?
02:46 < Falkaofalk_> A did a check and found that only port 8080 was not blocked via ISP. My router is not blocking any.
02:47 < xamithan> Well if NAT is active it autoblocks inbound until you forward
02:47 < xamithan> Unless you only got one device
02:49  * linux_probe is betting on nat loop back getting port 8080 lol
02:50 < xamithan> I'm trying to figure out how to make xfce network applet work >.<
02:50 < Falkaofalk_> got multiple devices and it somehow magically works now. which on the other hand worries me a bit
03:00  * xamithan is going to have to get used to NetPlan
05:32 < ScriptGeek> I'm downloading kali linux to install on a usb stick so I can hack some wifi bush
05:32 < eahm> you should download Edgy Linux
05:32 < lupine> "wifi bush"
05:33 < lupine> I don't know whether to be titillated or IoT-horrified
05:33 < ScriptGeek> lupine, me neither, which do you prefer?
05:33 < ScriptGeek> eahm, why Edgy?
05:34 < eahm> cause its the best
05:35 < ScriptGeek> eahm, you mean Ubuntu Edgy?
05:35 < eahm> no lol, it was a joke :P
05:35 < ScriptGeek> eahm, oooooh
05:35 < eahm> :)
05:35 < lupine> why not both?
05:36 < ScriptGeek> Ubuntu Edgy is hella old
05:36 < eahm> it wasnt a distro, it was a joke because of that shit you said = edgy
05:36 < lupine> now that you've explained it, it's not funny any more
05:37 < lupine> what is this, rookie hour?
05:37 < ScriptGeek> it was too much of a stretch
05:37 < eahm> yeah sorry but fuck me sumtims
05:37 < lupine> poor tim
05:37 < ScriptGeek> rip
05:38 < ScriptGeek> why does everyone have to setup wifi security? why can't they just share the wealth?
05:39 < lupine> legal liability, that's why
05:40 < ScriptGeek> legal my eagle, they just need to trust
05:41 < ScriptGeek> I promise not to download more than 30 gigs of pornos at a time
05:41 < lupine> trust is impossible given anonymity
05:42 < lupine> now, if we all had some form of ID with which we could log into any wifi port and have our illegal activities attributed directly to us, it might be another matter
05:42 < lupine> until then, if I give open wifi, and you come along and download child porn, I'm going to jail
05:43 < ScriptGeek> child porn... sheesh
05:43 < lupine> there's some sick people out there
05:43 < eahm> lupine: yep, thats why i tell friends and relatives to never share it, not even for money
05:44  * linux_probe suggest kitty porn instead
05:44 < eahm> it could even be a spyware, popup, anything, they dont care.
05:59 < nshire> will an AP running both 2.4ghz and 5ghz always have 2 SSIDs or can you have it just show as one?
06:00 < ScriptGeek> nshire, I'm pretty sure it will be 2
06:00 < ScriptGeek> they should be able to have the same name, though
06:03 < nshire> ah. I was hoping I could have just one ssid show for less clutter but oh well
06:03 < linux_probe> so, make them the same?
06:04 < nshire> still shows 2 entries for people's wifi list
06:04 < ScriptGeek> yep, it's gonna be listed as 2 different ones
06:33 < C0r3> If I'm logged into a server how do I figure out what port does an API call hits?
06:36 < monkeynuts> C0r3, ss -tlpn |grep whateverprocess
06:49 < winsoff> I just want to be able to walk into a place and ask what their network topology is
06:49 < winsoff> and then ask questions about why they made those decisions
06:49 < winsoff> and not be told "sir you need to leave"
06:50 < light> you expect too much from McDonalds
06:55 < linux_probe> lol
06:57 < Johnjay> i want to make a joke about being racially profiled at mcdonalds, but that was actually a starbucks
07:22 < winsoff> light, lol
08:55 < Haris> hello all
08:56 < Haris> I have a problem with devices not negotiating to 1 Gbps. rather sticking to 100 Mbps on LAN. Is this because of wire or how its being used ? Is there a way to make sure every device always successfully negotiates to 1 Gbps interface status ?
09:01 < skyroveRR> Haris: change the wire and see.
09:01 < winsoff> Haris, are you using the right cables?
09:02 < Haris> that's what I want to know. what or which are the right ones
09:02 < Haris> I'v got 3m, 5m patch cables from the market
09:02 < winsoff> Cables rated for the stated 1gbps
09:02 < skyroveRR> You need a Cat5e/6 rated cable.
09:05 < skyroveRR> Haris: also, most LAN LEDs will give you amber light when they are negotiated to 1Gbps. Quite common.
09:05 < Haris> hmm
09:05 < Haris> on my 2960G, for one, sometimes it continuously goes between amber and green
09:05 < skyroveRR> Green LED is 100mbps, typically.
09:05 < skyroveRR> Yeah, in that case, force it to 1Gbps.
09:06 < skyroveRR> Turn off Auto-neg.
09:06 < Haris> I thought amber was indication of a problem
09:06 < Haris> ..was an+ indication..
09:06 < skyroveRR> Only in terribly programmed devices.
09:14 < hmig> morning guys
09:15 < skyroveRR> Afternoon hmig
09:15 < hmig> can anyone help me troubleshoot a spanning tree issue
09:15 < hmig> afternoon? where in the world are you?
09:15 < skyroveRR> India.
09:15 < skyroveRR> And you?
09:15 < hmig> England
09:24 < skyroveRR> hmig: still awaiting your question :D (although no guarantees that I might have the answer :D)
09:29  * linux_probe sees spanning tree and runs for cover
09:32 < skyroveRR> spinning tree
10:02 < hmig> re spanning tree
10:02 < hmig> i have a swinth hp/aruba 2920
10:02 < hmig> that has port 23+24 in a trunk
10:02 < hmig> one link goes to core sw1 and the other link goes to core sw2
10:03 < hmig> core sw1 and core sw2 are in an lacp
10:03 < hmig> so thats may loop
10:03 < hmig> i need to figure out how to stop
10:03 < hmig> because both core switch are forwarding at the moment
10:03 < hmig> i need one of them to be in a blocking state
10:10 < regdude> either it is a bug or RSTP might not be sufficient in your topology since you are running VLANs. You can have an open circuit with untagged traffic, but a loop with tagged traffic, RSTP sends out BPDUs only with untagged traffic (unless they are breaking 802.1Q) and will miss loops with VLANs, For such a topology you need a VLAN aware STP (MSTP or PVST)
10:12 < regdude> with the default values for STP a loop should be detected and one port should be in discarding state, unless you have a topology mentioned above
10:19 < TakWah> hi, to prevent a linux host from answering ping requests I need to compile my own kernel?
10:19 < Apachez> hmig: why dont you configure core1 and core2 as a single virtual chassis?
10:19 < skyroveRR> TakWah: nope.
10:19 < Apachez> TakWah: no
10:19 < TakWah> so who answers ping requests?
10:20 < Apachez> usually the host you sent the icmp echo request to
10:20 < Apachez> but this host can block such requests
10:20 < Apachez> and block outgoing icmp echo replies too
10:20 < TakWah> iptables?
10:20 < Apachez> both through kernel params (/proc) and/or through iptables
10:20 < TakWah> I see
10:21 < skyroveRR> iptables -I INPUT -p icmp -j DROP
10:21 < skyroveRR> Drops ALL ICMP packets, including ping.
10:21 < TakWah> thanks, that will do
10:21 < Apachez> /proc/sys/net/ipv4/icmp_echo_ignore_broadcasts
10:21 < Apachez> /proc/sys/net/ipv4/icmp_echo_ignore_all
10:22 < hmig> i think lacp is mis-configured between the two core switches actually
10:22 < hmig> having another look
10:22 < TakWah> Apachez: mhh, do I add those or edit them as files?
10:23 < Apachez> echo "1" > /proc/sys/net/ipv4/icmp_echo_ignore_all
10:23 < Apachez> as root / sudo
10:23 < TakWah> cool
10:23 < Apachez> or add in sysctl.conf
10:23 < hmig> am i correct in assuming if lacp is setup correctly and spt is setup correctly then one port will be in forwarding and another in blocking
10:23 < Apachez> but then its like sys.net.ipv4.icmp_echo_ignore_all 1
10:23 < Apachez> or whatever the synax is
10:23 < hmig> the two core switches are not stacked, they should be in lacp with 2 ports
10:24 < Apachez> hmig: why dont you configure core1 and core2 as a single virtual chassis?
10:24 < TakWah> Apachez, skyroveRR: thanks a lot
10:25 < TakWah> Another question, for the other way around, in a lan like setting, can I detect non-custom NIC adapters who do not respond to icmp?
10:26 < Apachez> "non-custom NIC adapters who do not respond to icmp"  huh?
10:26 < Apachez> in a lan you can see the mac address of each host
10:26 < Apachez> specially if you login to the switch
10:27 < Apachez> and this switch have an vlan interface with ip configured
10:27 < Apachez> if you dont have any security features enabled you can just pingsweep your own subnet
10:27 < TakWah> nic's that do not actively participate in the network and are in promiscous mode, can they be persuaded to answer to something?
10:27 < Apachez> and then look in your own arp table to see mac addresses
10:27 < Apachez> the first 3 hexvalues of the mac is called OID
10:27 < TakWah> even the macs of the ones who did not answer the imcp?
10:27 < Apachez> and can be looked up online so you get who is the vendor of that nic
10:28 < Apachez> and then you can match that to which hosts replied to your icmp echo request
10:28 < Apachez> yes because arp is below the layer3 protocol
10:28 < TakWah> cool, I am asking this for a bash scripted ids like system and I try to get a picture of the possibilites.
10:29 < Apachez> when your box pings lets say 192.168.1.2 (assuming you have 192.168.1.1/24 on your nic) the first thing that happens is that your box will send out an arp who has request (unless the mac is already cached in the local arp table)
10:29 < Apachez> box who is online and reachable will reply with its mac "I have ip x.x.x.x"
10:29 < Apachez> next your box will send the icmp echo request to this mac address with dstip set to x.x.x.x
10:29 < detha> TakWah: an adapter that only listens in promiscuous mode can only be detected from the fact that your switch has link-up state, but no traffic.
10:30 < Apachez> note that there are security features in lan's where for example it can be the switch (running proxy arp) who replies with its own mac instead of the client
10:30 < Apachez> or there can be protected or private vlans configured then you wont be able to reach other hosts at all unless you send the request through the gateway and the gateway allows it to pass
10:31 < TakWah> I see
10:31 < TakWah> detha: link-up state, is terminated wires?
10:31 < TakWah> nvm, I mean like it happens when you plug the cable in
10:33 < TakWah> Apachez: So, if I, the IDS detect an unkown device, via ping/arp, can I shoot it's physical frames (if they happen to pass the IDS box)?
10:33 < TakWah> like a measure to prevent the illegal host from using the network in a meaningful way.
10:37 < TakWah> what's the proper way to remove unwanted hosts from the network?
10:42 < SwedeMike> TakWah: that depends on the network.
10:43 < TakWah> for wlan I can just turn it off, I think, that is the most probable entry for non whitelisted hosts.
10:53 < Apachez> TakWah: ?
10:57 < djph> just use dot1x ...
10:59 < TakWah> Apachez: if the ? is for 'shooting frames', I meant causing collisions on the physical frame as soon as the part of the frame has been read which denotes who sent it? Don't know if this makes sense.
10:59 < TakWah> But I guess a normal NIC waits for the frame to complete before anything can be analysed.
10:59 < TakWah> By then it's all over.
11:01 < Apachez> I have no idea of what you tried to ask
11:01 < Apachez> default is store-and-forward
11:01 < Apachez> so full frame is received and then its processed
11:02 < TakWah> :) in that case, that's the answer I needed. What I asked for was a method to block single non-whielisted hosts upon detection from the network by the IDS.
11:03 < TakWah> Your answer tells me that it is not possible this way. And I guess not at all.
11:03 < Apachez> no I didnt say that
11:04 < TakWah> Not the second part
11:04 < Apachez> try to rephrash your question because it seems bogus to me
11:04 < drzacek> Hello
11:06 < TakWah> Okay, assume the IDS scans for hosts in the local network, and compares them to whitelist with MAC and/or ip-addresses. Then Mallory comes along and enters the network with his NIC, but isn't whitelisted, he starts doing stuff. The IDS notifies the network admin ""
11:06 < TakWah> and blocks all of mallories traffic, so that the network administrator has time to find mallories NIC in the real world and unplug it.
11:07 <+xand> don't do that
11:07 < TakWah> The question now was, if it was possible to cause collisions for all packages sent by mallory.
11:07 <+xand> just use 802.1x so they can't connect in the first place
11:07 < drzacek> https://pasteboard.co/ Is there a way to get internet connection on PC2 with this configuration?
11:08 < TakWah> xand: interesting, I have seen that number before, but never new that it could do that. I am currently reading the wiki article on that. Thanks
11:08 < hmig> <regdude> either it is a bug or RSTP might not be sufficient in your topology since you are running VLANs. You can have an open circuit with untagged traffic, but a loop with tagged traffic, RSTP sends out BPDUs only with untagged traffic (unless they are breaking 802.1Q) and will miss loops with VLANs, For such a topology you need a VLAN aware STP (MSTP or PVST)
11:09 < drzacek> PC is only connected to wireless router, the router is then connected with my laptop, and only my laptop has cable connection to router with intenet. Can we connect from second pc to internet over my laptop?
11:09 < hmig> can i not use RSTP?
11:10 < regdude> it depends on your topology, and it depends how you have connected those LACP members because you might be trying to do MC-LAG without proper support
11:12 < shtrb> TakWah, hostapd is your friend if you would like an easy way to configure per host vlan, but if you are using WiFi sometimes it is not really isolated (I was at a net that had a signle SSID and a vlan for each clinet , but I could still see broadcast requests from others)
11:15 < hmig> from what i understand
11:15 < hmig> is when i actually fix lacp between the two core switches
11:15 < hmig> then stp should put one port in blocking on one core switch
11:16 < hmig> and forward the port on the other core sw
11:18 < regdude> wait wat, you want the STP to block a LACP member?
11:19 < hmig> no
11:19 < hmig> there is a 3rd switch
11:20 < hmig> which has ports 23-24 in a trunk
11:20 < hmig> 23 > Core sw1 and 24 > core sw2
11:20 < regdude> to test if this isn't a bug, just ditch the LACP and test if the switch blocks a port when there is only a single cable
11:20 < hmig> on core switches both ports coming from the 3rd switch are in forwarding state cuasing packet loss
11:21 < TakWah> shtrb: Thanks, if got you right it means rolling own Wifi access points, instead of embedded ones (of the kind that do not support EAP).
11:21 < hmig> well LACP wasn't properly congured
11:21 < regdude> what are the roles for those 2 ports?
11:21 < regdude> designated?
11:21 < hmig> at the moment the 2 ports connecting both switches are trunk and in bridge-aggregation mode static
11:21 < hmig> instead of dynamic
11:22 < shtrb> TakWah, what I meant is that when you roll your own AP not all modes will give you isolation for the same SSID (if you have different ssid even better)
11:22 < regdude> static or active LAG mode doesn't matter in this case as long as both ends have the same configuration
11:22 < hmig> static link-aggregation: no control protocol is used, based on the configuration, the link-aggregation member interfaces will be actively participating (Selected) in the link-aggregation at the moment the interfaces come up.
11:22 < TakWah> shtrb: I see.
11:23 < hmig> okay so my quwation
11:23 < hmig> is
11:23 < hmig> how do i get on of these ports in blocking state
11:23 < hmig> i guess i need to use PVST
11:23 < hmig> as you suggedted
11:23 < hmig> and enable spanning tree on the 3rd switch
11:24 < hmig> diagram https://imgur.com/a/VBFdRqV
11:25 < regdude> you don't have STP enabled on all switches?
11:25 < hmig> nope
11:25 < hmig> i only started looking at this in depth yesterday tbf
11:26 < hmig> from the troubleshooting ive done, STP is only enabled on the two core switches
11:26 < hmig> not the switches in the outside cab
11:26 < regdude> if you don't know how STP works, then I suggest to turn STP on wherever you can
11:26 < hmig> no lol, im not going to turn on stp randomly unless there is a need for it
11:26 < regdude> it would be great if you could understand and configure STP parameters manually so that one switch is your root bridge
11:27 < regdude> and why not?
11:27 < hmig> if i unplug one of the trunk ports for the swith in outside cab
11:27 < hmig> connection works fine
11:27 < hmig> no packet loss
11:27 < hmig> the issue is at the core switches
11:27 < hmig> it should be discard/blocking one of the links
11:28 < hmig> core sw2 is the root bridge
11:28 < regdude> why do you have the same priority on both switches?
11:29 < hmig> in the outside switches?
11:29 < regdude> yes, those cabs
11:30 < hmig> looking at config that is auto applied when a trunk is creted on 2920 switch
11:31 < hmig> the outside cab switches are not connected to each other directly
11:31 < hmig> both otuside switches connect back to core sw1 and core sw2
11:32 < regdude> leaving everything to defaults is a problem, but not going to deal with that now, that is something you have to figure out
11:32 < regdude> I hope that you managed to make one of those core switches as a root bridge at least
11:33 < regdude> and test without using LACP or static LAG, there are multiple vendors that seem to have a bad implementation of 802.3ad and 802.1W
11:35 < hmig> core sw2 is the root bridge
11:36 < hmig> what im not sure on is once lacp is correctly configured will it have any affect on the ports that are current connected to the outside cabs
11:37 < hmig> i wish they had the core switches in a stack
11:37 < hmig> would have made this a lot easier
11:38 < TakWah> l8r, thanks
11:38 < regdude> This is why you want to configure STP manually to make sure that the right ports are blocked
11:39 < regdude> Im not familiar with HPE, but I suspect they are tagging BPDUs over trunk ports and then discarding tagged BPDUs or LACP is creating a inner loop
11:40 < regdude> I would suggest using packet analyzer and check if BPDUs are being exchanged between switch ports. They should not be tagged at all
11:51 < hmig> i defo need to test this
11:51 < hmig> h3c have a simulkator i can use
11:54 < medard> Hello guys. How can I put some text message to be displayed to anyone who makes connection to a host?
11:54 < djph> stick it in /etc/motd
11:55 < medard> Will it display to somebody who connects with netcat?
11:56 < djph> probably not, but that wasn't part of your question.
11:57 <+xand> medard: no, that's a nonsensical requirement.
11:57 < medard> Okay, is it possible to do such thing? Like broadcasting text message on certain port so that anybody who makes connection on that port can read it?
11:57 <+xand> you could do it on one specific port
11:57 < lupine> sure, you can do it with netcat
11:57 <+catphish> medard: it's totally dependent on what protocol they're connecting to
11:57 <+xand> but you wouldn't want it on every port...
11:57 < medard> tcp
11:57 <+catphish> most services have their own welcome messages
11:57 < medard> I only need one specific port
11:57 <+catphish> medard: no
11:58 <+catphish> medard: you mean you want to run a service that just greets people and does nothing else?
11:58 < medard> basically
11:59 <+catphish> you probably want https://en.wikipedia.org/wiki/QOTD
11:59 <+catphish> i assume off the shelf QOTD servers still exist
12:00 < medard> Okay, I'll look into it. Thanks.
12:00 <+catphish> or you could write one in about 4 lines of most high level programming languages :)
12:02 < ^7heo> You can even write one in about 20 SLOC of C.
12:02 < shtrb> What could possibly go wrong if random text will be sent on TLS connection or a websocket connection :D
12:02 < shtrb> Hi catphish , how are your cookies ?
12:04 <+catphish> shtrb: i found the problem :)
12:05 <+catphish> shtrb: in summary: i'm an idiot
12:05 <+catphish> shtrb: look at the url of the page, and the url of the websocket request in the console :) https://i.imgur.com/LVkdof8.png
12:07 < shtrb> I think we both are, because I don't think the problem was the wrong port or that localhost was giving you a different ip
12:07 < shtrb> * I miss that
12:08 < shtrb> oh lord the query part ?
12:08 <+catphish> shtrb: no, the problem is that "localhost" and "127.0.0.1" are not the same domain"
12:08 <+catphish> !
12:09 < shtrb> wow , nice
12:09 <+catphish> the browser doesn't consider those to be the same! but my brain just automatically equates them
12:09 < shtrb> borken browser doesn't work like our brain
12:11 < IamTrying> 173.205.33.19, 173.205.33.17, 173.205.33.x - are those spammers IP range? i am keep getting emails from that IP.
12:12 < aditya6502> IamTrying: try project honeypot
12:12 <+catphish> surely you can tell from the content of the email whether it's spam :)
12:12 < ^7heo> Can you tho?
12:12 < ^7heo> if it's HTML, good luck.
12:12 < IamTrying> catphish: i mean from my site someone "writing content and pressing submit" from same IP range each 30 minute
12:13 <+catphish> well if it's junk / spam content, then it's a spammer...
12:13 <+catphish> send an abuse report, simples
12:13 < IamTrying> CHAT button on website to CHAT with catphish
12:14 < IamTrying> they click the CHAT button and do not CHAT
12:14 < ^7heo> wtf
12:14 <+catphish> this isn't making any sense
12:14 < aditya6502> IamTrying: https://www.abuseat.org/lookup.cgi?ip=173.205.33.17
12:14 < aditya6502> 7 listings
12:14 < aditya6502> looks pretty spam
12:15 < aditya6502> part of conficker botnet
12:15 < IamTrying> WOW!! thanks aditya6502, so it is indeed a bad guy network IP
12:16 < aditya6502> probably some old granddad who installed "the free naked ladies"
12:17 < IamTrying> Thank you
12:18 <+catphish> a lot of compromised hosts just crawl the web looking for forms ans submit them with junk data
12:18 <+catphish> so seems plausible they'd accidentally open a chat
12:18 <+catphish> or similar
12:18 <+catphish> send abuse report, firewall, forget
12:18 < ^7heo> free fuzzing audits.
12:18 < ^7heo> yay.
12:18 <+catphish> lol
12:19 < shtrb> abuse is useless , call the feds it's better
12:19 < ^7heo> with that and 4chan, one may wonder why compsec people aren't out of job yet.
12:19 <+catphish> shtrb: that's really not true
12:19 < ^7heo> yeah please call the feds on some russian guys.
12:19 <+catphish> the police can do nothing, the network admins can fix it
12:20 < ^7heo> totes clever.
12:20 <+catphish> some are lazy and don't, but not much you can do about that, just block their network and move on
12:20 < shtrb> ^7heo, call their FEDS
12:20 <+catphish> shtrb: lol
12:20 <+catphish> i think they have better things to do
12:20 < bubo> Hi
12:21 < bubo> any ideas why "dig @172.30.248.12 -p 8600  postgres.service.consul any" works but "dig @172.30.248.12 -p 8600  postgres.service.consul" doesn't and gives timeout?
12:22 <+catphish> that would rather depend on the dns server, i assume this isn't a normal setup
12:22 < aditya6502> wild guess but what records have the hostname postgres.service.consul?
12:22 < bubo> it's the consul dns interface
12:22 < ^7heo> shtrb: lemme guess, you're from the central US?
12:22 < bubo> aditya6502:give me a second
12:23 <+catphish> i assume he's from north america, i don't know anyone else who calls national police "feds"
12:23 < bubo> aditya6502: there is an A record and SRV record
12:23 < ^7heo> true, but I was attempting to guess their location more precisely.
12:23 < ^7heo> i.e. central US.
12:23 < ^7heo> (not central america)
12:23 < aditya6502> bubo: no idea then
12:24 <+catphish> somewhere where the police have the time and resources to pursue spammers
12:24 < bubo> catphish: do you have any idea what I can check to see why it doesn't work?
12:24 < ^7heo> so basically ohio or illinois or...
12:24 <+catphish> bubo: dns server logs
12:25 < bubo> catphish: this is what is there with "any" dns: request for name postgres.service.consul. type ANY class IN (took 492.37µs) from client 172.17.0.3:39825 (tcp), but if I do it without "any" it times out, it doesn't even get to the dns server it seems
12:25 <+catphish> that's a big leap of assumption
12:25 <+catphish> check logs, check packet captures, ask the vendor
12:25 < bubo> ;; connection timed out; no servers could be reached
12:26 <+catphish> those are the only options really
12:26 < bubo> dig times out
12:26 < bubo> okay, apparently +tcp works with both cases
12:26 < bubo> I guess "any" makes dig use tcp instead of udp
12:28 <+catphish> oh, that's entirely possible, didn't think of that
12:28 <+catphish> maybe it doesn't listen on udp, or you have a firewall problem
12:28 < bubo> I guess "any" uses a tcp connection to do multiple queries for all records, which is why it works
12:28 < bubo> that's my next step
12:29 <+catphish> no, it does a single request, but it's plausible it uses tcp to ensure there's space for all the answers
12:34 < bubo> that was it
12:34 <+catphish> cool
12:34 <+catphish> good find
12:56 < aditya6502> wew cool didnt know
12:59 < blaster> ahoty!
12:59 < blaster> - the t
13:00 < blaster> If my machine has the IP of 242.250.203.170 and I want to write a network mask that will cover the IP as it's dynamic what would it look like?
13:04 <+xand> blaster: that's not a valid address
13:05 <+xand> blaster: but if it were, who knows - you don't say what range the address could be in
13:05 < detha> how well it is covered would depend on how dynamic the address is
13:06 <+xand> 0.0.0.0/0 will definitely cover it
13:06 <+xand> or rather 0.0.0.0
13:07 < linux_probe> 0hn0 ;0
13:37 < screwsss> you know i have to say
13:37 < screwsss> the naming conventions of certain things can cause confusion
13:37 < screwsss> for instance... 'MAC' address
13:37 < screwsss> 'ps2' connector...
13:38 < screwsss> little bit of conflict of interest there heh...
13:39 < bezaban> ftp cable
13:39 < trae32566[w]> yeah but most things are that way
13:39 < trae32566[w]> I mean as far as naming conventions of PC parts
13:40 < bezaban> saw a documentary about outlaw motorcycle gangs (OMGs) yesterday
13:40 < trae32566[w]> those are a thing still?
13:41 < djph> how is "MAC Address" (or PS/2 Connector for that matter) a confusing term?
13:41 < djph> FTP cable is an annoying rename, yeah ...
13:42 < trae32566[w]> PS2 I could see
13:42 < trae32566[w]> as far as being conflict of interest
13:42 < bezaban> not that you would use either in 2018 ;)
13:42 < trae32566[w]> but that's more of a case of it being common, so it caught on
13:42 < djph> because the keyboard and mouse that have been using them since the late 1980s...
13:43 < bezaban> is stuff still delivered with ps/2?
13:43 < maya_> hey guys, what is the best way to track bandwidth usage on a single Tp-link wifi router access point?
13:43 < djph> not that I'm aware of
13:44 < bezaban> think there were some r720s or similarily aged that had some
13:44 < trae32566[w]> not new stuff
13:44 < trae32566[w]> old stuff, sure
13:44 < bezaban> but not seen on anything recent
13:44 < djph> I mean, I bet you could find "enthusiast" boards that have PS/2 still.  But your general consumer board is all USB these days
13:44 < trae32566[w]> no
13:44 < trae32566[w]> it's all USB for recent stuff afaik
13:44 < Wang-> almost every mechanical keyboard I own, comes with the ps2 option
13:45 < bezaban> blast, what to do with my ps/2 adapter drawer
13:45 < trae32566[w]> shush
13:45 < trae32566[w]> I have PS/2 to PS adapters -_-
13:45 < trae32566[w]> remember PS?
13:45 < trae32566[w]> that fucking huge barrel?
13:45 < bezaban> hehe yeah, my favorite keyboard had one of those
13:46 < djph> looks like server boards still do PS2 ... but yeah, nothing super new - LGA-775, 1366
13:46 < djph> you mean the AT DIN connector?
13:46 < linux_probe> heh
13:46 < bezaban> that's the one I was thinking of
13:46  * linux_probe opens drawers and throws a half dozen at everyone
13:46 < ALowther_> Does anybody know why it was decided to use IP addresses? If MAC addresses are unique, why was routing not just directly with MAC addresses?...Most of the answer I've found online discuss the current IP/TCP stack and how it is necessary to have IP for that reason. But that doesn't answer the question. IP was created for a reason, and yes, now that it is so mainstream, that is how we communicate across the internet, but why didn't we j
13:46 < ALowther_> ust use MAC addresses for that in the first place?
13:47 < Wang-> there is no reason to use the USB port, if both your computer and keyboard has a PS/2 port
13:47 < trae32566[w]> Wang-: yes there is, ghosting.
13:47 < trae32566[w]> also, response time
13:48 < linux_probe> Universal Snail Bus
13:48 < trae32566[w]> ALowther_: MAC addresses are in *theory* unique. This is an important distinction. I've had duplicate MAC issues with Arris modems on Time Warner. I called them, and they basically said that yeah, every now and then a few go out with duplicate MACs, so...
13:49 < Wang-> what? PS/2 has lower responsetime than the USB port
13:49 < djph> ALowther_: because MAC addresses are for local communication.  IP addresses are for "long range"
13:49 < trae32566[w]> also because MACs are a l2 concept, so they're local
13:49 < trae32566[w]> yeah
13:49 < trae32566[w]> exactly
13:50 < djph> ALowther_: your entire network talks using MAC addresses, not IP.  IP only comes into play to determine "yes, this is local"
13:50 < trae32566[w]> djph: he was asking about *routing* with them.
13:51 < djph> because it doesn't work that way :P
13:51 < trae32566[w]> exactly.
13:51 < ALowther_> But my router doesn't know every IP address, couldn't it know the next MAC address hop just as it knows the next IP address hop?
13:51 < djph> that's exactly how it works
13:51 < trae32566[w]> it resolves the IP to a MAC
13:51 < trae32566[w]> effectively
13:52 < trae32566[w]> do a tcpdump
13:52 < trae32566[w]> you'll see 'WHO HAS: ' and 'I HAVE'
13:52 < ALowther_> So what purpose does the IP protocol give when it could just route hop to hop with MAC addresses?
13:52 < ALowther_> That is ARP, correct?
13:52 < trae32566[w]> yes
13:53 < djph> take IP packet, read destination IP.  If a known locally-connected IP, resolve MAC and send to that MAC.  If not local, find relevant gateway, resolve THAT gateway's MAC, send packet forward.  Repeat "locality test, forward to upstream router" until you find a locally-connected router.
13:53 < screwsss> i was once on the phone to tech support and he was telling me to clone the mac address but asked me what it was first
13:53 < trae32566[w]> yeah but that was probably the gateway MAC, not the modem MAC
13:53 < screwsss> and my friend who was nearby thought it meant something to do with the macintosh i happened to be on and i he was like just a minute while i find it
13:53 < trae32566[w]> lol
13:54 < djph> ALowther_: think of it like a letter.  You can't just stick "123 Main Street" in the destination address, and expect it to get to the RIGHT "123 Main Street".
13:54 < linux_probe> who has to p
13:54 < linux_probe> i has to pee
13:54 < ALowther_> djph: If there were only 1, 123 main street I would.
13:54 < screwsss> im like "no... not THAT mac, something else" and he was like "oohh"
13:54 < trae32566[w]> I think I know someone who can help with that if that's what you're askin.
13:54 < trae32566[w]> LOL
13:54 < djph> ALowther_: there isn't.
13:55 < trae32566[w]> ALowther_: also, you wouldn't. It doesn't work that way, they'd reject it most likely without all the other stuff.
13:55 < djph> ALowther_: the only thing that a MAC address MUST be, is unique to a *local* segment.
13:55 < ALowther_> So then IP is important because MAC addresses aren't truly unique? If they were, then maybe MAC addresses could be used as the main means for routing.
13:56 < trae32566[w]> thing is
13:56 < trae32566[w]> "local segment" could be a /28
13:56 < djph> no, they can't. They were never designed to be used in that manner.
13:56 < trae32566[w]> or a /18
13:56 < trae32566[w]> as is my case
13:56 < SwedeMike> ALowther_: that doesn't scale to global scale with billions of devices.
13:56 < bezaban> ip has subnetting which is helpful for routing
13:57 < trae32566[w]> SwedeMike: in fairness, neither does IPv4 in its initial incarnation.
13:57 < trae32566[w]> I mean it does with NAT, but even then it's a close call, and it causes issues.
13:58 < SwedeMike> trae32566[w]: which is why I have been involved in IPv6 rollout since 2008.
13:58 < bezaban> the routing tables for non-hierarichally based addressing would become crazy
13:59 < trae32566[w]> SwedeMike: I've got pretty much everything using IPv6, though at the moment I'm having issues with TWC for some reason
13:59 < trae32566[w]> it's pissing me off actually
14:00 < trae32566[w]> I get a DHCPv6-PD lease, everything works for like ~30 minutes, then it dies
14:00 < ALowther_> SwedeMike: MAC doesn't scale because they aren't unique, correct?
14:00 < trae32566[w]> and I noticed in the radvd config, EdgeOS has the lease lifetime set to infinity
14:00 < trae32566[w]> so I'm wondering if it's somehow hard coding the lease lifetime instead of renewing?
14:00 < trae32566[w]> DHCPv6-PD is still murky to me
14:01 < SwedeMike> ALowther_: well, that's one problem, but the main problem is that you can't fit a list if billions of devices into a router and hope it'll be able to know where to send what packet, and also update this as destinations change.
14:01 < Dagger> trae32566[w]: v4 scales fine, just not to enough devices for the current internet. MACs don't scale fine at all
14:01 < Dagger> (v6 scales in exactly the same way as v4 does, just to more devices)
14:01 < trae32566[w]> Dagger: ....then it doesn't scale, does it? If it has a cap that has been reached, it is by definition, no longer scaling.
14:01 < SwedeMike> trae32566[w]: PD should work all the time. If you want to know a bit more how the router is supposed to behave, you can read RFC7084 around the prefix delegation parts.
14:02 < trae32566[w]> SwedeMike: I know, but figuring out whether UBNT or TWC is the problem is my current issue
14:02 < trae32566[w]> from my end, it looks like packets just drop to everything
14:02 < ALowther_> SwedeMike: But IP doesn't do that either, does it? It just knows the addresses of the devices connected directly to it. Both MAC & IP.
14:02 < SwedeMike> trae32566[w]: right. I have PD working using an ubnt ER5, so it seems to be mostly working.
14:03 < trae32566[w]> ER POE 5?
14:03 < trae32566[w]> I used to have one
14:03 < trae32566[w]> I have an ER4 now :D
14:03 < SwedeMike> ALowther_: IP does aggregation, so it knows blocks of addresses. So a million devices can be represented by a single routing entry.
14:03 < SwedeMike> trae32566[w]: yes, the POE one.
14:03 < trae32566[w]> they suck ass at IPsec :(
14:03 < Dagger> trae32566[w]: I mean it's |log x| rather than |x^2| (or something; no, I didn't work those out properly)
14:03 < SwedeMike> trae32566[w]: ER4 should be the same from a control plane POV.
14:04 < trae32566[w]> Dagger: oh no doubt it's definitely worse, I was just saying it doesn't scale either.
14:04 < ALowther_> SwedeMike: Like routing on an ISP level, taking into consideration geographical locations? So, for these million addresses which are due east, send to the router due east of here?
14:04 < SwedeMike> ALowther_: kind of like that, yes.
14:04 < Dagger> trae32566[w]: yes, there's a cap in v4 that's too small, which is obviously a problem, but the scaling *model* is otherwise fine. all it really needs is more bits
14:04 < trae32566[w]> which means IPv4 is NOT scalable, IPv6 is :P
14:04 < Dagger> which is most of what v6 does. v6 doesn't change the IP model
14:05 < trae32566[w]> SwedeMike: you sure? It's an entirely different design, it uses a newer quad core
14:05 < trae32566[w]> also different clock speed and whatnot
14:05 < trae32566[w]> I'd assume along with that the ASIC would change
14:05 < SwedeMike> trae32566[w]: the DHCPv6 PD client and code to hand out address to other interfaces etc should be the same code base.
14:05 < trae32566[w]> given it's all one package afaicr
14:06 < trae32566[w]> SwedeMike: yeah I know, I just meant performance wise
14:06 < SwedeMike> trae32566[w]: control plane, not forwarding plane.
14:06 < trae32566[w]> OH
14:06 < trae32566[w]> duh
14:06 < trae32566[w]> my bad.
14:06 < Dagger> it's scalable, with a cap on how far it scales. for v4, the cap is too small for our current internet, and for v6 it isn't
14:06 < trae32566[w]> IP is
14:06 < trae32566[w]> V4 is not
14:06 < trae32566[w]> that was my point :P
14:07 < trae32566[w]> SwedeMike: any ideas on troubleshooting? without access to the device upstream, I'm screwed, and it's TWC residential, so you know they aren't gonna do anything useful.
14:07 < Jmabsd> Any recommendations for 4x or 6x SFP+ 10gbps port NIC?
14:07 < trae32566[w]> they don't sell those in a normal form factor
14:08 < trae32566[w]> AFIAK 2 is the most you'll find commonly
14:08 < trae32566[w]> at least as far as PCIe goes
14:08 < trae32566[w]> *if* you can find >2, it's gonna make your wallet hurt.
14:08 < SwedeMike> trae32566[w]: "tcpdump -vvv port 547 or port 547" towards TWC, check timers and see what happens over time.
14:09 < trae32566[w]> will do, I appreciate it
14:09 < Dagger> whereas MACs just wouldn't scale well at all for the internet. having every device track updates to every other device's current network location is not going to work
14:09 < SwedeMike> trae32566[w]: there is also an DHCPv6 log in the ER you can take a look at.
14:09 < trae32566[w]> yeah I did
14:09 < ALowther_> SwedeMike: Okay, thanks. I will try to let that sink in.
14:09 < trae32566[w]> it's useless
14:09 < trae32566[w]> it has literally 1 line
14:09 < trae32566[w]> SwedeMike: you think it'd be worth it to try the arista I have as the gateway? It should at least do basic DHCPv6, so I could try that and see if it's the device.
14:10 < trae32566[w]> well, DHCPv6 *client* that is.
14:10 < trae32566[w]> actually I could probably get it to do DHCPv6 pretty trivially
14:10 < SwedeMike> trae32566[w]: well, I get lines like "May/21/2018 21:51:50: update_ia: status code for PD-1: success" periodically, and no errors.
14:11 < Jmabsd> trae32566[w]: they exist in normal form factor.
14:12 < trae32566[w]> oh *now* it shows.
14:12 < trae32566[w]> Jmabsd: do they cost out the ass?
14:12 < trae32566[w]> I would expect so.
14:13 < trae32566[w]> SwedeMike: https://paste.fedoraproject.org/paste/B650mP6tHuMwcNdx-Ye2og
14:13 < SwedeMike> trae32566[w]: don't know about arista. I would try perhaps an OpenWrt device, they're known to work. You can even do this on a pc.
14:13 < trae32566[w]> arista devices are basically fedora-based switches.
14:13 < trae32566[w]> lol
14:14 < danieli> and PA are centos basewd
14:14 < danieli> based*
14:14 < danieli> that's the only thing i don't really like
14:15 < SwedeMike> trae32566[w]: well, that doesn't look good. unfortunately I know of no good way to get good data out of their dhcpv6 client, so I typically resort to tcpdump.
14:16 < trae32566[w]> yeah.... I have a feeling this might be a serious pain
14:16 < trae32566[w]> also, https://paste.fedoraproject.org/paste/NW8SAzZwWUL6Wj5bMSN1EQ if you were curious
14:17 < Jmabsd> trae32566[w]: https://www.sfpcables.com/pci-express-x8-quad-port-10gigabit-server-adapter-intel-xl710-based/?source=10gtekProductPage not rly, but yeah not supercheap at all.
14:18 < trae32566[w]> oh wow nice
14:18 < trae32566[w]> honestly though, it might just be easier to go dual QSFP+
14:18 < SwedeMike> well, Juniper boxes run BSD and Cisco is going Linux for their hypervisors nowadays.
14:18 < SwedeMike> and Ubiquti is basically stripped down debian
14:18 < danieli> yep
14:19 < danieli> ubnt cloud keys are mediatek devices with modified debian
14:19 < SwedeMike> unix is eating the world.
14:19 < trae32566[w]> yeah the interesting thing about arista is they use AMD processors ...
14:19 < danieli> eating the world since the 1980s
14:19 < trae32566[w]> broadcom switch chips and AMD processors, apparently.
14:26 < trae32566[w]> well shit.
14:26 < trae32566[w]> https://community.ubnt.com/t5/EdgeRouter/dhcpv6-pd-failing-after-a-while/td-p/1275807
14:27 < trae32566[w]> kinda curious if TWC is having similar issues.
15:10 < cluelessperson> what's the proper way to set the network used by a hostname in a systemd?
15:11 < cluelessperson> /etc/hostname  /etc/hsots
15:11 < cluelessperson> do I do,   /etc/hosts    hostname.network ?
15:11 < grawity> /etc/hostname for setting the actual hostname (unless your distro puts it elsewhere, but hostnamectl should find it anyway)
15:11 < djph> you mean the FQDN for a host?
15:11 < grawity> mmmaybe /etc/hosts to make sure it's resolvable, depending on requirements
15:12 < grawity> if you want programs to be detecting a specific FQDN, yeah, my preferred method is via /etc/hosts
15:12 < grawity> "127.0.0.1 foo.example.com foo localhost"
15:12 < cluelessperson> djph: grawity   so, I'm unsure.  I have different subnets here run by a default DHCP server.   hostname.{infrastructure, guest, internal, servers, etc}
15:13 < djph> OK
15:13 < djph> and ...
15:13 < cluelessperson> in the future, I will setup my domain name to do
15:13 < cluelessperson> monitoring.servers.cluelessperson.com
15:13 < djph> DHCP should be handing out the site suffix
15:13 < djph> er the domain suffix
15:13 < djph> ... whatever, I need more coffee
15:13 < cluelessperson> djph: well, at the moment I have DHCP just hand out ip, and I set hostname manually in the servers.
15:14 < grawity> cluelessperson: don't mix up the hostname and the domain
15:14 < cluelessperson> ah
15:14 < shtrb|work> cluelessperson, hostnamectl if you really think about The project that shall not be named
15:14 < grawity> systemd systemd systemd
15:14 < djph> hostname = server.  domain = servers.clueless.net.
15:15 < shtrb|work> cluelessperson, and if you are into DNS and dhcp make sure you send the hostname in the request , that way you can tie in your dhcp server
15:15 < grawity> cluelessperson: what's your main usage of these domains?
15:15 < Psi-Jack> djph: But.. No...
15:15 < Psi-Jack> you're all sorts of messed up there. :_)
15:16 < Psi-Jack> systemd! <3
15:16 < shtrb|work> should be dealt with fire
15:16 < cluelessperson> grawity: personal, learning to setup enterprise environments.
15:16 < djph> Psi-Jack: wich part? needing coffee, or the hostname / domain-name components?
15:16 < Psi-Jack> shtrb|work: Take your nonsense elsewhere then.
15:16 < shtrb|work> Psi-Jack, sorry , but it was auto replace
15:16 < Psi-Jack> djph: The latter. You were inconsistent. :)
15:17 < grawity> "systemd: when said out loud, can be used to discover sysadmins in the current broadcast domain" – twitter
15:17 < grawity> cluelessperson: no, I meant mainly what programs want the domain to be configured
15:17 < Psi-Jack> shtrb|work: Uh huh. Please keep those comments to /dev/null. ##linux needs not see them.
15:17 < djph> Psi-Jack: hostname = someserver / domain = servers.clueless.net / FQDN = someserver.servers.clueless.net ?
15:17 < shtrb|work> Psi-Jack, sorry
15:17 < djph> Psi-Jack: we're in ##networking ...
15:17 < Psi-Jack> djph: Inconsistency again.
15:18 < grawity> like my sister's driving instructor
15:18 < grawity> just kept repeating "nope, you're wrong" until success
15:18 < Psi-Jack> Okay, ##networking need not see them too. :p
15:18 < djph> Psi-Jack: what're you looking for; host = someserver / subdomain = servers / domain = clueless / TLD = net ?
15:18 < Psi-Jack> djph: hostname = someserver, domain = clueless.net / FQDN = somserver.servers.clueless.net
15:19 < grawity> eh? what makes "servers.clueless.net" not a domain?
15:19 < Psi-Jack> With correcting the typo on the hostname part of FQDN I did. ;)
15:19 < cluelessperson> grawity: oh nothing.  I just need to figure out how it *should* be done. :)
15:19 < dogbert2> whazzup?
15:20 < Psi-Jack> You cannot register a 3-part domain. Though you can treat a 3-part domain as if it were a domain name. Usually however, a domain is 2 parts.
15:20 < grawity> but domains aren't defined by whether they're registered
15:21 < grawity> also *cough* example.co.uk
15:21 < Psi-Jack> True. :)
15:22 < grawity> I guess i'm curious about the difference between 'domain' and 'domain name' in this context
15:22 < shtrb|work> https://threatpost.com/linux-systemd-bug-could-have-led-to-crash-code-execution/126605/ obligatory if we think about DNS and system50
15:23 < Psi-Jack> shtrb|work: Are you still on about that?
15:23 < shtrb|work> Was with a delay
15:23 < grawity> https://blogs.forcepoint.com/security-labs/vulnerability-glibc-could-lead-remote-code-execution-cve-2015-7547
15:23 < grawity> clearly we should all migrate to musl
15:24 < Psi-Jack> https://www.cvedetails.com/product/17956/Nginx-Nginx.html?vendor_id=10048
15:25 < Psi-Jack> Clearly... We should just stop using the web.
15:25 < Psi-Jack> https://www.rapid7.com/db/modules/exploit/unix/irc/unreal_ircd_3281_backdoor and IRC
15:27 < shtrb|work> grawity, libc is not an init system or an email client ..
15:28 < grawity> shtrb|work: systemd is not an email client either, what's your point?
15:29 < shtrb|work> grawity, it was bad pun about them implementing everything , but if I need to explain it wasn't a good one
15:40 < jadesoturi> tds, when you solved the rest of the puzzle yesterday, what was the answer to step 8 ? are they talking about the second subnet of /27 ? and that would be 63, right? but its not accepted as the answer? or am i totally blind and missing something?
15:45 < djph> your math is off somewhere jadesoturi
15:46 < jadesoturi> hmm what do you mean ?
15:46 < regdude> second network .64 is for /26
15:46 < jadesoturi> ahh. well thats what i was wondering about, which "second" are they talking about...
15:46 < djph> maybe I'm misreading what you're asking
15:47 < jadesoturi> but 64 is wrong as well. hang on.
15:47 < jadesoturi> https://puzzle.webhuset.no/26
15:48 < SwedeMike>  first /26 is 0-63, then a /27 after that is 64-79
15:49 < SwedeMike> with 79 being the broadcast address
15:49 < jadesoturi> 79 isnt accepted as a solution :/
15:50 < tds> seeing as this is a jobs style challenge, shouldn't you be doing it yourself? ;)
15:50 < jadesoturi> tds, im not applying :P just want to see if i can make it and maybe learn something along the way :)
15:50 < jadesoturi> but i dont get the hint... :/
15:51 < tds> ah, fair enough
15:51 < djph> because 79 is wrong
15:51 < djph> SwedeMike: your math is off
15:52 < djph> a /27 is 32 addresses (30 hosts)...
15:52 < jadesoturi> yeah with 31 being the first broadcast and 63 the second, right?
15:54 < SwedeMike> djph: right, so 95. My bad.
15:54 < jadesoturi> wait. what? 95? isnt that the third ?
15:54 < SwedeMike> jadesoturi: so I revise my answer. 63 is the first /26 broadcast address, 95 being the /27 following it.
15:55 < jadesoturi> SwedeMike, ok. i got this wrong somehow then..
15:55 < SwedeMike> jadesoturi: 0-31 is the first /27, 32-63 is the second /27, 64-95 is the 3rd. But the question was to begin with a /26, which is two /27.
15:56 < djph> jadesoturi: it's the third "/27" sure ... but since the previous customer used the "first /26" worth of addresses ...
15:56 < jadesoturi> ohh. ok.. got you know..
15:56 < amosbird> Hi, how can I crack this localhost site using brute force method  ?  https://la.wentropy.com/XtB6
15:56 < amosbird> the username is known as admin
15:59 < djph> amosbird: by piping it all into /dev/null.
16:01 < tonsofpcs> hi all.  I've got some UDP unicast flooding because a destination device isn't sending out any traffic (but it does exist) - is there some trick to make sure it fills the MAC tables of the switches along the link?
16:01 < regdude> you mean unknown multicast flood?
16:02 < tonsofpcs> no, unicast.
16:02 < regdude> well, eitherway, ping will add host entries to all switches in the way
16:02 < tonsofpcs> the destination isn't in any MAC tables so the switches in the traffic flow send it out to all ports (on the VLAN).
16:03 < regdude> some switches support static host entries
16:05 < tonsofpcs> regdude: yea, trying to avoid that if possible in case there's a failure and it needs to be moved in a hurry to troubleshoot (it doesn't help that this udp stream is the flow for a 24/7 service)
16:05 < tonsofpcs> let me try a ping, see if it replies
16:05 < Hack5190> We have been asked to block google services (gmail, etc) and still allow employees to access googles search engine.  Looking for suggestions on how to accomplish this.
16:05 < tds> if the device with that mac is up (and presumably responding to arp anyway if you're sending unicast udp to it), I'd expect mac learning on the switches to work
16:06 < screwsss> so ps/2 *doesnt* mean playstation2
16:06 < tonsofpcs> Hack5190: redirect google.com to duckduckgo.com ?
16:07 < regdude> tonsofpcs: you need to find a protocol that it replies to, usually ping is enough. If ping works, you want to create a script that pings this device each 5minutes (or whatever is your age timer set)
16:07 < tonsofpcs> regdude: ya, that's the hope.  If not, it's port-scan time I guess...
16:07 < Hack5190> tonsofpcs, that would work for me personally - but not the bosses
16:08 < tonsofpcs> tds: it is.  It's getting the full unicast and pushing it out a serial port and I can see the results from here so it's up...  I guess if ping doesn't work I can arp at it all day long...
16:08 < tds> you'll need something doing DPI, but it should be possible to filter http/https traffic based on the host header or SNI header for tls
16:08 < tonsofpcs> Hack5190: you can... what tds said.
16:08 < tds> tonsofpcs: hmm, so is all the traffic one way, with the device on the other end never replying?
16:09 < tonsofpcs> tds: yup.  Set up a test on my bench last week with the same make/model device and saw no reply traffic in wireshark on a port mirror.
16:09 < tonsofpcs> 20 Mbit in, 0 bit return.
16:09 < regdude> it is quite common, but maybe you are allowed to configure something on this "ghost"?
16:09 < tds> hmm, stupid thought, if it responds to arp can you drop the arp timeout on the sending device so it regularly re-arps for the destination and the switches learn the path?
16:09 < regdude> for example, LLDP
16:09 < Hack5190> let me look into it, thanks tds
16:10 < tonsofpcs> sending device is same make/model, black box essentially with 4 buttons for control, setting IP, setting destination IP, setting UDP or RTP (I switched to RTP, it showed up in the tables, then disappeared again)
16:11 < regdude> does it have DHCP?
16:12 < tonsofpcs> trying the pings now (had to get to a machine on that network that have pings)
16:12 < tonsofpcs> in theory yes, in practice people complain on their website about it not working, I've got one on my bench that I switched DHCP on about 15 minutes ago for testing to see if it is stable.
16:13 < nostrora> Hi, i have question about my lan server. i've set up an website in foo.bar to access it from WAN. if i try to access it from my LAN. does it pass by internet or directly by lan ?
16:13 < nostrora> i don't know if i'm clear ^^
16:13 < regdude> tonsofpcs: one way to deal with this is by using DHCP and set the lease-time to less than 5minutes
16:13 < tonsofpcs> nostrora: it will be by LAN but you'll need DNS set right
16:14 < tonsofpcs> ah, seems it replies to pings!
16:14 < tonsofpcs> regdude: yea, that was the thought (if it works)
16:14 < tonsofpcs> going to see if the flooding has gone away.
16:14 < nostrora> tonsofpcs: what i have to do with my dns ?
16:14 < regdude> then you are in luck, you can simply create a cronjob to ping it every 4 minutes
16:14 < tonsofpcs> nostrora: presuming you're on IPv4 and NAT'd that is.  If you're not NAT'd then it's just the same on both sides.
16:15 < tonsofpcs> foo.bar has to resolve to what the server looks like to the outside world on WAN and what it looks like to the inside world on LAN
16:15 < nostrora> tonsofpcs: exactly, i have a nextcloud.foo.bar. when i on my lan i want the full speed of my gigabit ethernet! and without change the url. but the domain is point to the WAN ip
16:16 < nostrora> tonsofpcs: so NAT can "convert" WAN IP to LAN IP ?
16:16 < tds> see this is why we need telementary in these devices to phone home every 30 seconds with usage data, then the forwarding table entries won't expire ;)
16:16 < tonsofpcs> right, so you need to add a DNS entry on your DNS server for your LAN that points to the internal LAN IP of the server.
16:16 < tonsofpcs> tds: this thing doesn't even have an IP control interface.  It's literally a bunch of microswitches on the front panel with a 2-line LCD.
16:16 < nostrora> tonsofpcs: but domain is already pointing on WAN ip
16:17 < tonsofpcs> it's the only major detriment of it.
16:17 < tonsofpcs> nostrora: right, you need different DNS outside and inside.
16:17 < tds> ^ if you want to know how to set that up with whatever dns server you're using internally, the term to google is split dns
16:18 < nostrora> Nice :) thanks a lot !
16:18 < tds> the other alternative is nat reflection, but then the traffic may take a worse path since it'll go via your router
16:19 < tds> (or you can just scrap this nat mess and move everything to ipv6 :)
16:19 < tonsofpcs> tds: (I wish)
16:20 < tds> I got fed up with nat and moved all of my personal network to single stack v6, it's much nicer now
16:20 < tds> but yeah, in many cases it's not possible yet :/
16:32 < tonsofpcs> hmm.  Setting a device to ping it with -i 240 (switches have 300s timeouts) caused the flood to stop for a bit (5-10 minutes) but it has returned....
16:33 < regdude> tonsofpcs. this is why I mentioned to create a cronjob. These host entries do expire after the age timer, which is usually 5 minutes
16:34 < tonsofpcs> regdude: right but shouldn't a ping -i 240 have the same results as a ping -o (exit after reply) every 4 minutes?
16:34 < regdude> oh wait, the -i 240... well, what happens if you decrease it?
16:34 < tonsofpcs> oddly the switch shows the MAC in its table...
16:36 < tonsofpcs> hmmm, maybe that's a different traffic flood...
16:37 < regdude> didn't you have multiple switches? check all those switches
16:37 < regdude> it can only be a different traffic flood if a different device is flooding
16:39 < tonsofpcs> I'm setting a port to have just that vlan on it and a device plugged in so I can definitely say if that's the flood or not
16:39 < tonsofpcs> need to wait 5 minutes for the HP rates to catch up...
16:42 < tonsofpcs> (the other 'flooding' is multicast on that other VLAN, someone could have subscribed to it, hence my dropping of it from a port)
16:51 < The_Dude> What sort of interface do you call the front loading cards for network devices such as SFP+ etc.. Its square with two screws on either side
16:51 < arooni> how come i'm seeing  May 22 09:42:07 LilArooni kernel: [  339.164034] [UFW BLOCK] IN=wlan0 OUT= MAC=64:80:99:18:ab:48:84:d6:d0:14:8d:8a:08:00 SRC=192.168.1.159 DST=192.168.1.101 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=1708 DF PROTO=TCP SPT=46774 DPT=22 WINDOW=65535 RES=0x00 SYN URGP=0 ;; when i have this rule in ufw status::  22                         ALLOW       192.168.1.159
16:52 < jarlopez> I'm trying to get a server/client setup between two EC2 instances in the same VPC and security group. The security group is set to allow all incoming traffic from within the group. I'm spinning up the server listening on 127.0.0.1:8080 and the client is refused connection to the server's private EC2 IP. ANy tips?
16:53 <+catphish> The_Dude: line cards maybe
16:56 <+catphish> line cards look like this: https://www.myriadsupply.com/media/cache/2a306c1092d40858588aab52260c94f6/all-module_7.png
16:56 <+catphish> or https://cdn3.volusion.com/oamgn.raxnx/v/vspfiles/photos/EX9200-32XS-2.jpg
16:57 <+catphish> or https://www.disctech.com/SCASite/product_images/WS-X4148-RJ45V_1000-2.jpg
16:57 < jarlopez> My client had a hardcoded 127.0.0.1:8080 |:
17:00 < The_Dude> Yeah thats it thanks however there are different sizes right?
17:00 < The_Dude> Some are rectangle and some are square it seems
17:03 <+catphish> The_Dude: yep, there's no standard, they're different for different devices
17:03 < The_Dude> No more like this  http://www.advantech.com/products/e5e66f28-41d0-47f3-9810-9d3f0edfc44e/nmc-1009/mod_56b1f1c2-8ab7-4141-a0b6-19e35bb69a97
17:03 <+catphish> most are either 19" or about 1/4 of that, and 1U high
17:03 < The_Dude> I guess they are NMC's
17:04 <+catphish> yeah, that's the same
17:04 <+catphish> they call it an "io module"
17:04 <+catphish> others call it a line card
17:04 <+catphish> but it's totally non-standard
17:04 < The_Dude> Ahhh k thans just wondering because it says its pcie
17:04 <+catphish> yeah, some of them are pci-e
17:05 < The_Dude> but front loading wondering if there is a name for the front loader I'm looking for because when I look for cards its always the regular interior cards
17:05 <+catphish> but only electrically, the physical layout is proprietary
17:05 < errst> hello everyone
17:05 <+catphish> afaik there's no standard for front loading pcie
17:06 < errst> is it possible to send data over IP?
17:06 <+catphish> that's literally what it's for
17:06 < The_Dude> hmmm SR interface
17:07 < errst> catphish, without any protocol? such as TCP, UDP?
17:07 <+catphish> errst: it would be highly unusual, but yes, you would have to define your own protocol at that layer
17:08 <+catphish> errst: here's the list of existing protocols, usually you'd choose an existing one, but nothing stopping you making your own https://en.wikipedia.org/wiki/List_of_IP_protocol_numbers
17:09 <+catphish> normally you use UDP, because you're sane :)
17:09 < errst> :)
17:09 <+catphish> which is basically just raw data over IP, but with port numbers so you can run multiple services on the same IP
17:11 < errst> catphish, thanks for the clarification.
17:11 < tds> the other key thing about udp is that stateful firewalls and NAT devices understand it, so it'll work in the real world
17:12 < errst> i see
17:12 < errst> is there any resources you'll recommend for me to start from stracth to learn networking
17:13 < tonsofpcs> yay, ping is working.
17:13 < errst> like whole network, is this called OSI model?
17:13 < lupine> the OSI model is basically theoretical
17:13 < tonsofpcs> thanks tds and regdude :) going to find a permament solution
17:14 < errst> lupine, but it's true that whole network is total of 7 layers?
17:16 < sigma__> I'm having an issue copying files from a mounted SMB share and it seems to be network related. https://hastebin.com/raw/izevawujoc
17:17 < sigma__> In short, it works or doesn't work depending on which subnet the SMB client host is on.
17:17 < sigma__> All hosts are using the same cifs mount configuration.
17:18 < sigma__> In the tcpdump output from my hastebin link, it looks like the non-working clients suddenly stop hearing back from the server, even though the previous communications were successful over the same ports.
17:21 < lupine> errst: no, that's a model that doesn't make a lot of sense in the real world
17:21 < lupine> for instance, ARP is a an "OSI layer 2.5 protocol" because OSI doesn't model that very well
17:22 < lupine> you can describe things in OSI terms, it's just not a great fitr
17:22 < regdude> in the real world, there is layer1 and protocols
17:23 < lupine> https://en.wikipedia.org/wiki/OSI_model#Comparison_with_TCP/IP_model gives you a vague mapping between OSI terminology and deployed reality
17:23 < electricmilk> lupine,  How is ARP layer 2.5?
17:24 < lupine> it's glue
17:25 < lupine> sorry, 1.5
17:25 < lupine> https://en.wikipedia.org/wiki/Link_layer#Relation_to_OSI_model
17:26 < electricmilk> Ah I found this statement helpful: Normally, a protocol from layer N+1 is encapsulated with the header of the protocol from Layer N, but protocols like arp, stp, cdp, icmp and igmp are exceptions because are encapsulated with a header of a protocol from the same layer.
17:26 < errst> lupine, what'd u recommend?
17:26 < lupine> learning the thing to pass the exam
17:27 < lupine> but also note conceptual enhancements like https://en.wikipedia.org/wiki/Layer_8
17:27 < lupine> it's handy enough when talking about networks in the abstract, but don't expect to ever do that outside of exam conditions
17:28 < electricmilk> errst,  Which exam?
17:29 < errst> electricmilk, pardon me?
17:30 < electricmilk> errst,  Were you asking about the OSI model for an exam?
17:30 < electricmilk> errst,  I came in after your question
17:30 < errst> nope
17:30 < electricmilk> ah my bad
17:30 < lupine> I stand corrected :D
17:31 < lupine> (I learned about it for an exam in 2001, and haven't used that knowledge since)
17:31 < electricmilk> I'll use the model for troubleshooting sometimes
17:33 < electricmilk> I like the TCP model where they separate physical and data link...the 5 layer model
17:33 < electricmilk> Physical, Data Link, Network, Transport, Application
17:34 < electricmilk> Who the hell cares about session and presentation
17:54 < Apachez> ARP is a layer2 protocol
17:55 < Apachez> it has its own ethertype
17:58 < screwsss> anyone here seen desktop pc's with 2 ethernet ports?
17:58 < screwsss> whats that all about
17:59 < screwsss> one for upstream and one for down
17:59 < screwsss> or both for both
18:00 < danieli> or neither
18:01 < Donjuanal> windows doesn't handle load balancing across multiple interfaces well, so it'd ideally be for 2 interfaces on different networks.
18:01 < Donjuanal> if you run linux you can do a lot of things like bond them together, load balance, etc
18:01 < FatalFUUU> I'm looking for a gigabit PoE switch - 24+ ports. I can either get a HP V1910-24G-PoE (JE007A) or for slightly more a 48 port Alcatel OmniSwitch 6400-P48 but I know nothing about these switches
18:13 < spaces> huh ? will Domain WHOIS information dissapear because of GDPR ?
18:35 < cthulchu> hey folks, I wonder if web socket creates significant amount of additional traffic by keep-aliving the connections
18:36 < cthulchu> it has to send like one tcp packet every second or so to keep the connection.
18:37 < cthulchu> I think, on average, we end up with a lot more tcp packets flying around comparing to the non-WS solutions
18:38 < ||cw> cthulchu: depends on how large the application data part of the ping is
18:38 < cthulchu> Well not larger than one tcp packet
18:38 < cthulchu> what is it? 32kb?
18:38 < cthulchu> don't remember
18:39 < cthulchu> cuz ping has very little info. they payload is actually not needed
18:39 < ||cw> also, the ping interval is not standard, each implementation sets thier own time
18:39 < cthulchu> I think the keep-alive happens is on the lower level
18:39 < cthulchu> yeah
18:39 < cthulchu> we still end up with a lot more packets than normally.
18:40 < cthulchu> yeah, tcp keepalives have no data
18:40 < cthulchu> no payload
18:40 < cthulchu> it's implemented on transport layer
18:40 < cthulchu> beautiful
18:41 < CutieCat> omg!! it's cthulchu
18:41 < cthulchu> kek
18:42 < cthulchu> oh, the size of tcp keepalive is very small
18:42 < cthulchu> 54-60 bytes!
18:42 < cthulchu> hm
18:42 < ||cw> it's all trade offs.  if you're using ajax on timers every 30 seconds to check for data that you might get every few minutes,  WS's pings are probably less data
18:42 < ||cw> and that frequent http 1.1 is going to have tcp keepalives anyway
18:43 < cthulchu> correct me if I'm wrong, I always thought that the physical size of a tcp packet is the same. it just sends empty body with the same size as if it had info
18:43 < ||cw> if the browser is being smart
18:43 < cthulchu> nah, it's more about web-servers
18:43 < ||cw> you might be thinking of MTU
18:43 < cthulchu> they don't support keep-alives by default
18:44 < cthulchu> so TCP packets can actually be very small? so, theoretically, if I want to throttle a channel or, say, do the TCP DOS, I have to make sure I send TCPs with actual data?
18:45 < cthulchu> hell why did I think they're always the same size
18:59 < Apachez> this will be fun, nato nerveagent found at daycare in sweden https://www.aftonbladet.se/nyheter/a/bKbeq3/glasampuller-hittade-vid-forskola--manniskor-saneras
19:13 < jatto> hello guys. Do you have a suggestion on a system that I could install on a VM and configure vie web UI with the purpose of performing network analisys?
19:13 < drudge`> did anyone make progress on that web puzzle https://puzzle.webhuset.no/26
19:14 < jatto> drudge`: 95
19:17 < drudge`> how do you get 95
19:18 < jatto> drudge`: First /26 of a network is x.x.x.0 - x.x.x.63
19:18 < drudge`> kist start from 0...ah
19:19 < jatto> if you take the next IP space and you subnet it with /27, you get x.x.x.64 - x.x.x.95
19:20 < drudge`> i was trying to figure out where to start....didnt think about starting from x.x.x.0 lol
19:34 < Windy> so, we just started getting reports of SSL cipher mismatch warnings on several large sites.  facebook, and linkedin so far.  it's not 100%, some users are unaffected, and sometimes if your refresh it will load correctly, but then fail next time
19:35 < Windy> no proxies, no ssl decryption...
19:37 < Windy> seems like we're seeing a tls downgrade attack somewhere in the middle
19:40 < Poster> you may check browser versions, there is a 2 round deprecation of certificates issues by digicert which is impacted to Chrome and Firefox
19:47 < Windy> Poster: we're seeing it in the latest version of chrome, and IE10 so far
19:48 < Windy> Poster: but the error is ERR_SLL_VERSION_OR_CIPHER_MISMATCH
19:50 < Poster> sounds like they may have something off to some but not all systems, perhaps their CDN is having trouble
19:54 < Windy> i wonder if facebook and linkedin share a cdn?
20:02 < fr0tzed> markie is such a pussy
20:04 < kottt> who
20:06 < Apachez> markie mark von zackerburg
20:22 < Windy> i got a packet capture.  the client sends a supported_versions extension which looks fine but the server hello it receives in that same extension, but malformed
20:23 < user3> i'm looking for an easy way to check in a shell script if I have a working internet connection. that doesn't have to be 100% reliable
20:23 < user3> i'm trying this, and that seems to be working:
20:24  * spaces sets mode: -v catphish_ 
20:24 < user3> if ping -c1 google.com 2>/dev/null | grep -q "^1 packets transmitted, 1 received"
20:24 < user3> then echo up; else echo down; fi
20:24 < user3> is there a simpler way to do that?
20:25 < user3> maybe with the command ip?
20:30 < user3> this works to redirect the standard error output:   mycommand >&/dev/null
20:30 < user3> oops wrong channel
20:30 < user3> sorry
20:30 < Apachez> according to mainstream media 7 ampulls were found at the daycare containing osmiumtetraoxide
20:31 < user3> osmiumtetraoxide is that liquid or solid
20:31 < Apachez> and now the firefighters are stripping their cloths who are put in black plastic bags... so I guess they found at least one broken ampull
20:31 < Apachez> user3: turns to gas at around +40C
20:31 < user3> i though that F and C were equal at -40C/-40F instead
20:31 < user3> thought
20:38 < djph> they are
20:38 < user3> osmiumtetraoxide is probably a very heavy gaz above +40C
20:39 < djph> but +40C is another matter entirely
20:40 < kottt> user3: you might have better luck with the scripting part in a more bash/linux/shell-focused channel. However, in terms of testing connectivity, you want to verify IP and DNS, so you would ping 8.8.8.8 AND google.com, so that if google.com fails but 8.8.8.8 works, you can identify that your DNS servers are currently pooched
20:40 < user3> wow
20:41 < user3> why not test 0.0.0.0 instead of 8.8.8.8
20:41 < user3> since I understand that it's intended as a inexisting address
20:41 < user3> as control
20:43 < user3> oops 8.8.8.8 exists
20:44 < user3> 0.0.0.0 too
20:44 < user3> i'm totally confused
20:44 < turtle> i am now too
20:45 < Tegu> 8.8.8.8 is Google's DNS server  https://developers.google.com/speed/public-dns/
20:45 < djph> heh, PING 0.0.0.0 (127.0.0.1) 56(84) bytes of data. <-- well, that's interesting
20:47 < tds> heh, :: maps to ::1 as well
20:48 < djph> well, that explains "0.0.0.0 exists" then
21:02 < Tegu> this rfc seems to explain what 0.0.0.0 is but I'm not sure where the mapping to 127.0.0.1 is defined. or is it implementation dependat. does someone happen to know?  https://tools.ietf.org/html/rfc5735
21:04 < Windy> ok, found the issue with our tls cipher mismatch. the Palo Alto decryption policy that wasn't supposed to be applied was mangling the tls handshalke
21:04 <+catphish> Tegu: common question, no good answer, some implementations map 0.0.0.0 to 127.0.0.1 for no particularly good reason, they just do
21:05 <+catphish> and by implementations, i mean programs
21:06 <+catphish> for example, some browsers, and linux's ping "resolve" 0.0.0.0 to 127.0.0.1, i don't know why, don't use it, it's not an address that means anything
21:12 < AvidWolf43> hi
21:13 < AvidWolf43> can anyone help me set up an ip helper on a Palo Alto Router
21:13 < AvidWolf43> ?
21:17 < xingu> catphish: https://tools.ietf.org/html/rfc1122#section-3.2.1.3:  {0, 0} means exactly "this host on this network"
21:18 <+catphish> xingu: keep reading :)
21:18 < xingu> catphish: it has a meaning. :)
21:18 <+catphish> 0.0.0.0 has many meanings in many contexts
21:18 <+catphish> but as a destination address is not one of them
21:18 < whowhatwhere> hi,  i've been wanting to use my cell phone's connection for some computers to connect through it..  it's advertised as  "up to 445mbit/s"  but Ive never reached past 80mbit/30mbit, and it seems very unpredictable and..weird... any idea what might greatly improve; would simply getting a 4g-capable router and better antennas fix it..any idea?
21:19 < whowhatwhere> and, any idea why this might be a bad idea..? :d
21:19 <+catphish> it means "no address", or a placeholder source address
21:19 < xingu> but it still has meaning
21:19 < xingu> ;)
21:20 <+catphish> sure, several meanings, just not in this context
21:21 < whowhatwhere> Just connecting with my phone again today, setting up "portable wifi-hotspot", noticed it has a new IP than before. Speedtest.net shows faster speeds to servers in Estonia than ones few miles from here (I'm near Oslo, Norway)... wtf? :s    ..I've used various "signal improvement" apps on the phone, and tried locking it to 4G.. refreshing does little/none, apparently..
21:22 <+catphish> Tegu: you're welcome
21:23 < Tegu> oh, thanks, gotta read the backlog
21:24 <+catphish> in summary, it officialy has several meanings including "this host on this network" but should never be used as a destination address, some software resolves it to 127.0.0.1 to help out, but you should avoid relying on that
21:28 < kbaegis> Hi all. Just upgraded from 4.15.14 to 4.16.10. All of a sudden my network stopped working
21:28 < xingu> catphish: if I had to guess, I'd guess that it's glibc connect doing something surprising here
21:28 < kbaegis> Looks like the interfaces are all still recognized for the kernel, but no packets are being logged to the interfaces
21:29 < oo_miguel> Is it safe to use ssh over an unrtusted ipv6 broker. I need to connect to an ipv6 server but my isp currently offers ipv4 connectivity only
21:30 < Dagger2> "untrusted v6 broker" is no more or less trusted than the rest of the internet, so if you're happy with ssh in general then this doesn't really change anything
21:31 < oo_miguel> Dagger2: allright, I hoped this, thanks for confirming :)
21:32 <+catphish> xingu: i'm actually not sure what does it, it's definitely userland, but could be in the stdlib
21:32 <+catphish> oo_miguel: yes, ssh is safe to use over public networks
21:33 < oo_miguel> catphish: Dagger2: thank you
21:33 <+catphish> as Dagger2 says, an untrusted ipv6 broker is no different from the rest of the public internet, you must assume your packets might be intercepted, but SSH and TLS protect you aginst this
21:34 < oo_miguel> catphish: yeah the broker can intercept my packets as anyone else between me and the destination, this makes perfect sense
21:35 < xingu> catphish: now that I think about it, it's interesting that socket has no idea about whether it's working on the src or the dst
21:35 <+catphish> xingu: sure it does, the remote is always the destination
21:36 <+catphish> (when sending)
21:37 < zenix_2k2> i know that switch hardly occur any collision but can it still detect it ?
21:37 < xingu> catphish: it can also be legitimately used to create a listener with 0.0.0.0 as the dst, a port, and then using accept on the result.
21:37 < zenix_2k2> cause the step where it acknowledge which machine is connected to which port, still it send out packet to every machine ?
21:37 < xingu> catphish: so is it still the dst? :)
21:38 <+catphish> xingu: that's a different specific meaning, for a listener, it means "any address"
21:38 < xingu> catphish: anyway if I had to guess, that'd be where I'd guess at; there's no way for socket to know whether ping intends to create a listener or a speaker
21:38 < xingu> catphish: so it takes a guess with humourous results for 0.0.0.0
21:39 <+catphish> xingu: i disagree entirely
21:39 <+catphish> sending and setting up a listener are very diffrent processes
21:40 <+catphish> a listener is ok to be 0.0.0.0 (meaning any address) but for a destination (connect, sendto, etc) you can't use use, or shouldn't, maybe glibc helps
21:41 < xingu> it's a gap in the api from my point of view
21:41 < xingu> this isn't metadata that's passed around in the sockfd that socket creates
21:41 < xingu> the exact same thing creates sockfd's that accept and connect work on
21:42 < xingu> it's legitimate to invoke it with 0.0.0.0
21:42 < xingu> using the result in connect... well that's going to get interesting.
21:44 < hmig> hey guys using rstp is it reccomened to use the default costs ie 1gbps link 20,000 or do you use what ever is easiest to remember ie 10, 20, 30 etc?
21:45 < xingu> hmig: I recommend you use long path costs, which are not default for some vendor equipment.
21:46 < xingu> hmig: otherwise you will have problems building viable topology beyond 10Gbase
21:46 < zenix_2k2> hi ?
21:48 < hmig> vendor reccomends using 12288 for the bridge priority
21:49 < hmig> but doesn't show a reccomended setup is the switches are in a trunk
21:49 < hmig> *if
21:52 < DammitJim> man, that was weird
21:52 < DammitJim> all of a sudden we lost our internet
21:52 < DammitJim> but we have 2 ISPs
21:52 < hmig> both at same time?
21:53 < errst> catphish, earlier i've asked about IP and i've found this article which i quote, says "By comparison, there is another method of transmitting data called IP which is unreliable. Nobody promises that your data will arrive, and it might get messed up before it arrives. If you send a bunch of messages with IP, don’t be surprised if only half of them arrive, and some of those are in a different order than the order in which they were sent, and some o
21:53 < errst> f them have been replaced by alternate messages, perhaps containing pictures of adorable baby orangutans, or more likely just a lot of unreadable garbage that looks like the subject line of Taiwanese spam."
21:53 < hmig> maybe its just taking a while to fail over?
21:53 < errst> article link https://www.joelonsoftware.com/2002/11/11/the-law-of-leaky-abstractions/
21:53 < sawgood> I'm sort of torn between two firewalls (both) have toolsets and services that I like ...(so) I'd like to put one in front of the other ... (in line firewalls) any tips?
21:54 < errst> catphish, but u said, u've to make your own standarts to send data over IP
21:54 < errst> i am a bit confused
21:55 < xingu> hmig: with 12288 you will always lose to something configured as 4096 or 8192; that may be the goal, but I'm not sure why that'd be desirable
21:55 <+catphish> errst: IP is a protocol that allows data to be send to an addressed host on the internet
21:55 <+catphish> errst: IP itself is unreliable, other protocols are always layered on to of it
21:56 < hmig> these are core switches so no not desirble
21:56 <+catphish> errst: layering TCP on top of it adds reliability, or layering UDP on top of it adds basically nothing, and just allows you to send raw data
21:56 < xingu> hmig: I'm always open to new rationales but I tend to pin the root to one specific thing as 4096 then nominate one other specific thing as its successor as 8192, and if the network is partitioned so badly neither thing is visible, then let the election process work the way it's designed to with everything else at defaults
21:56 < sawgood> I'd like to put one multi-WAN firewall at the edge (For its toolset) but then right behind it put another firewall which I  dig (and) then hand off to the LAN switch ...
21:56 < DammitJim> yeah hmig
21:56 < DammitJim> but the inside network seemed to be OK
21:56 <+catphish> errst: i said you *can* make your own standard on top of IP, but you shouldn't, you should use TCP or UDP
21:57 < DammitJim> I guess the primary ISP could have failed
21:57 < DammitJim> and it took a little bit for the secondary to take over
21:57 < xingu> hmig: if I know I never want something to become stp root I push it to 32768
21:57 < hmig> what im not clear on is that if i have two switches in an lcp trunk do i give them different bridge prioirity
21:57 < hmig> they are both core switches
21:57 < hmig> one of these will be root
21:58 < sawgood> outside firwall .. touching ISP equipment ... then its 2nd WAN port hands off to the current firewall (which) use to touch the ISP equipment ...
21:58 < errst> catphish, i see but can't i just use the IP protocol only to send data? as it says on article that u can?
21:58 <+catphish> errst: not really, no
21:58 < fiftysix> Hi!
21:58 <+catphish> you could write your own protocol directly on top of IP, but you don't
21:58 < xingu> hmig: "not desirable" seems to clash with "one of them will be"
21:59 < hmig> topology: https://imgur.com/a/VBFdRqV
21:59 < fiftysix> Is it true that WPA2 passwords are required to _only_ contain ASCII characters? I.e. the fact that under both MacOS and Linux any kind of Unicode character works in a password is just these OSs being nice?
22:00 < hmig> so one of the 5130's need to be root bridge from my understanding
22:00 < hmig> rstp needs to be enabled on the aruba 2920 as to put one of its links in a blocking - discarding state
22:00 < hmig> as at the moment they have a loop
22:01 < errst> catphish, i've found this https://gist.github.com/austinmarton/1922600 which says -according to title- that you can use even ethernet frames to send data. since we can use ethernet frames to send data dont u think that we can use IP to send data too?
22:02 < xingu> hmig: right, if a 5130 is not root then one of the four links to the 2920's will block
22:02 < hmig> at the moment the 5130 is root
22:02 <+catphish> errst: like i've said several times... you *can* make your own protocol directly on top of IP, or Ethernet
22:02 < hmig> just to clariy
22:02 < hmig> and i probs want to keep it that way
22:02 <+catphish> errst: but you shouldn't, you should use TCP or UDP
22:02 < hmig> although STP is on at the moment its not really been configured for this network
22:03 < hmig> it was kind of just turned on and left
22:03 <+catphish> errst: there's nothing stopping you from encapsulating your data directly in an ethernet frame, or IP packet
22:03 < hmig> the issue is the access switches outside switches do not have STP enabled
22:03 <+catphish> errst: except that this is needlessly difficult and offers no benefits over using the standard stack (ethernet+ip+udp)
22:03 < hmig> previous engineer though setting the mode would enable it....anyway
22:04 < errst> catphish, it'll be unreliable if i do that right?
22:04 < xingu> hmig: if you allow the 5130/2920 links to all not block by electing a 5130 as root, then the 5130/5130 link must block just as a sidebar
22:04 < hmig> so at the moment we have minor packet loss, the good thing is this site is not open yet - phew
22:05 < hmig> but i dont want it to become a storm
22:05 < sawgood> If one puts a multi-wan router at the edge touching the ISP (and) has a /30 subnet mask ... (one IP for the firwall and one IP for the ISP) ... if we wanted to put a 2nd router/firewall behind the multi-wan box (could) we use a RFC1918 space to speak from the edge firewall 2nd WAN port over to the WAN of the 2nd router/firewall?
22:05 < xingu> hmig: which will have fairly major implications for stack1/ stack2 transit.
22:05 <+catphish> errst: if you use, raw ethernet, or raw IP, or UDP, yes, only TCP makes it reliable
22:05 < xingu> hmig: ie, it will all hairpin off the arubas.
22:05 < hmig> at the moment the 5130 are forwarding everything
22:05 < hmig> because none of the 2920's both access and outside actually have STP enabled
22:05 < hmig> with me ?
22:06 < errst> catphish, thanks a lot!
22:06 < xingu> hmig: yes
22:06 < xingu> hmig: that seems like the best thing to me.
22:06 < xingu> hmig: ie, don't _forward_ l2 on the aruba.
22:06 < xingu> hmig: so the loop as shown isn't a real loop
22:07 < hmig> at the moment the 5130 has a bridge priority of 32768
22:08 < hmig> both 5130's have the same priority
22:08 < xingu> so it's probably winning based on system id
22:08 < hmig> the thing is im sure there is a loop because I can see packet loss
22:09 < xingu> if there was a loop, you'd be baking your cpu and see a hojillion topology change notifications a second
22:11 < xingu> so you have 2x 1gig l2 to each aruba; how wide is the downlink to the access stacks?
22:11 < eschmidbauer> newb question... i want to use bgp (internal) and ospf to distribute traffic using anycast... problem is i need "stateful" traffic (UDP) so i need to somehow "tag" packets to always go to same node
22:11 < eschmidbauer> is this possible?
22:11 < eschmidbauer> i know you can hash on source/dest using ospf
22:12 < xingu> and also, how wide is the trunk between the 5130's?
22:14 < hmig> so the trunk between the 5130's is two ports in an lacp trunk
22:14 < hmig> it looks like core sw2 is the root bridge
22:15 < tds> eschmidbauer: what are you planning on doing with anycast? as long as you're not doing ecmp and your internal routing is stable, stateful traffic shouldn't be an issue, depending on exactly what you're running
22:15 < eschmidbauer> it's UDP packets though-so how does it keep state?
22:15 < kbaegis1> Huh. ovs changed their default bond_mode from balance-slb to active-failover huh?
22:15 < eschmidbauer> if i used TCP would be keep state? that might be an option
22:16 < xingu> hmig: the interface descriptions don't match the diagram; the descriptions claim each 2920 lands on exactly one 5130; which is true?
22:16 < tds> eschmidbauer: some udp based protocols work fine with anycast (eg dns) since they're stateless - what exactly are you trying to run here?
22:16 < eschmidbauer> tds: we want anycast so our nodes in a cluster can all use the same IP. this way we can "heal" if a node dies (another node can load the "state" and take over)
22:17 < tds> hmm, I'd have thought something like keepalived with a floating IP between nodes might work better for that
22:17 < eschmidbauer> no, because we want to scale
22:18 < eschmidbauer> so we want to be able to run X nodes
22:18 < eschmidbauer> but basically we have traffic coming from internet into a single server (nothing special here); the traffic is then routed using anycast to the nodes
22:18 < eschmidbauer> but "related" traffic needs to hit the same node
22:18 < hmig> Good spot
22:19 < hmig> so access stack 1 has two ethernet links to core 1
22:19 < eschmidbauer> from what i read, ospf hashes on source/dest which won't work here because the traffic from the server (source) to the node (dest-same anycast IP) will always be same
22:19 < hmig> access stack 2 has two ethernet links to core 2
22:19 < hmig> outside sw1 and outside sw2 have ports 23-34 in a trunk (trk1)
22:19 < hmig> port 23 goes to core 1
22:19 < hmig> port 24 goes to core 2
22:19 < BustyLoli-Chan> Sometimes I get a chunked encoding error when downloading large javascript application files (angular single page applications in this case specifically) Does anyone know how to fix this? I can see that the file is served as application/javascript in the header and I can see that the transfer encoding is "chunked" which makes sense based on the error, but why does this happen?
22:20 < BustyLoli-Chan> I'm not sure if this is the right place to ask, but I'm pretty sure this is like a server/network/hardware issue? :l
22:20 < tds> eschmidbauer: afaik ospf/bgp/whatever don't include anything for hashing based on addresss - assuming linux here, that's just down to the kernel doing ecmp and how it decides to route traffic
22:20 < xingu> hmig: ok; in that case one other thing must be true; either the 5130's are clustered in a way that allows them to share a virtual/ floating lacp system ID... or...
22:20 < BustyLoli-Chan> it also might be wort noting that the issue only really seems to happen on VPN
22:20 < xingu> hmig: one leg of the trunk is offline because inconsistent peer system id
22:21 < eschmidbauer> yeah interesting, i guess i was looking at ospf with frrouting, so maybe it's the kernel doing ecmp?
22:21 < xingu> hmig: or maybe you're using a nailed up trunk mode and relying on the 2920 to not recirculate.
22:22 < xingu> hmig: regardless; you have Nx ? fan-in on the stack, 2x 1g uplink from the stack, and then 1x 1gig across to the aruba
22:23 < xingu> hmig: my guess is you're just running out of buffer on the 5130 plain and simple; go to 2x1gig + 2x1gig config from 5130 to aruba.
22:23 < Apachez> hmig: why dont you IRF the core1 and core2 with each other?
22:28 < hmig> @xingu https://pastebin.com/zJ9PWnaj
22:30 < hmig> this is my first comware switches ideally i wanted them in a stack and i would have chosen different switches too, as we are wasting a lot of ports on the 5130 not used
22:31 < hmig> i assume irf would be used in place of lacp?
22:32 < Apachez> irf is clustering
22:32 < Apachez> aka virtual chassis
22:32 < Apachez> so instead of irf your access layer I would use 2 cables towards core1/core2 (irf)
22:32 < Apachez> these 2 cables from the accesswitch point of view is a lacp
22:32 < Apachez> where one cable goes to core1 and one to core2
22:33 < Apachez> since core1 and core2 are IRFed you have a loopfree network
22:34 < hmig> so are we saying if i irf, i wont have the loops i do now ?
22:35 < hmig> the outside aruba will stil have have 2 phyiscal fibre's patched 23 > core sw1 and 24 > core sw2
22:38 < Apachez> you IRF the core (if they support that)
22:38 < Apachez> then from each accesswitch you have one cable to core1 and one to core2
22:38 < Apachez> these two cables are LACP (because from the accesswitch point of view core1/core2 looks and behaves like a single box)
22:40 < hmig> wouldn't more redundancy be acheived if I have a cable from master and slave on each stack to core?
22:40 < Apachez> no
22:40 < Apachez> I would avoid stacking the access
22:40 < Apachez> only do if you really have to
22:41 < Apachez> if each accesswitch have its own 2x10G or 2x1G uplink its a better option than if 3 switches in a stack have in total 2x1G
22:41 < Apachez> first due to performance
22:41 < Apachez> you have less overbooking this way
22:41 < hmig> so there is one stack of 3 2920 arubas and a second stack of two 2920 arubas
22:41 < Apachez> but also if lets say two cables die then you cut off the full 3xswitch stack in your accesslayer
22:42 < Apachez> while if each switch has its own lacp and 2 cables dies if you are unlucky max 1 switch goes offline, the other 2 remains operational
22:42 < Apachez> if lucky its 2 different cables that dies (2 different switches) so all 3 are still operational
22:43 < ctwelve> (...aside: I just had a "network engineer" ask me what a MAC address was a few minutes ago. Pray for me...)
22:43 < hmig> oh wow lol
22:43 < hmig> what about the outside access switches
22:43 < hmig> they are also aruba 2920 but use fibre
22:43 < hmig> int 23-24 in trunk1
22:43 < ctwelve> what are you using the switches to do?
22:44 < ctwelve> access network for customers? Or enterprise endpoints?
22:44 < hmig> the outside 2920's are for WAP's and CCTV
22:44 < ctwelve> well...I've not got a super-solid confidence in Aruba stacking just yet
22:44 < ctwelve> I've found that, especially in two-tall stacks, Arubas can split-brain in some fantastically strange ways
22:44 < hmig> they have been solid for us, the issue im having at the moment is spannign tree
22:45 < ctwelve> It's not nearly as worrisome in 4-tall though
22:45 < ctwelve> HISSSSS
22:45 < ctwelve> You said a bad word!
22:45 < Apachez> hmig: again those access stacks, do they really need to be stacked?
22:45 < Apachez> dont stack unless really have to in the accesslayer
22:46 < ctwelve> Eh, I'm definitely pro-stacking in most situations. I just detest stacking inside the datacenter and in distro/core deployments m'self
22:46 < ctwelve> as far as spanning tree
22:46 < hmig> i cant really break the two access stacks to be honest
22:46 < ctwelve> well
22:46 < ctwelve> apologies for maybe missing context
22:46 < ctwelve> but generally speaking when you stack Arubas, they behave as if they were one multi-card chassis switch
22:47 < ctwelve> you treat the whole stack as one switch as far as STP is concerned
22:47 < ctwelve> the stacking protocol handles loop management internally
22:47 < hmig> in IRF i will still have one link to each core switch (physically) from outside switch so wont there still be a loop
22:47 < ctwelve> so you absolutely do wire them up in a ring, as long as they're properly stacked in the first
22:47 < hmig> oh wait.....
22:47 < hmig> i always use ring never daisy chain
22:48 < hmig> if i IRF the core
22:48 < hmig> then i can just make ports trunk
22:48 < ctwelve> Yeah. I don't g enerally recommend stacking cores but that depends on the situation
22:48 < ctwelve> for most enterprise networks it's usually an acceptable risk for the sake of complexity
22:48 < hmig> so on 2920 int 23-24 in trk1 then on 5130 int 1-2 trk1 for example
22:48 < ctwelve> I'd never recommend it for voice-critical networks or where higher grade service is required
22:49 < hmig> part of the reason why i need to resolve this loop is because of voice
22:49 < hmig> we have some pannasonic phones and they are so sensitive to any drop
22:49 < ctwelve> Well, I generally recommend the connection from core/distro to access either be loop-managed and use (M/R)STP, or you use whatever vendor-specific MC-LAG there is
22:49 < hmig> well i need to resolve the loop anyway
22:49 < ctwelve> So your topology has a single core?
22:50 < ctwelve> (or if you have SPB, use that, but you probably don't)
22:50 < hmig> nope two core switches
22:50 < hmig> 2 x HPE 5130
22:50 < ctwelve> Right
22:51 < ctwelve> So are they running the equivalent of MC-LAG?
22:51 < hmig> 3com/H3C whatever they are alled these days
22:51 < hmig> they are in a 2 port trunk using statig aggregation
22:51 < ctwelve> If they're not running whatever the specific flavor of MC-LAG is, I'd strongly advise you run STP, and go blocked-port hunting
22:51 < ctwelve> LACP is helpful too
22:51 < hmig> i jsut checked and lacp has not even been confured properly :@
22:52 < ctwelve> 'cuz sometimes, some vendor switches only send STP traffic over one of those links
22:52 < hmig> i know right lol
22:52 < ctwelve> this is an old problem I've run into before
22:52 < ctwelve> where people do a static aggregation and get the link order mixed up
22:52 < hmig> topology is here: https://imgur.com/a/VBFdRqV
22:52 < ctwelve> so things like STP don't communicate
22:52 < hmig> except the access stack each have 2 links instead of 1
22:52 < ctwelve> LACP makes that Go Away(tm)
22:53 < hmig> access stack one has two links to core 1and access stack 2 has 2 links to core 2
22:54 < hmig> this is what i see when i do a show stp https://pastebin.com/zJ9PWnaj
22:55 < ctwelve> First thing I would do is remove all but one of the links between the cores
22:55 < ctwelve> and see if STP resolves itself
22:56 < ctwelve> if it does, the problem is the aggregation itself
22:56 < ctwelve> the next thing is to go hunting in the access switches
22:56 < hmig> i tested downing one of the fibre links (yellow on toplogy) and packet loss stoped
22:56 < ctwelve> to see where the loop may be originating from
22:56 < hmig> re-enable the port and packet loss returns
22:57 < ctwelve> Yup, so your aggregation is built wrong
22:57 < ctwelve> the reason is because across the aggregation, all the traffic is hashed, right?
22:57 < ctwelve> In a static aggregation, the port connection order matters
22:57 < ctwelve> because it's part of how the switches decide to hash traffic
22:57 < hmig> so the access stack has aggregation
22:57 < hmig> but the outside switches dont
22:58 < hmig> they are trunk ports on 5130
22:58 < ctwelve> there should be aggregation between the cores too
22:58 < ctwelve> yeah. My money is that the aggregations somewhere are bad as the most likely explanation
22:58 < hmig> and on the 2920 in teh outside cab theere are interface 23 and 24 in a trunk
22:58 < ctwelve> and close second one of the access switches has gone stupid
22:58 < ctwelve> Again, Id honestly just make sure LACP is up and running correctly on any and all aggregations and proceed from there
22:59 < hmig> there is static aggregation not lacp between cores
22:59 < hmig> thats my plan
22:59 < ctwelve> I've seen static aggregations break STP many a time, because an admin switched cables around
22:59 < Apachez> but ffs
22:59 < hmig> get lacp working on both access stacks
22:59 < Apachez> whats wrong with you?
22:59 < Apachez> what are the devices in your core?
22:59 < Apachez> why dont you just IRF them?
22:59 < Apachez> why dont you breka up the access stacks?
23:00 < hmig> irf is a good option
23:00 < ctwelve> Sometimes topology redesign isn't a viable choice, especially when the problem is *right now*
23:00 < hmig> dont want to break stack
23:01 < hmig> i still need to fix the current loop
23:01 < hmig> however i think this is just because STP is not enabled on any of the access stacks or outside switches
23:01 < ctwelve> but yeah. Once you're not looping, redesign is probably a reasonable idea
23:01 < hmig> so the 5130 is fowarding everything and not discarding anything
23:01 < ctwelve> then I'd look at port utilization firstly and go hunting from there
23:02 < ctwelve> good luck
23:02 < hmig> which makes sense because none of the aruba's actually have stp confirued
23:02 < hmig> thanks mate
23:06 < Apachez> ctwelve: obviously he is having a major design flaw
23:06 < Apachez> so either you patch that and have another flaw the other week
23:06 < ctwelve> Yes. And?
23:06 < Apachez> or you fix it properly
23:06 < Apachez> and avoid further flaws
23:06 < Apachez> I go for the later
23:06 < ctwelve> Oh, I got that impression immediately
23:07 < ctwelve> when you more or less called him an idiot for attempting to solve the immediate problem before he tackled architecture
23:07 < hmig> I am there are design flaws, ive only started looking at this yesterday and today, I would have taken a different approach but I need to work with what I have
23:07 < hmig> I didnt design it btw
23:07 < ctwelve> which, y'know. that's not my preferred style of human interaction.
23:08 < ctwelve> And I don't know who you work for but I've never operated a non-trivial network that was okay with extended downtime so a thing could be disruptively re-implemented "the right way"
23:08 < ctwelve> That kind of thing often requires planning, permission, and so forth
23:08 < ctwelve> the network serves the customer, not the other way around.
23:08 < hmig> guys I appreciate the help, this site is opening at the weekend and I don't have a lot of time. i'll probs just IRF
23:08 < hmig> site is not live yet
23:09 < ctwelve> Ah, that's a bit different
23:09 < hmig> they move in on the weekend
23:09 < ctwelve> in either case, good luck!
23:09 < ctwelve> Do what you can with the time you have
23:11 < hmig> thanks, hopefully tomorrow will be productive
23:17 < banisterfiend> hi, my vm seems to have a network of the form: 10.14.10.0 but my actual physical computer is on a network of: 192.168.1.0
23:18 < banisterfiend> how do these two networks communicate? and when i do: arp -n on my vm it doesn't have an entry for 192.168.1.1 - why is that?
23:18 <+catphish> banisterfiend: most likely your PC is acting as a router between the 2 neworks and likely also doing NAT
23:19 < banisterfiend> i'm just a little confused as to how the 'real' network and how the 'virtual' network interoperate, can someone clear it up for me? ELI5 :D
23:19 <+catphish> your PC probably has an IP on the 192.168.1.0 network but also an IP like 10.14.10.1
23:19 <+catphish> banisterfiend: short answer, your host PC is acting as a router between the 2
23:19 < banisterfiend> catphish ah ok...i can ping the 192.168.1.1 from my virtual 10.14.10 network though
23:19 <+catphish> yes
23:19 <+catphish> via the router (your host PC)
23:20 <+catphish> same way you can ping google, even though you're not on their network
23:20 < banisterfiend> so as far as the virtual host is concerned it's treating the 192.168.1.1 ip like it's a remote ip on the internet, same as 8.8.8.8 ?
23:25 <+catphish> yes
23:38 < banisterfiend> catphish hmm the starnge thing is, when i DONT have openvpn running i can ping the 192.168 network from the 10.0/8 networj...yet when i start openvpn i can no longer ping the 192.168/16 network from the 10/0/8 virtual network...why is this?
23:50 <+catphish> banisterfiend: no idea
23:50 <+catphish> you'd need to check routing tables
--- Log closed Wed May 23 00:00:29 2018