--- Log opened Wed Jun 20 00:00:05 2018
00:01 < Johnjay> pretty much most networking stuff works easier in linux right?
00:01 < Johnjay> like setting up ftp, ssh, dns all that kind of stuff?
00:01 < grawity> compared to what – BSD or Windows Server or Amiga or
00:02 < Johnjay> windows
00:02 < adleff> I would argue not. networking packages for windows tend to be bundled with wizard installers that set most configs for you
00:02 < Johnjay> i think it's fairly obvious i didn't mean the amiga or the commodore 64
00:03 < adleff> linux packages generally expect you to read the documentation and configure flat files
00:03 < adleff> I think we would disagree but I don't speak for everybody. your question was kind of vague
00:03 < Johnjay> ah ok adleff. i was thinking of setting up apache on this pc for my LAN and I was thinking of just running a ubuntu VM
00:04 < Johnjay> well i'm talking for on a pc lan not a professional enterprise gig
00:04 < adleff> I think it's going to come down to what you need to do and your willingness to read documentation
00:04 < Johnjay> like if you use centos for example i assume you have to read all their special docs
00:04 < adleff> running network services isn't magic, at some point you tend to need to know what you want to do
00:04 < grawity> do you want specifically Apache, or do you want just an httpd?
00:04 < Johnjay> well sure.
00:04 < Johnjay> i had a bad experience trying to get a rtmp server running
00:05 < Johnjay> i ended up having someone tell me the exact x.y.z version of nginx to download that had it compiled
00:05 < Johnjay> so i'm kind of skeptical of learning to do this sort of thing on windows
00:05 < adleff> if you don't like the standard documentation for a given project, chances are you can just google for more information and find blog posts on the topic, youtube videos etc
00:06 < Johnjay> hmm ok
00:10 < tds> grawity: I think network-manager has just got confused now ;) https://paste.debian.net/plain/1029972
00:24 < drac_boy> hi
00:26 < thxffo> would you refer to a cisco 7700 as a router or a switch
00:26 < drac_boy> thxffo can it do NAT?
00:28 < thxffo> im n ot even sure @drac_boy
00:28 < thxffo> so, if it does NAT, it is a router?
00:29 < drac_boy> well NAT is generally a router .. but if it can't do NAT then its very (although not exactly 100% afaik) likely a switch
00:29 < drac_boy> the real question you probably want to ask is...which OSI layer does this particular cisco device do?
00:31 < thxffo> ciso calls it a switch, for whatever that is worth
00:31 < Apachez> L3-switch = router
00:32 < Apachez> often it boils down to which interfaces are supported
00:32 < Apachez> if you only support ethernet then you often call it a l3-switch
00:32 < Apachez> if you also supports E1/T1, SDH, SONET and whatelse then its a router
00:32 <+pppingme> nat is NOT a qualification that makes something a "router", not anywhere..
00:33 <+pppingme> the distinction is very clear, switches work at Layer2, routers at Layer3..
00:34 < drac_boy> pppingme so a switch can NAT? :)
00:34 <+pppingme> It works at Layer2..  the concept of IP isn't even there..
00:36 < tds> in theory you can do mac address nat, but just... please, no, don't
00:38 < adleff> why? some use cases require a proxy mac address
00:38 < adleff> like with wifi controllers
00:38 < thxffo> would you see mac address at the "router"
00:39 < thxffo> no right?
00:39 < thxffo> just network stuff
00:39 < thxffo> ip
00:40 < Apachez> pppingme: not at all
00:40 < adleff> a NAT device is always forwarding at layer 3
00:40 < Apachez> a L3-switch is NOT a router, its a L3-switch
00:40 < adleff> so it isn't illogical to assume a NAT device is a router
00:40 < adleff> this is such an autistic discussion
00:40 < adleff> what a waste
00:41 < balletjebal> (NAT) allows a router to modify packets to allow for multiple devices to share a single public IP address..
00:47 < thxffo> @adleff, i agree... i am trying to decipher what a client is saying to me... trying to figure out where they are tapping the network
01:02 < sla3k> Hi, what is the best way to tell if we are running out of IP addresses? our router/firewall assigns IP addresses through DHCP randomly and not in order, is there a tool I can use to check?
01:02 < drac_boy> sla3k do you have more than 700 computers funneling through a single private network? :)
01:03 < sla3k> umm not 700 but maybe close to 300 :/
01:03 < sla3k> including all the VM's and phones in the network
01:03 < drac_boy> 300 is nothing for any sort of dhcp :)
01:04 < drac_boy> (unless IT somehow intentionally shortened the issue range instead of leaving it on the 'issue in full spread' default)
01:05 < sla3k> hmm, the range starts from 192.168.0.50 till 192.168.1.254 (/23 subnet), but there should be a way to tell exactly home many machines/devices are connected to the network at any given time right..
01:06 < sla3k> s/home/how
01:06 < tds> you should be able to see the number of active leases somehow on the dhcp server
01:08 < tomreyn> and then, there is nmap.
01:08 < adleff> sla3k, you need to look at the dhcp service and observe the assigned addresses
01:11 < sla3k> lol, just finished counting, through DHCP, we are at 270 IP's in use. (for some reason the router lists the dhcp leases but does not show the total number), weird
01:11 < sla3k> and then there are static IP's for some servers, around 30, so we are well below the total usable IP's we have here.
01:46 < kepler> what are you using for a dhcp server?
02:00 < jvwjgames__> ok my DC provider is announcing a prefix for me of 2602:fe5d::/58 but i can't traceroute to it
02:00 <+pppingme> how far does a traceroute get?
02:01 < jvwjgames__> i setup my side they setup there side and after much trouble we got both sides to peer and the traceroute doesn't get out of my network
02:01 < jvwjgames__> i know i have internet cause i am talking to you guys right now and yes this is the same PC i am doing traceroute from
02:02 <+pppingme> Apachez I'd argue that an L3 switch is BOTH a switch and a router, but the way its typically implemented, switching is its more core function.
02:02 <+pppingme> the same reason you'd call a consumer router a router, even though most have a 4 or 8 port switch built in
02:03 < javi404> what the hell did i miss with openwrt?
02:03 < javi404> it is LEDE now?
02:03 < javi404> or merge or whatever?
02:04 <+pppingme> jvwjgames__ I would suspect they aren't announcing it..
02:04 < jvwjgames__> i got off the phone with them and they said they are announcing it the upstreams they said are announcing it
02:05 < jvwjgames__> is there a way to check if a certain AS is actually announcing .
02:06 <+pppingme> just trying to do a traceroute from here, I'd suspect otherwise, however, the better answer may be to jump on some looking glasses and see what they see
02:06 <+pppingme> and yes, an LG should answer that question
02:07 < javi404> jvwjgames__: my MTR to you ends here:  2001:470:0:5d::1
02:08 < javi404> ve422.core1.nyc4.he.net (2001:470:0:5d::1)
02:08 < jvwjgames__> the NET admin went home for the day i can try to call there support to see if they can do anything but i might have to wait till tommorow
02:08 < javi404> im on an HE tunnel
02:08 <+pppingme> jvwjgames__ what he's basically saying to you is that HE doesn't know anything about it
02:08 <+pppingme> javi404 what city is your tunnel based out of?
02:08 < javi404> pppingme: bingo
02:08 < javi404> pppingme: NYC
02:08 < jvwjgames__> ok
02:09 < jvwjgames__> i will call support and see
02:11 < jvwjgames__> the DC did say that xo was announcing it 1 of there Border routers chocked out while we where trying to peer but both border routers are peering with me
02:13 <+pppingme> I'm fairly sure xo has a public LG..  you might google it
02:17 < jvwjgames__> they said for me to wait 6 hours due to BGP propagation and how BGP works
02:17 < jvwjgames__> i thought BGp was quicker then that
02:19 <+pppingme> bgp is quicker than that, they are throwing excuses..
02:20 <+pppingme> get on an XO LG and see if you see your route
02:20 < jvwjgames__> XO does have a BGP looking glass but the page is broken
02:20 < jvwjgames__> Internal Server Error
02:20 < jvwjgames__> i will try there next Upstream L3
02:24 < jvwjgames__> >:(
02:24 < jvwjgames__> can't connect to L3 router
02:24 < adleff> jvwjgames__, you can get on a route tables server and run regex against XO's ASN
02:24 < adleff> you don't have to check from their looking glass
02:24 < jvwjgames__> ok
02:24 < adleff> also the XO looking glass will not tell you if they are announcing it, it will only tell you if they have your announcement
02:24 < jvwjgames__> what about against XM's ASN
02:25 < adleff> a bgp looking glass is just their viewpoint of bgp
02:25 < adleff> it doesn't tell you if they are announcing it, it will HINT to you that they are announcing it because there will be a bestpath chosen
02:27 < adleff> jvwjgames__, http://blog.ine.com/2008/01/06/understanding-bgp-regular-expressions/
02:27 < adleff> a quick overview on how to construct regex for as-paths
02:28 < adleff> so XO asn is 2828
02:28 < jvwjgames__> yes
02:28 < adleff> regex would be _2828_ to check if a route passed through XO
02:28 < adleff> refer to that guide
02:28 < adleff> you can telnet to a bgp view router and check regex against it
02:29 < jvwjgames__> i am confused to whgat the command actually is
02:30 < adleff> well it depends on what the routes server is running dud
02:30 < adleff> if it's a cisco ios router, it would be `show ip bgp regexp _2828_`
02:33 < BullHorn> what does my ISP see if im routing all traffic through a VPN?
02:35 < adleff> they only see packets destined to your VPN
02:35 < adleff> not sure I follow the question
02:36 < BullHorn> trying to understand the point of a VPN regarding the ISP
02:36 < adleff> I must be missing some part of a conversation
02:37 < adleff> let's say you're trying to get to herpingderps.com and your ISP doesn't have a route to that, but they DO have a route to your VPN provider
02:37 < adleff> that's one way a VPN can work around issues
02:37 < BullHorn> on mobile devices a VPN is going to protect your data when on public networks
02:37 < adleff> I dunno dude
02:37 < BullHorn> but lots of people use VPN on their main systems and i dont see a reason why
02:37 < BullHorn> other than hiding data from your ISP?
02:37 < BullHorn> is that what people do
02:37 < jvwjgames__> ok the router is only show IPV4 address is there a filter for IPV6
02:37 < adleff> well vpn helps conceal your traffic and it also helps with mitm attacks and whatever shenanigans might be happening at the hotspot
02:50 < Notmine> https://gist.githubusercontent.com/dfd14f02fd1a00bba868fadc8484d4f5/raw/817699fd84d5bb92d1c8e8e6b276f4621acc4c94/gistfile1.txt
02:52 < Wixy_> wow, I got disconnected like 3 times in a row wtf
02:53 < Wixy_> https://gist.githubusercontent.com/dfd14f02fd1a00bba868fadc8484d4f5/raw/817699fd84d5bb92d1c8e8e6b276f4621acc4c94/gistfile1.txt
02:53 < Wixy_> these are the latency from the 3 availability zones on the aws region I'm working, as we discussed previously
02:54 < Wixy_> I'm pinging in case any of you is around an free, catphish, tds, fryguy :)
02:54 < Wixy_> no a significant difference, I think I can't get the latency down by being in one zone or another
02:55 < Wixy_> but I'm confused, because I checked traceroute and it would hit a different CloudFront server every now and then
02:56 < Wixy_> and maybe that plays a more important role, as I've seen anything from 15 hops to more than 30. from the same instance!
02:58 < Wixy_> I'm guessing cloudfront is also balanced, but at a dns level. is that a thing?
03:12 < Peng_> Yes. CloudFront's DNS servers return different IP addresses based on your location, what it thinks your location is, the weather, a cursed D20...
03:12 < veegee> hey all, can't seem to find information on what this means: when I do lsof for one of my processes that I'm trying to debug, it shows a whole bunch of "sock" open with the name "protocol: TCPv6"
03:13 < Peng_> D'oh, they left.
03:13 < Peng_> Wait, they came back.
03:13 < veegee> for other normal sockets, it explicitly lists that the type is IPv4 and that it's established, but for these mysterious ones, it doesn't give any more information
03:13 < veegee> what does this mean?
03:13 < Wixy_> Peng_, it's based on the weather, that I agree :P
03:15 < Wixy_> I'm running an aws instance in one zone, I'm not moving it, and I'm getting anything from 15 to any number of hops, to a CF server that is supposedly on the same region, on the same zone
03:15 < Wixy_> is there any way to fix it?
03:15 < Peng_> The number of hops doesn't, itself, matter much. Is anything bad happening?
03:16 < Wixy_> what is bad is the latency has increased since this 3rd party api I'm using put CF infront of it
03:16 < Peng_> Ah!
03:16  * Peng_ reads scrollback
03:17 < Wixy_> yeah, we talked about that some hours ago
03:17 < Wixy_> so provided I can't get rid of CF altogether, I'm looking for a workaround
03:17 < Wixy_> I tried changing zone in AWS, but that didn't help
03:18 < Wixy_> and now I noticed I'm hitting a different CF every now and then, and some of them seems to be far away
03:19 < Peng_> There's not much you can do
03:20 < Wixy_> I can select a CF server by using a fixed ip instead of the api domain, would that help?
03:20 < Peng_> It would "help" temporarily until it broke
03:20 < jvwjgames__> i found the issue
03:21 < Wixy_> Peng_, why would it break?
03:21 < Peng_> Wixy_: Why wouldn't it? Amazon is making no technical promise the IP will work longer than the 60 seconds it's in the DNS response.
03:22 < Peng_> I have no idea how CloudFront typically behaves, but it's likely to stop working eventually.
03:22 < jvwjgames__> my issue was the prewfix not being advertised
03:22 < Wixy_> it works for longer, and even if it doesn't I can run some code to get a new one
03:23 < Peng_> If you're a big customer, you could contact Amazon support.
03:23 < Peng_> Wixy_: That's hacky and gross, but if it works for you, okay
03:23 < Wixy_> (I think they even have a list of public ips, not sure)
03:24 < Peng_> They have a big list of "these are all the IPs CloudFront might use".
03:24 < jvwjgames__> https://paste.ee/p/FzOFj
03:24 < Peng_> You can't drill down into it.
03:25 < jvwjgames__> the prefix that has the > next to it is the prefix that i am trying to get advertised
03:25 < Wixy_> Peng_, what do you mean I can't drill down into it?
03:26 < jvwjgames__> but i tracerouted the other prefixes witch are all mine they just told the upstream to accept all and most prefixes i can traceroute but when you traceroutre them oh man wow
03:26 < Peng_> Wixy_: They won't tell you "these are all of the IPs used by CloudFront distribution X in Tokyo edge location Y"
03:26 < Wixy_> but I can request the dns server the whole day for different alternatives :P
03:27 < Wixy_> I believe they reuse the IPs quite a lot, they don't change much
03:28 < Wixy_> omg, I thought they would always connect me to the closest CF, it looks like they use a dice to select one
03:29 < Peng_> I'm in the US, CloudFront sends me to basically every location in my time zone, sometimes including Canada.
03:29 < Peng_> I dunno what their logic is. Maybe it's a load balancing thing.
03:29 < Wixy_> yeah, I think so
03:30 < jvwjgames__> ppp[ingme i found out the issue'
03:31 < jvwjgames__> adleff i found out the issue
03:31 < Wixy_> Peng_, do you think they also select a different server (in this case binance) from other zones? or do they at least balance constrained to the zone in which they are running?
03:31 < Wixy_> for instance I'm in zone A, and I get connected to CF in zone A. do I get binance from zone A too?
03:31 < Wixy_> and what if I'm in zone A, and I get connected to CF in zone B. do I get binance from zone A or B too?
03:31 < Wixy_> or maybe C?
03:32 < Wixy_> don't know how it works
03:33 < Peng_> I dopn't think it's that fine-grained
03:33 < rootworm> sup
03:33 < Wixy_> does that mean everything could be connected to everything else?
03:33 < Wixy_> for instance I'm in zone A, connected to CF in zone B, which requests server in zone C?
03:33 < Wixy_> that would really suck
03:44 < Wixy_> btw, shouldn't the dns provide more than one ip in case there's a problem with one of the servers?
03:46 < Wixy_> I thought they always send more than one A register
03:46 < Peng_> They do
03:48 < Wixy_> nslookup d3h36i1mno13q3.cloudfront.net
03:48 < Wixy_> only shows me one
03:49 < Wixy_> same with dig d3h36...
03:50 < fryguy> Wixy_: there's lots of tricks you can do with IP routing at edges, you don't need multiple IPs
03:50 < Wixy_> for example?
03:51 < fryguy> anycast, bgp routing, VIPs
03:52 < Peng_> Wixy_: Ah. I forgot, CloudFront has different types of distributions. I don't know what the differences are, but some of them use multiple IPs.
03:57 < jvwjgames__> can someone help me
04:07 < new2ip> jvwjgames__: don't ask to ask, just ask
04:08 < jvwjgames__> ok well anyone here now about my issue with my ipv6 prefix i found out an issue
04:09 < jvwjgames__> it is this issue https://paste.ee/p/FzOFj
04:09 < jvwjgames__> someone try to traceroute any ip other then the top one
05:06 < cocktail> Is this the network topology of a typical LXD container? lxdbr0 <--> vethXXX <--|host|container|--> eth0
05:08 < fryguy> yah
05:12 < cocktail> fryguy: yes?
05:15 < cocktail> Is that an answer to my question?
05:15 < fryguy> yes
05:17 < cocktail> Yay
05:18 < cocktail> Why do I not see a corresponding veth interface for a qemu VM?
05:19 < fryguy> because qemu works differently from containers
05:19 < fryguy> and has it's own weird user-space bridge thing that's slow but works out of the box in like every setup ever, or you create tun/tap interfaces. you can't do veth since you aren't sharing a network stack because vm
05:24 < Ouroboros> let's say that i have a global ...::1/64 address and a default route via link-local fe80::1, how is a link-local fe80::.../64 address used in establishing a connection with a remote host here?
05:25 < Ouroboros> i think that i am missing something obvious
05:34 <+pppingme> Ouroboros the link-local hop is your router's link-local ip..
05:34 <+pppingme> this is normal
05:34 < Ouroboros> i mean, why do *i* need a link-local address?
05:35 <+pppingme> its a guaranteed way to talk on your lan if normal ip addressing is broken
05:35 < Ouroboros> no, i know that, but i am asking specifically in this isolated scenario
05:35 <+pppingme> and many lan based protocols, like slaac use LL ip's
05:35 < Ouroboros> e.g. i cannot even ping a remote host without the link-local address, so what purpose does it serve?
05:36 < Ouroboros> and there is no slaac or ndp here, everything is manually configured
05:36 <+pppingme> you still have ndp
05:36 <+pppingme> slaac isn't exactly something that "runs", its something thats derived..
05:37 < Ouroboros> well, perhaps there is some ndp, i should really tcpdump it, but there is definitely no ra
05:37 < Ouroboros> yeah, i know how it works, but i am setting a global address completely manually
05:37 <+pppingme> there is RA, or clients won't use it
05:37 <+pppingme> by definition, a router runs a router advertisement..
05:37 < Ouroboros> is it required?
05:38 < Ouroboros> i mean, i am definitely not receiving any route information, i have to set it manually
05:38 <+pppingme> by definition, yes...  can it be hacked around? sure.. but not a good idea
05:38 <+pppingme> if you aren't receiving it, then your router is broken
05:39 < Ouroboros> well, probably, but i do not control that part
05:39 <+pppingme> then open a ticket with who does
05:40 < Ouroboros> still, i do not understand why it works with an ll address but not without, what could possibly be transmitted?
05:40 <+pppingme> you're stripping your LL ip is probably whats breaking RA's
05:41 < Ouroboros> no, it does not receive anything even with it set
05:41 < Ouroboros> i mean, even in the default environment before i messed with anything
05:43 < Ouroboros> but let's say that the default route is already set, does it still need to do some ndp stuff before it can communicate with it?
05:43 <+pppingme> yes
05:43 <+pppingme> somehow you have to get from L3 to L2
05:43 <+pppingme> thats np's job
05:43 <+pppingme> ndp's job..
05:43 < Ouroboros> i wonder why L2 is even still a thing...
05:44 <+pppingme> because L2 isn't L3's job and L3 isn't L2's job
05:44 <+pppingme> and L2 can be (and often IS) different
05:45 <+pppingme> not everything is ethernet.
05:45 <+pppingme> and, ethernet carries more than just IP
05:46 < cocktail> Is it safe to route network traffic of an LXD container through Tor in another LXD container? Would it leak traffic outside Tor network?
05:47 < Ouroboros> pppingme: i suppose, but i still think that it will disappear at some point
05:47 < Ouroboros> in any case, i keep forgetting that there is no arp in ipv6
05:48 < Ouroboros> so perhaps it needs the ll address for the neighbor solicitation for the router, but then why can it not use the global address or the unspecified address for this?
05:48 <+pppingme> arp and ndp are rough equivalents, with different approaches to the same issue
05:48 < Ouroboros> argh, i will have to tcpdump it, just trying to avoid that rabbit hole
05:49 <+pppingme> and again, you're assuming there's a direct correlation between L2 and L3, there isn't.. L2 has to be able to carry more than ipv6, and L3 has to be able to work over more than just ethernet, you simply can't "tie" the two together
05:50 <+pppingme> Ouroboros it really feels like you're making something thats real simple overly complicated..
05:50 < Ouroboros> story of my life
05:50 <+pppingme> why??  just keep it simple and it will work..
05:50 <+pppingme> the reason ipv6 doesn't work for most people is because they screw with it
05:51 < Ouroboros> well, once i discover that there are options, i have to try them :)
05:51 < c|oneman> noes not the cl0d
05:52 < Ouroboros> it's raining ping timeouts
05:52 < Ouroboros> maybe they screwed with their ipv6 too
05:54 < Ouroboros> pppingme: i have been screwing around with sysctls and iproute for days, i think that i understand 90% of it now, but i have intentionally not looked at the actual packets
05:57 < winsoff> Nice network opers
05:57 < winsoff> Do adsl ISPs have the ability to isolate clients from each other? I suppose that this is probably part of the topology, right?
05:57 < light> why would they want to do that?
05:58 < winsoff> light, security reasons, I assume.
05:59 < light> you want your ISP to decide which IPs you can and can't access?
06:00 < winsoff> light, not at all. I'm wondering if they usually do this, or if networking protocols provide this in general--I am not sure they do, but if the structure is such that we're all networked into a common switch or something, I guess so.
06:01 < winsoff> Is there an easy way to check this from my end? I guess I just nmap-fingerprint all of the hosts on the way up from my network to someone else who's on the same network as I am, right?
06:01 < light> no, they don't do that
06:06 < winsoff> In a traceroute, when I'm getting no responses (... results in nmap), is the packet with a certain TTL being dropped off? Does this mean that network hardware is still stopping the transmission of the packet (by decrementing the TTL), but it doesn't have a network address to report back with?
06:20 < dnanib> winsoff, There isn't a security reason that stands scrutiny. Here in my nook of the world ISPs sell "business" and "residential" connections; the latter is contractually forbidden from running services that others can connect to.
06:20 < dnanib> And the way they implement is by isolation/firewall etc.
06:21 < winsoff> Ah, interesting. I run a vpn on my home network: is that not allowed by your ISP?
06:21 < dnanib> Well, for one the dynamic IP addressing creates a problem. I can get a static IP only if I subscribe to the "business" service (which is significantly more expensive)
06:22 < Tegu> dynamic dns services and automatic updaers for them help
06:22 < winsoff> Yeah, what Tegu stated.
06:22 < dnanib> I work around by renting a VPS (which the provider calls is a cloud service but I know better, don't I?) and running libreswan at both ends
06:23 < dnanib> One ISP doesn't allow even IPSec to work (extreme firewalling); only openvpn there.
06:23 < dnanib> But inbound connections don't establish. The SYNs are dropped. I have tested this again and again.
08:11 <+pppingme> this ^^^  is why the "cloud" is bad :D
08:13 < squ> why?
08:15 < tya99> with the isc-dhcpd server is it possible to have different scopes for different VLANs eg https://dpaste.de/SzSX
08:15 < tya99> the dhcp server has access to both VLANs
08:16 < tya99> ie currently i have DHCPD_IFACE="eth0.2 eth0.3 eth0.4"
08:16 < tya99> in /etc/conf.d/dhcpd
08:17 < kidn3ys> tya99: i've seen it done, but I usually see it done with ip helper statements
08:17 < tya99> i seem to only find examples with a cisco dhcp server
08:18 <+pppingme> tya99 you don't necessarily need ip helpers..
08:18 < tya99> basically i want one address pool for one vlan and the other for another
08:19 < tya99> so basically "if this MAC address pops up and is on VLAN 2 do this"
08:19 <+pppingme> does each of the vlan interfaces (eth0.2, eth0.3, etc) have an IP that is on the same subnet as the scope you're handing out?
08:19 < tya99> "if this MAC address pops up in VLAN 3 do that
08:19 < tya99> yes the dhcp server can serve from 192.168.2.1 or 192.168.3.1
08:20 < light> should be easy then
08:20 < tya99> it must be possible without running two dhcp servers
08:20 <+pppingme> then it should just work
08:20 < tya99> oh.
08:20 <+pppingme> pastebin an "ip addr" and the contents of your dhcpd.conf
08:20 < tya99> oh except that
08:22 < kidn3ys> tya99: so what isn't working? if you connect a PC to vlan 2 or 3 do you get an address in the range that you should?
08:22 < kidn3ys> or are the reservations just not working?
08:22 < tya99> well i am wondering if i have done it right i guess
08:23 < tya99> https://dpaste.de/7aM9
08:23 < kidn3ys> well, does it work?
08:23 < tya99> that's the interfaces
08:23 < tya99> https://dpaste.de/BTup not really no
08:23 < kidn3ys> sounds like you didn't do it right.
08:23 < tya99> i have only specified PC1 and PC2 once
08:23 < tya99> but can i specify it again and change the subnet and IP
08:23 < tya99> how is it going to know which pool is which VLAN
08:23 < tya99> that's the thing
08:24 < tya99> if i were to copy that PC1 and PC2 block again and put in 192.168.3.X addresses that won't work
08:24 < tya99> or would it?
08:24 < kidn3ys> i would expect it would
08:25 < tya99> i guess
08:25 < kidn3ys> the dhcp server should be able to determine what range to serve based on the interface it comes in on
08:25 < tya99> as it would put it out on that broadcast
08:25 < tya99> ah yes!
08:25 < tya99> that does make sense
08:25 <+pppingme> tya99 I see what you're asking..  gime a sec..  your question is valid..  because on a reservation, it doesn't check for valid subnet
08:25 < tya99> right
08:26 <+pppingme> I've come across this before, let me dig through something..
08:26 < tya99> :D
08:26 < tya99> an example i thought about you might have a laptop eg
08:26 < tya99> with two different SSIDs
08:26 < tya99> like corporate on VLAN2 and secure on VLAN3
08:27 < tya99> depending on which SSID the user connected to would determine which VLAN they were on, obviously
08:27 < tya99> but then the DHCP server when reserving for that laptop how would it know which reservation to issue?
08:28 < tya99> if they connect to "corporate" based on their mac address they should have 192.168.2.50 if they connect to "secure" they should have 192.168.3.50
08:29 < eirirs> depends on the subnet mask :)
08:29 < tya99> well both being /24
08:30 < cocktail> In the following setup, can eth1 and eth2 communicate with eth3? eth1,eth2 <--> linux bridge <--> eth0 <--> router <--> eth3
08:30 < Phil-Work> cocktail, technically they can
08:31 < Phil-Work> assuming everything were set up to facilitate this
08:31 < cocktail> everything?
08:31 <+pppingme> I don't have it where I thought I did..  I'll have to do some more digging, but before I do, what are you really trying to solve/fix?  why do they need a preset IP and not just one out of the pool?
08:32 < kidn3ys> cocktail: are eth1,2 hosts?
08:32 < cocktail> eth1 and eth2 are in LXD containers or VM guests.
08:32 < tya99> pppingme: just because i wanted to know if it were possible and its okay ill be here forever so feel free to pm me when you do now or later
08:32 < Phil-Work> cocktail, assuming the bridge passes layer 2 traffic without molesting it, the router can route from the subnet on eth0 to the subnet on eth3 and the relevant things on either side use the router as their gateway for that route
08:32 < tya99> pppingme: this user is connected to this channel via znc
08:33 < kidn3ys> ^^ what phil-work said
08:33 < cocktail> eth1 and eth2 will receive IP addresses from DHCP server on the router.
08:33 < tya99> doesn't the molesting only happen if you go under the bridge?
08:33 < Phil-Work> assuming the bridge is working, you can simplify the diagram down to eth0,eth1,eth2 <--> router <--> eth3
08:33 < Phil-Work> now you have simple routing
08:34 < cocktail> I want eth0 and eth1 to reside in LXD containers or VM.
08:34 < cocktail> Oops
08:34 < cocktail> eth1 and eth2
08:35 < Phil-Work> that's a fairly common setup, in that case
08:35 < Phil-Work> what is eth3?
08:35 < cocktail> eth1 & eth2 <--- LXD | host ---> linux bridge <----> router <---> eth3
08:35 < tya99> pppingme: i think it might be possible with subclasses
08:35 < cocktail> eth1 & eth2 <--- LXD | host ---> linux bridge <----> eth0 <---> router <---> eth3
08:36 < detha> cocktail: is eth3 on the same host?
08:36 < cocktail> eth0, eth1, and eth2 are on the same host. eth1 and eth2 are in LXD containers.
08:36 < cocktail> eth0 is a physical NIC.
08:36 < cocktail> eth3 is a physical NIC on another physical computer.
08:36 < tya99> pppingme: does this look familiar? https://manpages.debian.org/testing/isc-dhcp-server/dhcpd.conf.5.en.html#SUBCLASSES
08:37 < Phil-Work> so yes, assuming they all use `router` as their default gateway (or have static routes), it'll work fine
08:37 < detha> cocktail: that sounds like a very basic vm/container setup then
08:37 < cocktail> Except that eth0 is plugged into br0.
08:39 < cocktail> eth1 and eth2 get IP addresses from router through br0 and eth0.
08:39 < tya99> pppingme: then again that is unlikely to work hmm
08:39 < Phil-Work> presumably DHCP also issues the same router as the default gateway?
08:39 < cocktail> yes
08:39 < Phil-Work> that bit is fine then
08:39 < Phil-Work> what about the eth3 side?
08:39 < cocktail> eth3 is another computer.
08:39 < cocktail> another physical computer like a smartphone.
08:39 < Phil-Work> does it use the router as its default gateway?
08:39 < cocktail> yes
08:39 < Phil-Work> all good then
08:39 < cocktail> I'm not sure if the router will like two IP addresses from one physical NIC.
08:39 < detha> ehm, does eth3 sit in the same DHCP range as the rest?
08:39 < cocktail> yes
08:39 < Phil-Work> waitwhat
08:39 < cocktail> The goal is to put eth1, eth2, and eth3 in the same subnet.
08:40 < Phil-Work> this "router", does it have a switch built in?
08:40 < detha> so that works as a bridge. OK, still fine
08:40 < cocktail> Of course.
08:40 < cocktail> built in
08:40 < Phil-Work> so if you connect both eth0 and eth3 to the same switch, there's no routing at all
08:40 < cocktail> It is a router.
08:41 < Phil-Work> it sounds like it's a router and a switch
08:41 < cocktail> A router is also a switch typically.
08:41 < Phil-Work> not in the Enterprise world
08:41 < detha> Ehm, no
08:42 < detha> a router is a router. a switch is a switch. an L3-switch is a hybrid
08:42 < cocktail> How would the computer that has eth0 gain access to the internet if eth0 is plugged into br0?
08:42 < cocktail> Shall br0 provide access to the internet?
08:42 < detha> its default route sits on br0
08:42 < Phil-Work> you'd usually put the IP on the br0 interface
08:43 < Phil-Work> so the eth0 interface has no IP
08:43 < cocktail> I have never tried that setup, though.
08:43 < cocktail> My consumer router could be confused by three IP addresses from eth0.
08:44 < Phil-Work> I'm sure it'll be fine - it's no different than connecting an external switch to it
08:44 < detha> no consumer router would have a problem with that. A proper switch may have options to limit things to one MAC per port
08:46 < cocktail> Why would MACVLAN require VEAP support in router, then?
08:46 < cocktail> VEPA
08:46 < cocktail> Without VEPA support in router, MACVLAN sub-interfaces behind a parent interface cannot communicate with each other.
08:47 < detha> that's a wholly different beast. what you have describe thus far is basically one flat network.
08:47 < cocktail> eth1 and eth2 behind a linux bridge can communicate with each other.
08:48 < cocktail> Ah, it seems that the trick is that when eth1 sends packets to eth2, linux bridge doesn't send the packets to eth0.
08:48 < detha> that is the idea of a bridge - if it knows where the destination MAC is, it only sends there. If it doesn't, it floods.
08:48 < Phil-Work> Linux bridges have MAC learning - they will broadcast stuff at times but that's like any switch
08:53 < cocktail> Does open vswitch have advantages over linux bridge for my personal setup?
08:54 < cocktail> openvswitch seems quite complex.
08:54 < Phil-Work> openvswitch is a lot nicer than Linux bridges but for your usecase it's not going to make your life much better
08:55 < cocktail> How nice is it?
08:55 < cocktail> How is it nice?
08:55 < squ> it is nice how?
08:55 < Phil-Work> it's got some good features such as port mirroring
08:56 < Phil-Work> Linux Bridges also handle multicast really really badly - openvswitch doesn't implement IGMP Snooping so it handles multicast more reliably
08:57 < cocktail> IGMP snooping == unreliable multicast?
09:00 < cocktail> When will I need openvswitch?
09:04 < Phil-Work> cocktail, unreliable IGMP snooping == unreliable multicast
09:04 < Phil-Work> I use openvswitch as standard now - it's not a lot more hassle than native bridges
09:10 < cocktail> Phil-Work: https://kumul.us/switches-ovs-vs-linux-bridge-simplicity-rules/ says linux bridge's simplicity wins over openvswitch.
09:10 < Phil-Work> it does, for a simple bridge
09:11 < Phil-Work> but it's a pain in the ass to rip out in production and replace with openvswitch when you want some fancy stuff later down the line
09:11 < cocktail> like multicast?
09:14 < Phil-Work> like anything openvswitch does that a simple bridge doesn't
09:38 < cyberjames> wom 7
09:45 < winsoff_> The same switch can have multiple IP addresses, right? Does a switch ever pretend to have more than one per port?
09:45 <+xand> winsoff_: switches don't usually use IP addresses except for management of the switch
09:47 < winsoff_> xand: true. damnit.
09:48 < winsoff_> xand: the ex2200 from juniper's manual says "Featuring complete Layer 2 and basic Layer 3 switching capabilities"
09:48 < winsoff_> What the hell is layer 3 switching
09:51 <+xand> ah, it's routing/switching combined
09:51 < winsoff_> ahhh, okay. what a dumb name, then. isn't "gateway" a superior label here?
09:52 < Phil-Work> layer 3 switching is a switch that can also do routing
09:52 < Phil-Work> I've never fully agreed with the terminology - is it a switch or a router with 48 ports...?
09:52 < Phil-Work> then again, some routers do switching quite well
09:53 < winsoff_> actually, is a switch even really necessary in those cases? for example, if it was ipv6, could they just route to each other via slaac or whatever
09:54 < Phil-Work> a switch is almost always necessary unless you have two hosts connected directly together
09:56 < winsoff_> interesting. i guess all routers are expecting frames, right
09:56 < regdude> Layer3 switching is a very limited static routing, but by using the switch chip. There are Layer3 switches that are simply Layer2 switches with a powerful CPU and can act as a router and as a switch at the same time
09:57 < winsoff_> guh, the marketing terms are goofy
09:58 < regdude> its all about making things sell better, ultra fast switching backplane with dedicated routing hardware... whatever you can think of to scam people
09:58 < winsoff_> Do you guys know how I can tell which device generated the dhcp lease for my device?
09:59 < winsoff_> i guess the better term is "how to find the ip address of the dhcp server on the network"
10:01 < winsoff_> answer: ip route
10:10 < mcdnl> Phil-Work: a layer 3 switch is a switch with a router connected to it internally. so no 48 port router really. also, layer3 switches usually dont have spi, so no natting/firewalling, just acls and routing
10:13 < winsoff_> ssh-hostkey is the sickest script ever.
10:15 < winsoff_> Okay, so say I've got a network like this.  DEVICE1--SWITCH--ROUTER--ME. If I do a traceroute from me to device1, the switch should not decrement the TTL, right?
10:15 < mcdnl> nope
10:15 < mcdnl> unless its routing
10:15 < mcdnl> you should see only 1 hop, the router itself
10:15 < regdude> only routing impacts TTL
10:15 < mcdnl> who's the gateway for device1?
10:16 < tya99> hmm  i was trying to do this
10:16 < tya99> https://serverfault.com/questions/549599/assign-two-static-ip-addresses-to-one-mac-address
10:16 < winsoff_> mcdnl: that's a really good question.
10:16 < tya99> they say that works but i see
10:16 < tya99> WARNING: Host declarations are global.  They are not limited to the scope you declared them in.
10:16 < winsoff_> mcdnl: so in the case that the switch has extra features and actually routes, then it would do that, yeah?
10:16 < tya99> so i think that person might be wrong
10:17 < mcdnl> tya99: it doesnt make sense to have to interfaces with the same mac in the same broadcast domain
10:17 < mcdnl> s/to have to/to have two/
10:17 < tya99> they are different broadcast domains though
10:17 < tya99> so say you have a router, with two VLANs, 2 and 3
10:17 < mcdnl> then you set up a dhcp server in each broadcast domain
10:17 < tya99> ah!
10:17 < tya99> i thought that might be the case
10:18 < tya99> which means what they have said is wrong
10:18 < mcdnl> you can give a lease in each vlan for the same mac address
10:18 < tya99> you'd need two services?
10:18 < tya99> mcdnl: yes
10:18 < tya99> or can it be handled by one dhcpd service?
10:18 < tya99> because dhcpd can listen on multiple interfaces
10:19 < mcdnl> i haven't used dhcpd, but i guess so
10:19 < tya99> ie DHCPD_IFACE="eth0.2 eth0.3 eth0.4"
10:19 < mcdnl> i think you'll need a different configuration (probably instance too) for each vlan
10:19 < tya99> i thought i might
10:19 < mcdnl> winsoff_: yeah, it would as long as it has an IP and it's the gateway of your device
10:20 < tya99> yup
10:20 < mcdnl> but that'd mean the switch itself has another network to talk to the router, and the router should have static routes to know how to get to the device1 subnet
10:21 < mcdnl> well, that's if things are done right
10:21 < mcdnl> because you can do that in a single broadcast domain too but its ugly and bad practice
10:22 < winsoff_> actually, i noticed something weird the other day
10:22 < Phil-Work> mcdnl, depends on the switch
10:22 < Reventlov> What happens if I do not plug one of the three antennas of my WiFi adapter ?
10:22 < Reventlov> does it fry ?
10:22 < mcdnl> of course
10:23 < Phil-Work> Juniper EX and QFX, for example, support family inet on individual ports making them effectively 48 port routers
10:23 < Phil-Work> whereas others only allow IPs to be assigned to VLANs so you'd need a VLAN per port to make it a 48 port router
10:23 < mcdnl> mikrotik does as well on their switches
10:23 < winsoff_> on a network (not under my administration), i tracerouted using two different methods (i think udp for one and tcp for another), and udp sent me all the way out to an external network before coming back to the device that was literally one hop away. tcp routed fine. what usually causes that?
10:24 < mcdnl> winsoff_: no idea without knowing network setup
10:24 < winsoff_> at least we can bond over our ignorance.
10:24 < mcdnl> you can do such a thing in many ways
10:26 < tya99> Reventlov: i had heard its not good to run wifi equipment with no antennas
10:27 < mcdnl> Phil-Work: the question is, is that managed at cpu lvl or at switching chip lvl?
10:27 < mcdnl> in a true router, each interface has its own chip
10:28 < regdude> what kind of chip?
10:28 < mcdnl> and to switch between them you bridge them, making cpu take care of the switching
10:28 < Phil-Work> this is assuming the switches have switching ASICs and don't just do it in CPU anyway
10:28 < Phil-Work> as someone said, it's all marketing bullshit
10:28 < mcdnl> yes
10:29 < mcdnl> anyways, making a switch switch packets in cpu its pretty shitty
10:29 < regdude> note that there many SoCs that simply connect each PHY directly to the SoC
10:29 < mcdnl> asics dont bottleneck as easily
10:29 < mcdnl> or hang
10:29 < mcdnl> ha
10:30 < tya99> okay i have verified it does work
10:31 < mcdnl> :)
10:31 < tya99> mcdnl: even though that dhcpd server gives me an error
10:31 < tya99> it works anyway like i want
10:31 < mcdnl> what error?
10:32 < tya99> mcdnl: Host declarations are global.  They are not limited to the scope you declared them in.
10:32 < mcdnl> that aint right
10:32 < tya99> https://serverfault.com/questions/549599/assign-two-static-ip-addresses-to-one-mac-address
10:32 < tya99> but it does work
10:32 < tya99> i did what that example has, in one VLAN i get 192.168.2.25, then in the other VLAN i get 192.168.3.25
10:32 < tya99> which is what i wanted
10:33 < mcdnl> well, are global by target network
10:33 < tya99> like "nms2" in that example
10:34 < tya99> i am using Internet Systems Consortium DHCP Server 4.3.5
10:34 < mcdnl> then its a software limitation
10:34 < tya99> true because it works
10:35 < tya99> so the software is limited by giving me an error that is not right
10:35 < tya99> i might post about it on dhcp-users
10:35 < tya99> you should only get errors for things that don't work
10:35 < tya99> or can't be done
10:35 < tya99> not for things that do work and can be done because they work
10:36 < tya99> all i declared on my workstation was
10:36 < tya99> iface eth9 inet manual
10:36 < tya99> iface eth0.2 inet dhcp
10:36 < tya99> eth0 that should be not eth9
10:37 < tya99> did a dhcp lease got the 192.168.2.25 address, then i changed it to eth0.3 and got the 192.168.3.25 address
10:37 < tya99> i rebooted inbetween so the interface certainly got scrubbed
10:38 < mcdnl> what, if you declared it on /etc/network/interfaces it should come back when you reboot
10:38 < tya99> yeah
10:39 < tya99> well i set one vlan, did a dhcp request
10:39 < tya99> got the result i wanted
10:39 < tya99> changed the vlan
10:39 < tya99> rebooted
10:39 < tya99> did dhcp request again and got the other address
10:44 < tya99> the logs indicate it works too
10:45 < tya99> what is weird is it offers it then removes it from the pool
10:45 < tya99> https://dpaste.de/RtNA
10:46 < winsoff_> Hmm. Is it ever possible to detect a switch on the network, then? Are there no simple ways to see them?
10:47 < bezaban> winsoff_: multiple macs behind an interface is a giveaway
10:48 < winsoff_> bezaban: sorry, i'm stupid; how would a client detect that?
10:48 < cocktail> It seems that Openvswitch is somewhat complicated for my home lab.....
10:48 < bezaban> winsoff_: it doesn't, your core switches / routers would
10:49 < winsoff_> bezaban: ah, okay. makes more sense.
10:49 < regdude> some switches support sticky MAC addresses. You can use ACL rules to limit MAC addresses on a switch port (plus with static MAC learning)
10:50 < regdude> the detection works like this: someone will be complaining that the newly added switch is not working
10:50 < bezaban> regdude: haha yes
10:52 < mcdnl> that's the only way to detect dumb switches
10:52 < mcdnl> if they have stp or lldp or any other kind of protocol you may detect them, but its not trivial
10:53 < winsoff_> Ah! That would be another consideration.
10:53 < winsoff_> mcdnl: Slightly off-topic, but how did you get all of the knowledge you have re: networking?
10:53 < mcdnl> work and tinkering
10:54 < winsoff_> mcdnl: Makes sense.
10:54 < mcdnl> i've had to deal with all these things before
10:55 < mcdnl> like, figure out the structure of a network composed by around 50 switches
10:55 < mcdnl> most of them shitty and old dlink 1100/1210
10:55 < winsoff_> lol
10:55 < winsoff_> Eww.
10:55 < mcdnl> yes, exactly
10:56 < winsoff_> I guess you can start at the gateway and then plug into one end of cables, right?
10:56 < mcdnl> well, first map physical connections
10:57 < mcdnl> and then.. kinda, depends on circumstances
10:58 < mcdnl> wireshark, lldp and stp are good tools for this
11:00 < winsoff_> What the hell did people do before wireshark?
11:01 < mcdnl> tcpdump? xd
11:02 < mcdnl> before wireshark there were hubs
11:02 < mcdnl> oh, fun times at school with arp poisoning
11:02 < mcdnl> and even without it you could sniff everything
11:02  * mcdnl laughs 
11:03 < Fuk> the cisco catalyst 3560 has auto-mdix.  so i can use a straight or crossover cable interchangably.  but what about PoE?  If I use the wrong cable to connect an access point or IP phone will it catch fire or something?
11:03 < mcdnl> nope
11:04 < mcdnl> poe goes through the pairs that are left untouched on crossover cables
11:04 < winsoff_> mcdnl: even today, it feels like that.
11:04 < Fuk> cool
11:05 < mcdnl> also, active poe wont fry things
11:05 < zenix_2k2> not sure if this is python or networking's related but what is so different between sock.bind(("127.0.0.1", 8080)) and sock.bind((IPv4, 8080)) with IPv4 as the private IP that the DHCP server from my router assigned to me ( more specifically then Inet in ifconfig )
11:05 < mcdnl> if it doesnt detect a poe compatible device it doesnt send any current
11:05 < Fuk> and do cisco switches have some sort of overcurrent protection?  so if someone physically damages a cable it would cut off without damage to either device?
11:06 < Atro> sure it busts the port
11:06 < Atro> lol
11:06 < mcdnl> no
11:06 < Fuk> like say I run a ethernet cable across the ground outside from our house to our spare garage (<200 feet), and it's providing PoE to the access point in the garage
11:06 < mcdnl> each port has a current limit
11:06 < Fuk> further suppose that my dad runs said cable over with his half-ton pickup at some point in the near future
11:07 < djph> bad news
11:07 < Fuk> does the resulting short-circuit permanently destroy PoE on the port, or just shut down the AP and trip some overcurrent protection?
11:07 < mcdnl> it just stops sending current
11:07 < Fuk> no fiery explosion?
11:07 < mcdnl> no
11:07 < mcdnl> https://en.wikipedia.org/wiki/Power_over_Ethernet
11:07 < Fuk> nice, dude
11:08 < zenix_2k2> Uhm, hi ?
11:08 < AnpMoot> the only situations i've experienced faulty poe is after lightning strikes
11:09 < mcdnl> that's what i was about to say
11:09 < mcdnl> unless you forcefully input current to the port, it shouldnt break
11:09 < bezaban> zenix_2k2: you can't reach 127.0.0.1 from outside the machine
11:09 < Fuk> I was thinking it would be smart to bury a cable
11:09 < meowschwitz> couple of days ago there was a flood
11:09 < meowschwitz> so my internet line went down (I rent an apartment)
11:09 < Fuk> but I am pretty sure the path it would take crosses utility lines
11:09 < meowschwitz> I opened the box
11:09 < Fuk> so that's a no-go
11:10 < meowschwitz> the one that's sitting outside my place and where my ethernet termination goes
11:10 < Fuk> right now I have a wireless bridge between two AIR-AP1242's
11:10 < meowschwitz> and inside there was an $5 tplink switch
11:10 < meowschwitz> powered by a handmade "POE" device
11:10 < mcdnl> lol
11:10 < Fuk> meowschwitz: that's funny.
11:10 < mcdnl> meowschwitz: thats another question. we were talking about 802.3af/at active poe
11:10 < Fuk> now fuck off.  your nickname has offended the world order.
11:11 < meowschwitz> I dont know about any active poe or anything that thing had 2 capacitors and a transistor
11:11 < Fuk> its clearly a feline holocaust joke
11:11 < meowschwitz> it took them 2 days to fix
11:11 < meowschwitz> because the dipshits had the WHOLE NEIGHBOURHOOD wired that way
11:11 < mcdnl> lol what kind of isp do you have?
11:12 < Fuk> mcdnl: 802.3af has active and passive.  but even passive mode is auto controlled
11:12 < meowschwitz> this is bulgaria
11:12 < meowschwitz> that switch has been sittin in that box for a decade I bet
11:12 < Fuk> for gigabit it has only active ofc because there is no spare pair
11:12 < zenix_2k2> bezaban: if that is the case then why doesn't this work --> https://pastebin.com/sFSyf86i ??? but when i tried both with 127.0.0.1, it did ( and i tried both of these scripts in my localhost )
11:12 < Fuk> anyway
11:13 < Fuk> do any of you have any sources for black-market wifi gear?
11:13 < meowschwitz> https://drive.google.com/open?id=0B-rRREUntMQ4QWZBZWxDS0prV2s
11:13 < meowschwitz> bulgarian IT everybody
11:13 < Fuk> i mean things that run at a higher wattage than the jewish world order has authorized, so they actually work
11:13 < zenix_2k2> and when i mean in my localhost, i also did try with the IPv4
11:14 < meowschwitz> Fuk: I am the jewish world order so chill
11:14 < mcdnl> Fuk: https://www.wifipineapple.com/
11:14 < IamTrying> 1) I have a Australian client. 2) it will be about more networking application 3) should i offer him United states server or European servers? 4) which servers are nearest for Australia
11:14 < Fuk> lol
11:14 < mcdnl> oh
11:14 < bezaban> zenix_2k2: it's the case. You can only reach the loopback device locally, and that'll be an indication that your filtering isn't set up correctly
11:14 < mcdnl> you didnt mean that. xD yes there are
11:15 < bezaban> since localhost isn't usually filtered
11:16 < mcdnl> zenix_2k2: do you want to bind to an specific ip for a reason or just bind that port to all interfaces?
11:16 < zenix_2k2> and by loopback, you mean 127.0.0.1 or localhost ?
11:16 < mcdnl> localhost is an alias for 127.0.0.1
11:16 < bezaban> loopback = 127.0.0.1 = localhsot
11:16 < zenix_2k2> ok then
11:16 < bezaban> or rather loopback = 127.0.0.1/8
11:16 < mcdnl> yeah, that's right
11:17 < zenix_2k2> actually my purpose was to redirect all traffics from port 8080 to port 9090 ( outside my machine )
11:17 < zenix_2k2> so that script was a bit likely closed to my scenario
11:18 < IamTrying> How do i tell from Australia PC. What is nearest server of mine to them, i have two datacenter United states and Europe. Should i just do ping?
11:18 < djph> look at a map
11:19 < IamTrying> djph: that is confusing they both look same distance. thats not tech meassurement technique.
11:19 < IamTrying> with tech logic. how do i determine the networking distance?
11:19 < djph> IamTrying: then check latency -- but ~latency~ doesn't equate to ~distance~.
11:20 < IamTrying> djph: 1) Australia if has straight cable to United states without ocean involved then its best to use United states 2) but if Australia has thousands of hop to Europe its worst.
11:20 < djph> I mean, you can have two machines that're 3 meters apart connected via a good and a shitty cable, and the latency would differ.
11:20 < IamTrying> so to determine i might need to use simply the Ping and traceroute?
11:20 < djph> there aren't "thousands" of hops.
11:21 < IamTrying> OK
11:21 < djph> IIRC, packet TTLs start at 64.  They'd better reach their target before hitting zero.
11:22 < IamTrying> I will remotely login to Australia. And do ping/traceroute to my United states and Europe server to justify them with tech logic.
11:22 < IamTrying> OK
11:22 < Fuk> djph: they start at 255 IIRC
11:22 < Fuk> but still its gonna be less than 64 hops
11:24 < detha> TTLs start at varying numbers, different per OS. Part of OS fingerprinting is looking at that.
11:25 < djph> Quick google -- AIX (TCP) -> 60; *BSD (TCP/UDP) -> 64; HP-UX 9.x (TCP/UDP) -> 30; HP-UX 10+ (TCP/UDP) -> 64; Linux -> 64; Windows pre-98 (TCP/UDP) -> 32; Win98+ (TCP/UDP) -> 128;
11:26 < djph> granted, it's a random blog post, so no guarantees it's accurate.
11:27 < pgouv> hello
11:27 < pgouv> is 500ms ping time too much ?
11:27 < djph> depends
11:27 < pgouv> it is a web app and it is very slow when comparing it with local
11:27 < djph> from where to where? via what network medium (e.g. satellite?)
11:27 < pgouv> europe to usa
11:28 < pgouv> no normal landline
11:28 < djph> not at all
11:28 < pgouv> rtt min/avg/max/mdev = 165.127/496.557/1015.299/223.308 ms, pipe 2
11:28 < pgouv> maybe that is what is slowing down
11:28 < pgouv> not the app itself
11:28 < djph> I mean, sure it's on the high side for a link, but trans-Atlantic rtt isn't exactly "super fast"
11:29 < pgouv> i see 15 hops with traceroute
11:31 < djph> to Iceland right now, I'm seeing ~125 ms (from US east coast)
11:31 < djph> (easiest random euro IP to look up ... thanks ccp games ... )
11:32 < shanee> Hi. I'm running a websocket server and connecting to it from Chrome over the router. When I send a message I'm getting a reply 300ms later (!). However, if I spam loads of packet, the latency drops to 5ms. Is this normal?
11:32 < djph> could be, services need setup, etc.
11:35 < pgouv> what is weird is that it is on 192.168.x.x/23 network and pinging 192.168.x.1 gateway takes avg 130ms
11:35 < pgouv> it doesnt seem normal to me
11:35 < djph> well first off, there's no point to masking an RFC1918 address.
11:36 < djph> secondly, 130ms from teh local router ... over what medium? wifi?
11:37 < TandyUK> shanee: it can be yes, if your app takes a stupidly long time to load and start responding to a request,  but when you spam it, the ptocess never dies and handles multiple requests
11:38 < TandyUK> eg apache > php,  for one request, apache loads php, your app runs and responds, then the php process dies
11:38 < TandyUK> but for multiple requests, the webserver can re-use the same php process more than once
11:38 < mcdnl> in local you have 0ms ping (latency actually)
11:38 < mcdnl> oopsie
11:38 < eirirs> 0ms ?
11:39 < mcdnl> ignore that
11:39 < eirirs> noted
11:44 < mcdnl> TandyUK: fgci?
11:44 < mcdnl> fcgi*
11:45 < TandyUK> there are various methods, but fcgi is what i would use for any large site
11:50 < detha> TandyUK: why not fpm ?
11:56 < monoxane> hey, ive got an issue setting up pxe next-server on my fortigate 60c running fortios 5.0 (yea yea its out of date, homelab and no support contract), when i try and `set filename "pxelinux.0"` like newer guides say it gives me a command parse error and if i do `set option1 67 '7078656c696e75782e30'` (the pxe options for filename and the filename in
11:56 < monoxane> hex) the client gives `PXE-E53: No boot filename recieved`
11:56 < monoxane> (#fortinet has like 20 people and im assuming they all sleep at this time so if anyone not in there could help that would be nice)
12:07 < spaces> linux_probe yo bitch
12:08 < shanee> TandyUK, That's an interesting idea and seems plausible. It doesn't seem to be the case though. I've tried it with a NodeJS server that runs constantly and the issue still exists. :W
13:16 < gent2> gretes
13:17 < gent2> question, what are the utilities to test ethernet connection accross an installation? such as 100tbase 1000tbase, quality, drop packets.?
13:17 < gent2> it's kinda tedious to use m$$ 'properties' or o$x.
13:17 < gent2> is there something faster that can be use on a terminal?
13:18 < gent2> what I usually do is load a youtube 1080 vid, if the grey caching bar loads fast I usually assume things are sound.
13:19 < TandyUK> iperf
13:19 < djph> a fluke?
13:19 < gent2> TandyUK: any guides on how to carry each test? or a guide of list of tests?
13:20 < djph> gent2: what're you *really* trying to test?
13:20 < gent2> TandyUK: thing is, there's electrical wiring in some places.
13:20 < gent2> djph: whether the shielded ethernet cable is really sending 100% packets intact.
13:21 < gent2> djph: fluke?
13:21 < djph> I mean, are you just trying to qualify (easy and cheap) or certify (easy and expensive) that the cabling will be suitable for gbit?
13:21 < detha> gent2: on new installations: a fluke, cable-iq or sp. On existing: look at the recv error counters in your switch.
13:22 < gent2> detha: but smartphones and tablets are dirt cheap.
13:22 < djph> love me my cableIQ ... but I really would like a certification one (but holy hell are those expensive)
13:22 < djph> gent2: and they're the wrong fucking devices.
13:22 < gent2> detha: how does a fluke look like?
13:23 < monoxane> gent2 its an actual standalone device for testing the cables electrical properties as well as raw packet transfer
13:23 < gent2> lol, crappiest fluke model starts at >100$
13:23 < monoxane> and if youre loosing packets on an eth run id be very concerned
13:24 < djph> monoxane: I'd be concerned with "loose" packets on wifi as well.
13:24 < djph> :)
13:24 < gent2> and the calculater display fluke 1000$??
13:24 < djph> and?
13:24 < monoxane> djph lol
13:24 < monoxane> im tired
13:24 < djph> go look at the DSX-8000 ... IIRC, fully kitted out it's like $40k
13:25 < monoxane> gent2 fluke make a heap more than just eth testers
13:25 < monoxane> the cheap stuff is mostly DMMs and some low end meggers
13:25 < pingo> So what to do when you whitelist a port in windows firewall on all interfaces and it is still unreachable from the public IP while reachable locally from the same machine :/ ?
13:25 < pingo> Do I need to reload the firewall or something?
13:26 < djph> CableIQ kit is ~1300 or so.  Fluke + 7 return adapters + probe + something else I'm forgetting.
13:26 < djph> pingo: did you remember to forward the port in your router?
13:26 < pingo> There is no router, this machine has a public IP
13:26 < gent2> TandyUK: how can I reproduce the 1000$ testers functionality with free iperf?
13:26 < gent2> I am interested in the free option.
13:26 < djph> gent2: you can't.
13:26 < detha> pingo: does it also have a route out ?
13:27 < pingo> What do you mean? I think it does because if I open firefox I can browse the net just fine on this machine
13:28 < detha> gent2: you can not. You can get a good idea, but there is a reason those testers are $1000. It takes $500 to make something like that, and you pay $500 for the name.
13:29 < gent2> detha: I don't need 1000$ device for a mere total of 100m  installation.
13:30 < monoxane> well you asked for it
13:30 < monoxane> plug it into two laptops and transfer a file
13:30 < monoxane> if it fails re run it
13:30 < monoxane> if it succeeds what more is there?
13:30 < gent2> monoxane: one part worked, but I am unsure if it has 0% packet loss
13:31 < monoxane> its
13:31 < monoxane> a
13:31 < monoxane> fucking
13:31 < monoxane> cable
13:31 < monoxane> its gonna work or not work at gig speeds
13:31 < djph> ^
13:31 < monoxane> the nics will error correct to the best of their ability if anything goes wrong
13:31 < gent2> it did connect multiple devices.
13:31 < monoxane> if you are really unsure get it redone with cat 6a by a licensed electrician or data cabler
13:31 < djph> and anyway, 0% loss is a stupid metric ... It's great to have, but holy shit have we gotten way off course in that regard.
13:32 < monoxane> they will have the tools to check
13:32 < detha> if it at least sorta works, and you don't see framing errors on the switches/nic, the cable is fine
13:32 < gent2> monoxane: it's all shielded, but not cat6a
13:32 < monoxane> did you even read what i said?
13:32 < djph> monoxane: apparently not :)
13:32 < monoxane> english isnt your first language is it?
13:33 < gent2> and the part working is the one with the most lenght.
13:33 < gent2> monoxane: no it aint.
13:33 < gent2> wait, yes it aint.
13:33 < monoxane> okay
13:33 < djph> excluding 'aint' ... the first one was correct.
13:34 < monoxane> well, if the cable connects its fine
13:34 < monoxane> if it doesnt connect its not fine
13:34 < monoxane> theres not much more you can do
13:34 < gent2> ok it works. what if I still want to benchmark the cable with data transfer and see some simple metrics?
13:34 < gent2> what if that?
13:34 < djph> then you spend $1000 and get a tester.
13:34 < TandyUK> run iperf
13:34 < monoxane> then copy a file and look at the nic errors
13:34 < TandyUK> or justa fluke testers, for more like $8500
13:34 < monoxane> iperf is just a fancy way of doing that
13:35 < TandyUK> you can hire fluke testers usually, theyre about £200/wk
13:35 < djph> TandyUK: cableIQ should cover it.  Although, maybe I'm forgetting a limitation of it.
13:35 < gent2> alright, i'll study the iperf solution.
13:36 < TandyUK> yeah for simple verification cableIQ would be fine
13:36 < TandyUK> for axctual certification, you need the DSK-8000 or equivalent
13:36 < TandyUK> DSX*
13:36 < djph> I want one of those ... but alas, I'm poor.
13:36 < TandyUK> yeah likewise, thats why we hire them
13:37 < gent2> currently 1080 youtube clip loads way faster than playback.
13:37 < TandyUK> fully kitted out my supplier quted me like £12000 for one
13:37 < gent2> is there a certification valid for small office and homes?
13:37 < TandyUK> gent2: im not sure what your trying to show/verify
13:38 < TandyUK> gent2: yes, the fluke DSX-8000
13:38 < gent2> because what  I did is fix the previous electrician's atrocious insntallation.
13:38 < TandyUK> this is why propber cabling contracotrs charge a lot to certify your installation for the next 25 years
13:38 < djph> TandyUK: yeah, sounds about where I got quoted (i.e. 15k USD or thereabouts)
13:38 < TandyUK> done properly, the cable manufacturer will warranty the installation
13:39 < djph> but that requires ~certification~.  ~qualification~ (which the $1k cableIQ can do), only says "yup, this'll do gbit"
13:39 < gent2> I told him to install cat6 and all. then he went on making his own cables from scratch without shielding and using ONE sleve for TWO ethernet connection (16 little cables inside one sleeve).
13:39 < TandyUK> gent2: wtf that cant even be ethernet
13:40 < djph> "making his own cables"?
13:40 < TandyUK> twist ratios are VERY important
13:40 < TandyUK> what is the actual cable
13:40 < gent2> then after opening the guides some long portions the guy ran out of outer cover and 16 cables loose.  No shielding anywhere, even the wall plugs.
13:40 < djph> TandyUK: I have the feeling there's a language barrier
13:40 < TandyUK> it should have marking on it, give us a photo
13:41 < gent2> djph: I swear, I can take pics of his work of art.
13:41 < TandyUK> please do, we dont understand what youre saying tbh
13:41 < djph> sure, take pics
13:42 < grawity> TandyUK: idk I can imagine perfectly well what they're saying
13:42 < grawity> I'm just not sure I want to. ;_;
13:42 < gent2> yeah, when I explained the set up at the store it took them like 4 times after understanding. Then their faces got twisted.
13:43 < grawity> but it's not the first or second story of electricians doing their own thing with ethernet
13:43 < TandyUK> grawity: likewise lol
13:43 < TandyUK> Im half expecting to see photos of 16core alarm cable
13:43 < TandyUK> or 8+ pair phone cable
13:45 < gent2> TandyUK: thanks for iperf suggestion
13:46 < TandyUK> np, now give hpotos :P
13:46 < TandyUK> we want to see this horror show
13:48 < gent2> TandyUK: I am not there, but soon.
13:57 < TandyUK> the suspense is killing me
13:59 < djph> "The suspense is terrible, I hope it'll last"
14:01 < TheChosenOne> hey, are there any security or privacy concerns of using a 2nd hand modem, like someone attaching some sort of hardware device inside the casing or something
14:02 < Wulf> TheChosenOne: hardware device? you mean like a nuclear warhead?
14:03 < Wulf> TheChosenOne: or perhaps a high voltage generator to fry your computer?
14:03 < regdude> modifying software seems to be more popular these days instead of placing a nuclear bomb inside
14:03 < regdude> still popular than adding a charged capacitor
14:03 < djph> regdude: I use thermite
14:04 < Wulf> djph: inside your modem? why?
14:04 < djph> Wulf: ensured destruction
14:04 < regdude> or tampering protection?
14:04 < Wulf> TheChosenOne: you should check your modem for a hidden spy cam.
14:04 < djph> that too
14:54 < alexandre9099> hi, how are these conectors suposed to be crimped https://i.ebayimg.com/images/g/JF4AAOSw0oBZyGe~/s-l500.jpg ?
14:54 < djph> wht're those, the EZ-rj45 connectors?
14:54 < Hack5190> they look like it
14:55 < UncleDrax> the pass-through plugs?
14:55 < UncleDrax> ya guess those are the -EZ *shrug*
14:56 < djph> I mean, there's nothing different about them ...
14:56 < alexandre9099> yeah, but i mean, how are the wires on the end suposed to be cut?
14:56 < UncleDrax> although the picture doesn't have anything but a crimper, some wire, and a blade about to cut said wire.
14:56 < UncleDrax> so there are no connectors in said picture afaik
14:57 < UncleDrax> Insufficient information to fulfill request.
14:58 < alexandre9099> (that is one of the photos on this listing https://www.ebay.com/itm/352147234362)
14:58 < meowschwitz> is this a troll
14:58 < Hack5190> hacksaw, diagonals, swiss pocket knife, you get the idea :)
14:59 < UncleDrax> Listing was removed. that said, there are YouTube videos demonstrating various ways to crimp and terminate regular and -EZ type connectors
14:59 < Hack5190> that finger nail clipper the guy across from you keeps in his desk drawer (yuck)
15:00 < alexandre9099> UncleDrax, hmm, maybe ebay does not allow the link just with the id, try this one https://www.ebay.com/itm/100Pcs-Cat5-Cat5e-Network-Connector-Metal-Cable-Modular-Plug-Terminals-8P8C-RJ45/352147234362?hash=item51fd9c5e3a:g:zHMAAOSwP6pZl9Uv
15:00 < alexandre9099> but yea, maybe it is that, never saw those, so i was asking :)
15:13 < winsoff> what the hell is port 5101 used for these days
15:14 < djph> whatever the hell you want to use it for
15:14 < djph> :P
15:16 < winsoff> djph, it's true. nmap's service detection just gives me a ?, though. Must be MAGIC
15:16 < TandyUK> just means its not an assigned port
15:17 < winsoff> TandyUK, to clarify, it gives me "admdog?" which I assume it's clearly not admdog
15:18 < mcdnl> there may be a way to make it test all known signatures
15:19 < mcdnl> anyway, if its an admdog (asp), if you send a GET / HTTP/1.1\r\n it should return something
15:20 < UncleDrax> it prob puts a question mark since it's a non-registered/well-known port so it could literally be used for whatever someone wants without expectation
15:20 < winsoff> mcdnl, wouldn't a browser do that by default? I get a connection reset.
15:21 < mcdnl> ya, should work too
15:21 < mcdnl> UncleDrax: it puts a question mark because a -sV was done but it didnt match the signature for that port
15:21 < mcdnl> winsoff: am i right?
15:22 < winsoff> mcdnl, to clarify, when I open the ip address in the browser (ip:5101), I get a "connection was reset"
15:22 < mcdnl> winsoff: try https or openssl s_client
15:22 < winsoff> https gave another error. s_client?
15:22 < mcdnl> to test ssl/tls connections
15:22 < winsoff> ahhh
15:22 < mcdnl> it gives you info about certificates and ciphers bla bla bla
15:23 < winsoff> Does windows come with openssl these days? I'm on the desktop.
15:23 < mcdnl> nope
15:23 < winsoff> forsaken
15:23 < mcdnl> you have to install openssl
15:23 < UncleDrax> alexandre9099: tbh easier to buy retail/new 8p8c cat5 connectors so you don't have to guess if the photo used is a stock photo that doesn't match the actual connectors. then go watch some videos (youtube or whatnot) on how to crimp if you're not familar with how to do it. then be preprared to throw out / recrimp a lot of cables because it's easy to mess up (and why many people prefer only
15:23 < UncleDrax> pre-manufacturered cables)
15:23 < mcdnl> i've got a debian running on hyper-v because windows and corporations
15:23 < mcdnl> xD
15:24 < winsoff> i still don't understand how to easily use hyperv
15:24 < winsoff> i heard there is a new gui
15:25 < alexandre9099> UncleDrax, yeah, i already got some experience crimping rj45 connectors (and failed lots of times because i was dumb and didn't check if the wires were touching the end of the connector)
15:25 < alexandre9099> to start with i bought 10 connector but it was like 3€ :D
15:27 < ||cw> I get premade cables unless it's some oddball thing because it's cheaper than paying someone to make them
15:27 < alexandre9099> also, there are some stiff wires that are pretty difficult to order by color :( furtunately the 100m cable i bought has soft wires inside(it says solid cca 24AWG, not sure if that is good) :)
15:28 < mcdnl> yes winsoff, it's pretty easy
15:28 < mcdnl> alexandre9099: 24AWG is good
15:29 < alexandre9099> :) IIRC it was 25€, was that a good price?
15:29 < TandyUK> alexandre9099: CCA :(
15:29 < TandyUK> cheap shit cable, not solid copper
15:29 < alexandre9099> TandyUK, what that stands for? it's some kind of alloy?
15:29 < ||cw> cca is copper clad aluminum.  good that it's 24 because it's not great
15:29 < mcdnl> 40cents per m? pretty good
15:30 < mcdnl> 25cents omg
15:30 < TandyUK> thats a rip off for CCA
15:30 < mcdnl> what is wrong with me
15:30 < TandyUK> i pay that for solid copper
15:30 < mcdnl> oh, didnt seed that
15:31 < alexandre9099> oh :D btw, what are *trusty* sources to buy those cable reel?
15:31 < ||cw> TandyUK: for 24?  at one-off retail?
15:31 < TandyUK> Excel-networking.com
15:31 < TandyUK> no, trade
15:31 < TandyUK> from the manufacturer
15:31 < UncleDrax> ya and if you're buying bulk, it pays to go larger size usually. at least $/meter or part
15:31 < TandyUK> retail it'll be about £50 per roll
15:31 < mcdnl> 305m roll?
15:31 < TandyUK> (305M per roll)
15:32 < mcdnl> here solid copper 305m cat6 roll goes for around 90€
15:32 < TandyUK> cat6 is thicker cable, so it will be more
15:32 < TandyUK> i still only pay about £60/roll for that though
15:33 < mcdnl> ftp
15:33 < winsoff> mcdnl, sanity check because it's getting early: if s_client could negotiate any form of ssl/tls, it would have not reset on me and kicked me back to the terminal prompt, right
15:33 < TandyUK> maybe i just get good discounts :P
15:33 < mcdnl> yes winsoff
15:33 < winsoff> in THAT case, no ssl on it either. 5101 is a MYSTERY
15:33 < alexandre9099> oh 1£ is almost 1€, a while ago there was a big difference
15:33 < mcdnl> 1 pound its around 1,10 euro ?
15:34 < Roq> TandyUK: You have 'ultra-slim cat6' we use in our datacenter. they're not as thick anymore and save quite a bit of space with bundles
15:34 < UncleDrax> ya the GBP is a little depressed still ;] which reminds me I should plan a vacation that way
15:34 < Roq> More expensive tho
15:34 < TandyUK> Roq: the cores must still be 23awg
15:34 < TandyUK> or its not cat6
15:34 < alexandre9099> flat cables are *bad*, right?
15:34 < TandyUK> using s-foil shieldign ad stuff can reduce the outer size somewhat
15:34 < TandyUK> flat ethernet shouldnt exist
15:34 < djph> ^
15:35 < TandyUK> how can it possibly be twisted pair?
15:35 < alexandre9099> :D i remember reading that somewhere
15:35 < mcdnl> alexandre9099: the good thing about utp/stp/ftp is the T, twisted
15:35 < mcdnl> avoids noise
15:35 < alexandre9099> yep :)
15:35 < Roq> They're not flat, they're just thinner
15:35 < Roq> https://sc01.alicdn.com/kf/HTB1B4FtHFXXXXbEXFXXq6xXFXXXr/202467238/HTB1B4FtHFXXXXbEXFXXq6xXFXXXr.jpg
15:36 < mcdnl> pretty interesting, if you twist a conductive pair, their electromagnetic fields cancel eachother
15:36 < alexandre9099> well, i got a cat6 cable outside (i guess it is not outdoor rated) for almost one year and it still rocks :D
15:36 < mcdnl> alexandre9099: that's more about the plastic cover than the cable itself
15:36 < TandyUK> alexandre9099: it'll likely be fine until someone/something makes it move
15:36 < TandyUK> at that point pvc sheath will just snap as the UV from the sun will have made it brittle
15:37 < mcdnl> yep
15:37 < alexandre9099> hmm, better not touch it XD
15:37 < winsoff> mcdnl, we might have talked about this earlier, but if I'm seeing * * * in the traceroute, or if I'm seeing "..." in the nmap traceroute, that means something's decrementing the TTL without returning an actual IP, right
15:37 < alexandre9099> winsoff, AFAIK yes that's right
15:37 < TandyUK> Roq: that clearly says 28 AWG, that CANNOT be cat6
15:37 < mcdnl> winsoff:yep
15:37 < TandyUK> cat6 is 23AWG cable
15:37 < winsoff> Is there any way to eek out what kind of device that might be?
15:38 < TandyUK> winsoff: that just means that hop istn responding to icmp
15:38 < alexandre9099> by flat i meant this ;D ey look it is cat6 and it is 15m, what can possbly go wrong https://www.ebay.com/itm/15m-FLAT-CAT6-Ethernet-LAN-Patch-Cable-Low-Profile-GIGABIT-RJ45-WHITE/380992294458?epid=1937230895&hash=item58b4e90e3a:g:91IAAOSwi5RaQmBo :D
15:38 < TandyUK> which is quite normal
15:38 < mcdnl> lower awg less loss and noise
15:38 < alexandre9099> lower awg means bigger diameter, right?
15:39 < TandyUK> yes
15:39 < mcdnl> yes
15:39 < winsoff> TandyUK, how else would you find that hop's IP? I suppose I could come up from the other side?
15:39 < TandyUK> anythong other than 23AWG cannot be called cat6 though
15:39 < TandyUK> the spec quite clearly states that the conductors must be 23AWG
15:39 < mcdnl> winsoff: you don't, those might be internal transit networks which may not be routable outside
15:39 < winsoff> rude
15:39 < TandyUK> ^^
15:40 < TandyUK> its not uncommmon to see 10.x.x.x ips in the middle of some traces
15:40 < Roq> TandyUK: I found them via fs https://community.fs.com/blog/use-28awg-cable-in-data-center.html
15:40 < mcdnl> if you have any kind of mpls you might see them
15:41 < alexandre9099> btw, talking about traceroute, isn't it suposed to show the routers inside a network where a server is? (for example, my home server is behind 2 routers, one mine and other from isp, but the traceroute ends on the isp router)
15:41 < mcdnl> for very short cables it probably doesnt matter much if its 23 or 25 or 28
15:41 < alexandre9099> mcdnl, well, but the standard should be *up to* 100m, IIRC
15:42 < winsoff> I just realized that I could have just hosted a webserver on some library computer at school for people to play flash games from. This whole time.
15:42 < mcdnl> hah
15:42 < Roq> Yeah, specially for datacenter use within same cabinet connectivity it's a space saver if you have bigger bundles
15:42 < mcdnl> if you can run software, just setup a small webserver on whatever port over 1024
15:43 < mcdnl> for a 50cm patchcord it really doesnt matter
15:43 < mcdnl> unless you have a *ton* of em noise
15:44 < winsoff> alexandre9099, firewalls just drop icmp
15:44 < winsoff> massively rude and against rfc
15:44 < winsoff> but cest la networking
15:44 < UncleDrax> 8000 and 8080 are commonly used alternative HTTP ports. that said, please don't mess with networks that aren't yours.. library and school (and other public sectory community type networks) are often overworked, underpaid, and usually have to deal with 1000 other people thinking they are being 'cool' by messing with thier stuff
15:47 < winsoff> UncleDrax, true, though I am unfortunately out of school, now, and flash games are much harder to play when every browser hates flash by default.
15:47 < winsoff> (understandably)
15:47 < UncleDrax> tbh last couple times I was working with our local school district at a site it was the equivilent of watching starving puppies being put down post-katrina
15:48 < winsoff> lol
15:48 < mcdnl> winsoff: traceroute is not icmp, fyi
15:49 < UncleDrax> ya it was bad. still using a ton of thick-net and stuff like that
15:50 < UncleDrax> ok not that bad. but really close actually
15:50 < winsoff> mcdnl, right. It just uses a specific destip and destport with each iteration increasing ttl from 1, right? But what happens after that? Does the ttl going to 0 make a response with the sourceip from the device that decremented the ttl to 0?
15:51 < winsoff> UncleDrax, ah, it sounds like mine's not as bad, then. It's still a clusterhaul, but they're focused more than anything on filtering. Mehhhhh.
15:51 < winsoff> I feel like that should be on the guys running the state education network, not on the individual school districts.
15:54 < mcdnl> winsoff: its udp with specific ports and ttl yes
15:55 < UncleDrax> *shrug*. fortunately I won't work in that sector.. dealing with the rules/laws/regulation stuff they have to do would just suck.
15:55 < winsoff> mcdnl, udp by default, but can be configured otherwise, right?
15:55 < winsoff> UncleDrax, agreed. Actually, would real net neutrality laws have to make room for schools to filter?
15:56 < winsoff> or does it not matter because schools aren't firms
15:56 < djph> schools aren't ISPs, and netneutrality never really went anywhere.
15:57 < jikeidan> For those of you in the industry, I worked 10 years in the tree trade, and I studied hard for the CCNA and was finally able to achieve it.  I'm currently furthering my study for the CCNP, but the only job I have landed is Central help desk at $12.5/hr.  Frankly speaking I need more.
15:57 < UncleDrax> winsoff: it would depend how the law is written specifically, and what exemptions are in it. and afaik, NetNeutrality doesn't cover filtering (ie: you cannot access example.xxx ), rather more a pay-to-play scenario.
15:57 < jikeidan> Is it feasible to get a job in a NOC somewhere as a NOC tech with only my CCNA?
15:58 < Aeso> jikeidan, absolutely. In fact, if you showed up with a CCNP and only helpdesk experience, I'd be questioning your resume.
15:59 < mcdnl> yes, there is tcp traceroute as well
15:59 < mcdnl> i think, mmm
15:59 < jikeidan> I interviewed with presidio, and I was happy to have a sit-down... but I didn't know the answer to questions like handling a flapping BGP interface because I hadn't ever immersed myself in more than my simulations
15:59 < jikeidan> Where is a good starting point for a new NOC tech?
15:59 < jikeidan> this CHD job is madening... password reset here, how to get into my email... blah blah
16:00 < jikeidan> nothing I can't put up with for a few years if necessary, but I can't stand the pay
16:01 < jikeidan> not to mention, the systems I'm getting good with are dulling my networking senses, so to speak.
16:02 < mcdnl> jikeidan: you dont see advanced things like bgp or mpls/vpls on ccna
16:02 < jikeidan> well that isn't true, actually not as of 200-125
16:02 < jikeidan> but BGP is somewhat limited, in that you have to be able to set it up (not hard) but nothing about troubleshooting, no
16:02 < mcdnl> is that so? it's been like 15 years since i last looked int ccna xd
16:03 < jikeidan> 200-125 adopted a lot of the CCNP material, and the ccnp has yet to be re-vamped... so a lot of the material is review
16:03 < mcdnl> are vrfs covered now in ccna?
16:03 < jikeidan> they pushed out frame-relay all together in place of MPLS and a few other changes
16:03 < mcdnl> well that makes sense
16:03 < winsoff> jikeidan, tree trade, as in arborist? Maintenance or production?
16:04 < jikeidan> vrfs aren't covered in depth but it makes mention of a lot of cloud resources and does want some experience with VM
16:04 < Aeso> jikeidan, I don't have an easy answer for you. But if you really know the contents of your CCNA, you should be able to land a NOC tech job. It's worth noting that I do the same thing: Ask questions until I find the edge of an applicant's knowledge. Reaching a point where you have to answer 'I don't know' isn't a bad thing, it's an inevitability.
16:04 < jikeidan> Thank you Aeso
16:04 < jikeidan> winsoff, arborist, yes
16:05 < mcdnl> yeah, that's pretty much it. in fact, i'd say the ability to learn and adapt is the most important thing
16:05 < winsoff> jikeidan, I have a picture on my phone of some tree in a supermarket parking lot
16:05 < winsoff> 'pruned'
16:05 < mcdnl> i went from not knowing that you could assign 2 ips on a single interface to what i am now in less than 2 years
16:05 < winsoff> stubs everywhere; it's a nightmare
16:06 < jikeidan> winsoff, yeah... i work in florida now, when I worked in kentucky arobriculture was very pronounced.  But there are many places still who do "tree work"
16:06 < mcdnl> i studied ccna when i was a kid 15 years ago but didnt work in the field until 2 years ago :(
16:07 < jikeidan> So what's the accurate entry-level job that I should be seeking?
16:07 < Aeso> jikeidan, network technician, NOC technician, etc
16:07 < winsoff> jikeidan, yick. Where'd you learn the trade, by the way? Are there any good resources? I have my master gardener's work done, but I feel like there's more to it
16:07 < Aeso> network engineer if you live in a small market
16:07 < winsoff> and yeah, NOC tech
16:08 < jikeidan> winsoff, as a tree climber I can tell you the best place is kentucky lol.  If you work hard and learn thoroughly you don't even need certification to make a good living.  Tree work there is expected to be accurate.  Otherwise, I would refer you to ISA's arbor cert, as it is a welpth? of information on accurate tree biology and care
16:14 < winsoff> Interesting. I will definitely look into it.
16:16 < jikeidan> I have to get ready for work.  Thanks all.
16:16 < UncleDrax> jikeidan: also poke around local biz & governments to you, they might be hiring Network Techs and willing to hire entry-level
16:20  * mcdnl is back
16:34 < screwsss> if im doing huge downloads on a shopping mall wifi
16:34 < screwsss> does everyone else whos connected inside that same shopping mall get laggy speeds
16:34 < winsoff> Depends on the structure of the network, screwsss.
16:34 < winsoff> You could test this by using 2 devices.
16:36 < UncleDrax> the quick answer is 'yes you are impacting it somehow'.. how direct of an impact that is depends on a great many things.
16:36 < UncleDrax> tbh, it's Shopping Mall WiFi.. i wouldn't worry about it
16:36 < UncleDrax> unless you run it
16:38 < screwsss> the other day i uploaded a 15 gb file to youtube
16:38 < screwsss> without taking a break for 30 minutes straight lol
16:39 < UncleDrax> congrats?
16:40 < screwsss> so
16:40 < screwsss> i was wondering
16:40 < screwsss> did everyone elses connection suffer
16:40 < screwsss> whilst i was doing that
16:40 < screwsss> as i was utilizing maximum speeds at least for my phone
16:41 < Dalton> possibly - we can't say without knowing more details that you probably don't have
16:47 < screwsss> i get about 75 megabit/sec down and same for up
16:47 < screwsss> theyre on a HFC connection i believe but if im wrong then its fibre optic.
16:47 < screwsss> the AP are cisco from memory
16:47 < screwsss> um, need anything more?
16:52 < mcdnl> screwsss: without knowing configuration or other tests we can only do conjectures
16:53 < mcdnl> they might be applying queuing so you dont hog
16:53 < mcdnl> though 75 mbit for a single user is a lot
16:55 < Aeso> besides, TCP is designed to continue to operate in congested networks
16:57 < Aeso> though what you're ultimately getting at here is how to the congestion algorithms of two differently sized streams interact, which doesn't have a simple answer
17:25 < TandyUK> 75mbit is roughly what you need for a UHD stream
17:25 < TandyUK> BBC are trialling it with HDR
17:29 < mcdnl> UHD is 4k?
17:29 < Aeso> mcdnl, correct
17:29 < Aeso> also, you definitely don't need 75mbit for UHD streaming
17:30 < mcdnl> i've been watching 4k things in netflix with 10mbit... though i had to let it buffer a bit and it wasnt full 4k at start
17:30 < Aeso> The blu-rays you buy might be 75mbit on disk, but Amazon and Netflix both quote 15-25Mbps for their 4K content
17:30 < mcdnl> but that aint realtime anyways
17:31 < TandyUK> i was watching the traffic lol
17:31 < mcdnl> TandyUK: yes, but you can be buffering at that speeds
17:31 < Aeso> TandyUK, sounds like the BBC need to step up their encoding game
17:31 < mcdnl> s/that/those/
17:31 < mcdnl> my english is rusty
20:57 < my_mind> hey
20:58 < my_mind> I connected a second router to my network,  Main router is 10.1.1.1 second router 10.1.2.1
20:59 < my_mind> They are both working great except that they can ping each other
20:59 < UncleDrax> they can, or cannot?
20:59 < my_mind> how do I make them totally seperate?
20:59 < my_mind> they can
20:59 < my_mind> but I don't want them to
20:59 < UncleDrax> what is your subnet for those IP addresses?.. and also how 'seperate' do you want?
21:00 <+xand> my_mind: disconnect one of them? what is the purpose of them if you don't want them to communicate
21:01 <+xand> what are you trying to achieve with the second one
21:01 <+xand> ?
21:07 < my_mind> i'm back
21:08 < my_mind> I want two seperate networks because one is for guests, and voip, the other is for office pcs
21:09 < UncleDrax> so in that case, you want to seperate them via at least VLANs
21:09 < my_mind> hmm
21:09 < UncleDrax> you could just seperate them from IP space, but that doesn't really prevent one from interferring or seeing the traffic from the other. VLANs will at least give you some speeration that way
21:10 < ||cw> my_mind: probably need a little more than "a second router to my network", and we'd need more info anyway as that can mean a lot of things
21:11 < ||cw> it's really best if you can use a router that supports multiple interfaces.
21:11 < ||cw> and specifically guest ones
21:11 < my_mind> i'll give you more info in a minute
21:14 < my_mind> https://www.irccloud.com/pastebin/nTscYp0B/
21:15 < my_mind> can you see the pastebin?
21:16 < UncleDrax> ya, having a better main router that can handle multiple subnets would be more ideal here imo.. esp vs doing stacked NAT'ing.
21:16 < UncleDrax> but that said, i this circumstance, router 1 and router 2 should _always_ be able to ping each other (if they respond to ping)
21:16 < my_mind> I understand but I need it to be 2 different physical routers
21:17 < Dalton> vlans FTW
21:17 < UncleDrax> and is it correct that your 'main' router and your Guest router have the same IP address?
21:17 < UncleDrax> because that's broke
21:18 < my_mind> no
21:18 < my_mind> Main is 10.1.1.1
21:18 < my_mind> Guest is 10.1.2.1
21:18 < UncleDrax> but you said it's WAN interface has IP 10.1.1.1
21:19 < UncleDrax> so either that's a typo, or both routers think they have the same IP address, so when R2 pings 10.1.1.1 it's actually pinging itself.
21:19 < my_mind> i set it up wrong then
21:20 < TandyUK> yup i'll be yet another voice for a single route, with vlans and multiple LAN subnets
21:20 < TandyUK> router*
21:20 < TandyUK> and assuming you want wifi for guests, an access point that also supports vlans and multiple ssid's
21:20 < Dalton> \o/
21:20 < TandyUK> somethign like a draytek 2862
21:20 < Dalton> or and edgerouter
21:20 < TandyUK> will do it all in one nice neat box :)
21:20 < Dalton> an
21:20 < UncleDrax> so the problem you'll have with this tiered setup, is your Guest router, being a device on your Main Network, means they can still ping outside thier zone to the parent zone (in this case your Main router's network).
21:20 < UncleDrax> so it will not do what think
21:21 < my_mind> I want to connect to the guest router, look up "my ip" and i want to be given 10.1.1.1
21:21 < UncleDrax> unless yuou configure something else to prevent that
21:21 < my_mind> yes
21:22 < my_mind> I just tried to follow ELI https://www.youtube.com/watch?v=dIFKmJ4wufc
21:22 < UncleDrax> so if i'm on your Wifi network with IP 10.1.2.129, I can send a ping to 10.1.1.28, i'll follow my default route to the 'WAN' side of the wifi router, and then I can talk to your main network. which isn't 'Seperate'
21:22 < TandyUK> ^^ in this setup, your guests are isolated from you, but NOT the other way round
21:23 < TandyUK> which is probably backwards to what you actually want
21:23 < my_mind> TandyUK: yes!!!
21:23 < TandyUK> alternatively, you want a 3rd router
21:23 < TandyUK> but seriously, just buy 1 router that does the job properly
21:24 < UncleDrax> yesplxseconded
21:24 < my_mind> I just want to recreate Eli the Computer Guy's network
21:24 < TandyUK> assuming you never ever want to play any online games, xbox, or whatever, it would sort of work
21:24 < my_mind> why is that impossible
21:24 < my_mind> this is for an office network
21:24 < my_mind> no games
21:24 < TandyUK> hes building a lab, thats a different thing
21:24 < TandyUK> hes not trying to protect his LAN from his LAB
21:25 < my_mind> But he has them seperate
21:25 < my_mind> he said so
21:25 < TandyUK> he has seperate ip ranges, yes
21:25 < TandyUK> theres no isolation bvetweenthem, (unless he added a load fo firewall rules to block LAB > LAN traffic, and didnt show us)
21:25 < my_mind> you're saying his lab network devices can ping the main network devices?
21:26 < TandyUK> correct 100%
21:26 < TandyUK> his LAN cant ping the LAB however
21:26 < TandyUK> (again, unless he added rules to allow it)
21:27 < my_mind> oh man :(
21:27 < TandyUK> to simplyfy any router, youre putting LAN stuff, isolated from its WAN
21:27 < TandyUK> it offers no protection the other way around, traffic will just flow freely
21:27 < UncleDrax> if this is for an office, that's even more reason to do it correctly. and it's ot expensive, but takes take a little bit of know-how and time
21:27 < UncleDrax> *it's not
21:28 < TandyUK> this is why VLANs and routers that support multiple subnets/ssid's exist
21:28 < ||cw> my_mind: what you have there, assuming the IP are sane unlike what you pasted, is a "guest" network that can access you LAN, but you LAN can't access the guest.  if that's the layout you want you need to reverse it, the guest is connected to the ISP and the LAN connects to the guest.
21:28 < TandyUK> ||cw: just bear in mind the LAN then has double nat going on, so forget ever using stuff like VOIP
21:30 < my_mind> hmm
21:30 < ||cw> my_mind: but if this is for a business, use a better router.  pretty much any business grade router supports guest interfaces and also multiple vlans, APs, etc.  and if you have more than 10 users it's better to with a non-combined router and just use a separate AP device.
21:30 < ||cw> or, use a PC based router like pfsense
21:31 < ||cw> then just use your current rotuers as APs.  you'll need a switch that supports vlans, or multiple NICs in the pfsense
21:31 < my_mind> so what you're saying is connect the guests and voip to the 10.1.1.1 router, then connect the office PCs to 10.1.2.1 router?
21:32 < my_mind> that way the guests will not ping office pcs?
21:32 < TandyUK> what everyone is trying to say is "get a better router"
21:32 < TandyUK> one that actually does what you want it to, rather than bodging something and giving yourself a false sense of security
21:32 < my_mind> i know what everyone is saying
21:34 < my_mind> how about I use the "guest" option of the new router for guests, connect voip to the main network of the new router.
21:35 < my_mind> and keep using the office PCs on the main router
21:35 < my_mind> that way, phones are seperate from the PCs
21:35 < my_mind> and Guests will not ping the office PCs
21:36 < TandyUK> if youre going new router, setup 3 subnets, 1 specifically for VOIP
21:36 < TandyUK> plus lan and guest
21:36 < UncleDrax> well so sorta a problem is phones will not be seperate from the OfficePCs in any meaningful way. but might be better then what you had
21:36 < c|oneman> voip works with double nat
21:36 < c|oneman> I wouldn't recommend it, but it does work
21:37 < c|oneman> I hate eli
21:37 < my_mind> Eli is insane now, but he was a genious before 2015
21:38 < UncleDrax> i blame BitCoin then
21:38 < my_mind> me too
21:38 < my_mind> thanks guys. gave me great ideas
21:38 < UncleDrax> anywho.. yeap. gluck!
21:38 < UncleDrax> but think more what you're trying to actually accomplish
21:38 < UncleDrax> and what that really means
21:40 < my_mind> I'm trying to fix the previous network designer's mess
21:40 < UncleDrax> also out of curiousity, how many ports/devices we talking about anyway?
21:40 < my_mind> 16 office PCs + 16 IP Phones
21:41 < my_mind> 4 severs
21:41 < my_mind> servers
21:41 < my_mind> 6 virtual machines
21:41 < UncleDrax> ya i was thinking more about physical ports.. for the purpose of what size switch(es) you would use to get VLANs if your current stuff can't do it
21:42 < TandyUK> tbfh, im already thinking Draytek 2862 + 48port L2 managed POE switch, and however many AP902's you need for proper coverage
21:42 < TandyUK> thats what I'd be selling one of my clients anyway
21:42 < my_mind> I have 2 switches, 24 ports each
21:43 < UncleDrax> and that's not as large a spend as you might think.. even if you do a seperate 24p POE switch for the phones and one for the desktops
21:43 < UncleDrax> do they do VLANs today?
21:43 < my_mind> i don't know, I'm trying to figure this network out
21:43 < my_mind> i didn't design it
21:43 < TandyUK> +1 for 2 switches, 24port non poe for pcs/servers,  24port poe for phones/wifi,  but thats gonna cost slightly more
21:44 < TandyUK> that doesnt stop you knowing what the switch is
21:44 < UncleDrax> what make/model?
21:44 < my_mind> brb
21:44 < TandyUK> if it was designed by anyone with a brain, hopefully its L2 managed already
21:44 < TandyUK> unless the boss just went "whatevers cheapest"
21:46 < ||cw> if it's POE it probably is
21:46 < ||cw> at least web managed, features will be there, just performance on the top end will not be great
21:48 < my_mind> Cisco sg 100-24
21:48 < TandyUK> yeah, but voip doesnt exactly need full gig throughput per port :P
21:48 < ||cw> also, if the switches support phone vlans, you can just run the phones and PC on the same switch.  still a couple ports more than a 24 tho
21:48 < TandyUK> unmanaged :(
21:49 < ||cw> my_mind: are you using power bricks for all the phone?
21:49 < c|oneman> yeah, everyone knows you need a managed switch for voip *sarcasm*
21:49 < ||cw> c|oneman: there's "need" and there
21:49 < ||cw> s "easy to manage
21:50 < my_mind> Switch is not POE
21:50 < my_mind> Phones are using power cables
21:50 < c|oneman> I always see chronic exaggeration in enterprise gear for home and Small Biz
21:50 < c|oneman> like thinking you need special switches or VoIP wont work
21:50 < ||cw> for 20 VOIPs, a web-managed POE switch is the minimum for sanity
21:50 < c|oneman> what do you have to "manage"
21:51 < ||cw> QoS, etc
21:51 < c|oneman> I doubt it matters
21:51 < ||cw> my experience says it does
21:51 < c|oneman> your experience is based on a benchmark you did 10 years ago
21:51 < ||cw> unless you have a VERY lightly used LAN
21:52 < c|oneman> I might be completely wrong, I don't do enterprise
21:52 < ||cw> no, my recent switch from proprietary voip local pbx to SIP and hosted pbx
21:52 < c|oneman> but I fail to see packets being dropped on GigE
21:52 < c|oneman> well, is that WAN QoS rather than switched QoS?
21:52 < c|oneman> isn't*
21:53 < ||cw> I also had issues with multicast paging
21:53 < c|oneman> ah, I've neevr configured paging
21:53 < ||cw> but that's more to do with a windows printer driver misbaving
21:54 < c|oneman> I always assume switching bandwith  is almost never a bottleneck in most small networks
21:54 < ||cw> anyway, you're not going to get support for voice quality issues without QoS on the switch
21:54 < c|oneman> I would think QoS on the egress interface to the internet is more important.
21:54 < ||cw> and separating voice to its own vlan is a Good Idea
21:54 < c|oneman> sure, according to things I read.
21:55 < c|oneman> best practices and real world failure points... I remain skeptical of the venn diagram of those being small
21:56 < c|oneman> I fail to see how 1000mbit will ever buffer or drop packets when you wan is 100mbit or less
21:56 < c|oneman> unless you're transferring files back and forth locally which no one does anymore
21:56 < c|oneman> in complex networks, I'd agree with you 100%
21:56 < c|oneman> and I guess some switches pass on ToS values to the router in which case they are useful
21:57 < c|oneman> but in many situations I think people are fooling themseleves thinking their switch QoS matters, just a hunch
21:59 < ||cw> i expect it'll matter for me next month when we go live on a wifi bridge with voip and cad files going across, but I'm not going to risk turning it off
22:29 < hiya> How to find public key and provider name of a DNScrypt server form its IP
22:30 < hiya> I think its possible with dig command?
22:32 < fly_agaric> hello guys, what would you consider if you need to host a large social media plattform?
22:32 < fly_agaric> at the beginning fiber 10gbit physical server with 8 nvme ssds raid 10?
22:33 < fly_agaric> or something like amazon cloud
22:34 < ||cw> insufficient data
22:34 < ||cw> "host a large social media platform" isn't a quantifiable workload
22:34 < ||cw> define you ran, cpu, and IO requirements and work from there
22:35 < fly_agaric> lets say if 1000 of users are communication over this plattform every day
22:35 < fly_agaric> uploading videos chatting eg
22:35 <+pppingme> fly_agaric just get an ibm z14
22:36 < ||cw> fly_agaric: too high level.
22:37 < ||cw> how much ram does your implementation need to support 1000 users?
22:38 < ||cw> if you don't know, you can't choose a production hosting platform yet.
22:40 <+pppingme> fully equipped ibm z14 can handle anything you throw at it
22:41 < scampbell> "I bought a z14 and I now I know that the answer is 42"
22:41 < scampbell> Nice machines though. Just funnin'
22:42 < scampbell> I think it was Cray at one point advertised as system as "so fast it does an infinite loop in .8 seconds" or something like that.
22:43 <+pppingme> current cray's are just amd clusters
22:43 < scampbell> probably, haven't even thought about them in years.
22:44 < scampbell> I've seen some IBM boxes survive some truly horrendous conditions.  That's what always impressed me.  I had one that I went to service and it is 'packed' with lint.  The fan was jammed with it, it had been. System was doing their payroll.
22:45 < scampbell> It ran fine, their backup tape couldn't be read.  Their 'backup tape' was the same tape they left in the machine for 10 years.  It was totally clear at this point :)
22:49 < ||cw> old industrial grade stuff is amazing.  we have some CNC machines from the 80's that still run great.  the newer ones have 4GB SCSI disks, the old double tall kind
22:50 < ||cw> of course all the mechanicals have been services or replaced
22:53  * spaces pings pppingme because he is pppingme and asks to pppingme 
22:54 < spaces> ||cw those Seagate Barracudás that get so hot you cannot touch them ? those disks are freaking fast!
22:55 < ||cw> lol older
22:55 < spaces> ||cw like ?
22:55 < spaces> mine came from about... erm 1998 or so ?
22:57 < ||cw> https://i.ebayimg.com/thumbs/images/g/nt8AAOSwqu9U4FUF/s-l225.jpg
22:58 < spaces> ||cw yes those!, erm, mine wel 64 pins indeed
22:59 < obcecado> its ide right?
23:00 < ||cw> obcecado: no, scsi
23:00 < obcecado> oh
23:02 < spaces> yeah, 32 pins, old shit :P
23:02 < spaces> but rock solid
23:02 < ||cw> spaces: the only dates I can find is for a newer model than what we have, and it's a 1998, so this is older than that by quite a lot
23:02 < spaces> if you got the 64 pins you really thought you were flying but most companies attached them to Adaptec 2910 or 2940 cards where they previously or still added their 32 pins to
23:03 < scampbell> Burroughs B4700, you would watch the oiled piston pull the heads back and forth.   Brought into the computer room with a fork lift.
23:03 < spaces> ||cw yeah could be, I got some Dell server in 2000 or so from a hospital
23:03 < spaces> so it could be older
23:03 < spaces> with a Pro 200 in it :D
23:03 < ||cw> it's a 386 based system that's got a somewhat unix-like OS on it
23:03 < spaces> maybe 2 actually, or 4, dunno anymore
23:03 < spaces> )
23:05 < Capprentice> This is my test topology - ISP1-MY WAN - OSPF >LAN
23:05 < Capprentice> I want to advertise a default route towards OSPF.
23:05 < Capprentice> How do I do it?
23:05 < Capprentice> ISP- JUniper and LAN - CISCO
23:06 < Roq> Capprentice: default-information originate
23:07 < Capprentice> Roq is it possible to gerenate the route from BGP? I do not want to use a static route for WAN Rechability.
23:10 < Roq> Depends on your topology but your transit can inject a default route via BGP yeah
23:29 < mentayolo> hey there guys, I am trying to run mod_evasive on an apache server on my raspberry pi but when I run the test.pl file to make sure it's working I get 400 bad request and I don't think it's working as it should - any suggestions from somebody who experienced the same issue?
23:30 <+pppingme> mentayolo ask in #httpd
23:31 < mentayolo> thanks, I will do that, sorry I'm pretty new around here
23:51 < Apachez> so it has begun ;)  https://pbs.twimg.com/media/DgKTubnWAAEfsN9?format=jpg
--- Log closed Thu Jun 21 00:00:06 2018