--- Log opened Sun Jul 01 00:00:20 2018
00:17 < Soni> tds: I have given up
00:20 < joebobjoe> is a router local ip of 10.0.0.1 acceptable?
00:20 < joebobjoe> I guess my isp owns it
00:21 < joebobjoe> oh
00:21 < joebobjoe> I see 10.0.0.0/8 is reserved
00:26 < lupine> actually, I own it, but I'm willing to license it to you for use
00:27 < lupine> just send $10/mo
00:27 < joebobjoe> what is the paypal?
00:31 < ntd> bitcoin cash?
00:31 < ntd> e-coin/ripple?
00:51 < MillerBOSS> Current layout  https://millerboss.com/x/Untitled-Diagram-S.png
00:51 < MillerBOSS> Green is live. Two black X and blue lettering is what I want to do. What are the terms I need to research in order to hold up my site to site VPNs while I replace the TZ 600 and will be replacing TZ200s with 60E and bring back up my new site to site VPN?
00:56 < MillerBOSS> I asked somewhere else. And got help there. Save someone some typing.
00:57 < spaces> why do I always need to pee when I just sit
01:14 < Apachez> MillerBOSS: probably gazillions ways but "main joint network" is the same site right?
01:14 < Apachez> or is it another site?
01:15 < Apachez> if its the same then make it better visualize in the diagram that it is the same site
01:15 < Apachez> the thing here is that you will reuse the iprange
01:15 < Apachez> like its site1 so its 10.1.0.0/16
01:15 < MillerBOSS> Same siite
01:16 < Apachez> if thats the case then this new link should in the beginning use a higher metric/cost
01:16 < Apachez> which you then lower so that the previous main route will have higher metric/cost
01:16 < Apachez> this way you can choose which way the traffic flows
01:16 < MillerBOSS> OK.
01:16 < Apachez> if it is a completely new site like site2 it will have a new iprange like 10.2.0.0/16 and then you dont need to care about metrics/costs
01:17 < Apachez> also will the current main path remain after you have done your work
01:17 < Apachez> or will it be removed ?
01:17 < Apachez> I mean will it be left as a redundant connection?
01:17  * spaces hugs Apachez 
01:17  * Apachez bitchslaps spaces
01:18  * spaces likes the gentle touch of Apachez 
01:18 < Apachez> spaces: here in sweden you need from 1st julu a signed contract before you enter any sexual activity =)
01:18 < spaces> Apachez julu ?
01:18 < Apachez> ?
01:18 < Apachez> juli
01:18 < spaces> what is a julu ?
01:18 < Apachez> july
01:19 < Apachez> a month
01:19 < spaces> oh, is that new ?
01:19 < Apachez> comes right after june
01:19 < Apachez> before august
01:19 < spaces> wow, you live @ the same planet as I do it seems, it's a miracle!
01:19 < Apachez> https://www.metro.se/artikel/sex-utan-samtycke-blir-olagligt-sommar-det-h%C3%A4r-inneb%C3%A4r-den-nya-lagen
01:19 < spaces> I thought you were an alien
01:19 < Apachez> use google translate
01:19 < Apachez> we are just visiting..
01:20 < Apachez> err I meant, hi! :)
01:21 < spaces> Apachez since when do you come from Sweden ?
01:21 < spaces> Apachez they always scream YES!! when people are having sex with me, why does that still need a contract ?
01:22 < spaces> (it's actually a good thing)
01:24 < spaces> Apachez do you want to receive it by Pidgin or Mail ?
01:24 < spaces> or just a file online which you can access using an insecure server and telnet ?
01:30 < GlenK> hi there.  so say I try and ping a host that's not on my network.  why does an arp request even need to be sent out?  or is it perhaps being sent out simply because my machine doesn't know the the gateway mac address?
01:30 < spaces> GlenK networks are HW-address based, not IP
01:31 < spaces> so it first need to create an arp entry into the arp table
01:32 <+pppingme> GlenK it needs to know where your router is..
01:32 <+pppingme> mac's to ip's are generally only remembered for a very short time
01:33 < ntd> oh, windows remebers
01:33 < ntd> remembers even
01:34 < spaces> pppingme it doesn't mean that when your shortmemory is running out and you cannot swap yourself that network devices have the same issues ;) :P
01:34 < ntd> even backs it up to the cloud. "telemetry" :)
01:35 < GlenK> so this is odd (I'm playing with packet tracer by the way).  my router has absolutely no entries when I run "show mac-address-table".
01:38 < GlenK> this is after pinging from one network to the other.  I would think it would have the source and destination PCs at least.
01:38 < Apachez> GlenK: unless its already in the arp cache you need an arp of the gateway your ping will be sent through
01:38 <+pppingme> difference between mac address table and arp table, they are NOT related
01:38 < Apachez> arp is ip<->mac
01:39 < Apachez> mac table is mac <-> interface
01:39 < GlenK> I see.  ha, sorta.  thanks
01:39 < Apachez> arp is the protocol used in ipv4 to find out which mac use which ip
01:39 <+pppingme> mac address table only comes into play on a bridge
01:39 < Apachez> in ipv6 thats done through multicast so in ipv6 there is no arp :)
01:42 <+pppingme> well there's still an ip<>mac relationship, just not called arp, and how its derived has changed
01:43 < Apachez> sure but its not arp in ipv6 since there is no arp any longer
01:43 < Apachez> arp has its own ethertype
01:44 < Apachez> 0x0806
01:44 < Apachez> IPv4 is 0x0800
01:45 < Apachez> and IPv6 is 0x86DD
01:45 < spaces> Apachez are you still on IPv6 ?
01:48 < ntd> so, this vendor is pushing rdp thinclients (network boot) for critical functions
01:48 < ntd> and somewhere up the chain, this all seemed like a good idea and approved
01:49 < ntd> guess how many times the fellotis has hit the wall?
01:49 < spaces> almost bedtime :)
01:50 < ntd> me: so now we have a single point of utter failure (connection to multipoint) and a vendor whose support can't do shit when said connection is down?
01:51 < ntd> them: now he's just being difficult
02:08 < Apachez> spaces: I swing both ways ipv4 (and arp) and ipv6 :)
02:15 < spaces> Apachez we are all on IPv8 here and 10 is coming... you are behind and old :P
02:16 < spaces> 10 might become 12, as we don't like Audi's
02:31 < duckgoose> yo
02:31 < duckgoose> help
02:31 < duckgoose> so b is resolving to my router, and I dunno why
02:32 < duckgoose> hosts file is clean, dns server is 1.1.1.1/8.8.8.8
02:32 < duckgoose> everything on the home network resolves b the same
02:32 < duckgoose> even android phone
02:34 < duckgoose> googled this with no luck
02:34 < h0dgep0dge> have you got a linux machine?
02:34 < h0dgep0dge> dig could give you some useful info about dns requests
02:35 < Fieldy> ^
02:37 < h0dgep0dge> (sorry was disconnected for a sec there, rebooting the router, if you've replied i've missed it)
02:38 < Peng_> You didn't miss anything
02:46 < dp> Heyho, I tried using nflog on all traffic in my iptables FOWARD chain on my gateway, getting uacctd to listen to the appropriate nflog interface for traffic accounting. I was able to split uplink traffic based on the source, but all downlink traffic has src and dest MAC addresses as the upstream gateway's, and my own gateway's addreses
02:46 < dp> A quick dump at log level 6 straight from iptables confirms that it doesn't know about anything other than these two MAC addresses in FORWARD
02:47 < h0dgep0dge> I don't think iptables is really meant to work with hardware addresses
02:47 < dp> I looked at POSTROUTING, but this has no layer 2 information, at least that iptables will log.
02:48 < dp> Only layer 3 and up
02:49 < dp> I presume the kernel does the work for layer 2, but I was wondering if iptables could still hook into this somehow
02:50 < h0dgep0dge> is there a reason you don't want to use ip filtering rather than mac filtering?
02:59 < dp> I'm not filtering, I'm accounting
03:00 < h0dgep0dge> okay sure, why not us ips rather than hardware address?
03:00 < dp> I could account by IP, but I'd have to also listen for DHCP leases to tie each IP back to the MAC that probably owned that IP at the time
03:02 < dp> At the moment instead, I am just getting pmacctd to capture all traffic, and I have introduced filters that tend to mimic the forwarding rules actually used by the kernel
03:02 < dp> There are some corner cases though, since I am seeing some hardware addresses on my radar for which forwarding isn't actually taking place. Only a few kB here and there but I was hoping to eliminate it by getting my data from the horse's mouth
03:18 < Mead> welp the Directv DECA that gets powered via USB is a pretty awesome coax to ethernet adapter if you have a directv system in your home.
03:23 < Napsterbater> Dont even need a DTV system in your house to use it. If you find them cheap, not a bad option if you need Ethernet over coax.
04:22 < gdljp> anyone can share the iso of the latest csr1000v 3.13.9S? need to rebuild my homelab :/
05:12 < Mead> I've got a device on my network, router's DHCP saysthe hostname is REV_A1000000 and the mac address lookup tells me it is from wistron neweb corp.   I put the IP into my browser and it will ask me a username and password, how do I find out more information?
05:17 < fryguy> cable box?
05:21 < Mead> I've got a couple directv boxes, but they show up with as something like "Directv... "
05:23 < Mead> I did add a DECA device coax to ethernet adapter, might it be more than just bridge between coax and ethernet?
05:40 < DJ-AN0N> So is it that time of the month when Cloudflare gets DDOSed?
05:42 < Peng_> Cloudflare gets DDoSed all the time
05:44 < VincentHoshino> yep don't think a DDoS could take down all of cloudflare :P
05:46 < DJ-AN0N> Seems they rebooted their router, their services are back online.
05:48 < DJ-AN0N> Nothing like unplugging the cable from the power source and plugging it again.
05:49 < VincentHoshino> seems everything went down but their DNS services
05:50 < DJ-AN0N> I was going out through 1.0.0.1, so 1.1.1.1 was down as well.
05:58 < VincentHoshino> hmm seems they have been working with DNS reolution issues today
05:58 < Peng_> I like using multiple DNS services, if possible
06:03 <+pppingme> simplest solution, do your own dns
06:57 < skyroveRR> pppingme: hosting your own DNS is a bitch, especially if your ISP suddenly decides to block port 53 for UDP traffic, just cause they "felt like".
07:11 < Mead> ok, the device is the DECA adapter, "DCAU1R0-01"  coax to ethernet adapter...  It holds a mac address and goes through the trouble of getting a DHCP lease for an IP address.  I can attempt to login to a web interface but can't find a default username/password, or even a manual.   Anyone have a clue where I could get a manual? I've exhausted my google-foo tonight.
08:01 < jackbrown> hello anyone there can help me to understand ?
08:01 < h0dgep0dge> what's the problem?
08:02 < jackbrown> h0dgep0dge, ok I'm in front of my router FRITZ!Box 7490 with both my Laptop and my smartphone connected in 5Ghz
08:02 < h0dgep0dge> with you so far
08:02 < jackbrown> h0dgep0dge, I set up a shared folder on my laptop with a big file (a movie aroun 500mb)
08:02 < jackbrown> h0dgep0dge, I tried to download it on my smartphone to check the transfer speed, and I only get 4megabyte/second
08:03 < h0dgep0dge> right, gotcha, you're looking at all sorts of bottle necks there
08:03 < phocking> 4MiB/s is 32mbit/s which is pretty good over the air
08:04 < jackbrown> phocking, with a 5G connection ? really?
08:04 < h0dgep0dge> 5ghz may be capable of how ever many hundred megs per second, but do you trust the network cards in both devices to perform at those speeds?
08:04 < phocking> remember that it is half-duplex when they say 54/108
08:04 < Tegu> 5 GHz Wifi
08:04 < phocking> 5ghz wifi in a perfect setting with zero noise and a perfect link between the two devices will get you 50ish mbit after network overhead
08:04 < jackbrown> h0dgep0dge, which kind of bottle neck I should look at ? I just replaced the WiFi card on my laptop with a ne Dual band Intel 7260
08:05 < phocking> are there any walls or other obstacles?
08:05 < jackbrown> h0dgep0dge, the smartphone is a Xiaomi Mi5 it was the top 1 year ago
08:05 < jackbrown> phocking, NO I'm in front of a router same room  in view!!
08:05 < h0dgep0dge> top? i've never heard of xiaomi
08:05 < phocking> you can have radios/intentional irradiators too close to each other, too
08:05 < jackbrown> h0dgep0dge, chinese brand now they are selling even in europ (it's a snapdragon 820 3/64GB  very fast GPU)
08:06 < h0dgep0dge> yeah, but the gpu doesn't handle the wireless
08:06 < phocking> if your transmit power is too high if they both in the same room you will get reflections off walls and whatnot
08:06 < jackbrown> phocking, I already tried with the USB attached hard drive to the router trying to transfer thing to the laptop but the same speed
08:06 < phocking> jackbrown: that's really a good speed for wifi
08:06 < jackbrown> phocking, ok I have to try to keep them in different rooms still in view
08:06 < phocking> that might not help too much
08:07 < jackbrown> phocking, maximum speed I reached in wifi is 6megabyte/second ( 50Mbps then)
08:07 < jackbrown> phocking, it shouldn't be really more ?
08:07 < h0dgep0dge> nope
08:07 < h0dgep0dge> 6mb/s is fine
08:07 < phocking> just remember, 802.11n says a max of 104 *HALF DUPLEX* which is 54mbit (megabit, not megabytes) which ends up being 48-50 after tcp overhead
08:07 < phocking> if you are confusing megabit and megabyte perhaps thats your struggle lols
08:07 < jackbrown> phocking, I'm connected in 802.11ac !!
08:08 < phocking> theres eight bits in a byte
08:08 < phocking> same difference, just 5ghz instead of 2.4
08:08 < jackbrown> phocking, I'm not confusing megabyte and megabit as you can read I put both value (6Megabyte  = 48Mbites)
08:08 < phocking> ....
08:09 < phocking> so you are hitting 48mbit?
08:09 < phocking> that's pretty fucking close to the theoretical maximum lols
08:09 < jackbrown> phocking, look at this guy in 802.11ac  trasferring file at 50Megabyte/seconds ( 400Mbps then)  https://www.youtube.com/watch?v=cU5YkW3KbZ8
08:09 < jackbrown> phocking, it shouldn't be faster since both phone and laptop are connected to the router in 802.11ac  ?
08:10 < h0dgep0dge> there're heaps of things taking a bite out of your throughput here. the laptop reading from the disk, phone writing to flash, god-knows-which mobile wifi chipset, the fact that packets are traversing 2 hops over wifi
08:10 < phocking> not clicking. that's that guy, i don't know his environment or whatever but i don't believe it. if you need to go faster than 45mbit plug in gigabit ethernet over cat6 lolz
08:10 < c|oneman> ew, 2 wifi hops?
08:10 < c|oneman> oh, 2 devices
08:10 < h0dgep0dge> both the laptop and phone are on wifi
08:11 < h0dgep0dge> there's also a few layers of protocol overhead
08:11 < c|oneman> On 3x3 AC I've seen 300mbit
08:11 < jackbrown> c|oneman,  both smartphone and laptop connected to the same router  FRITZ!Box 7490 that as you can check specs it should be a top end
08:11 < c|oneman> of course a phone is likely 1x1
08:11 < h0dgep0dge> listen, my dude, 6 MB/s is fine, calm your ass down
08:12 < jackbrown> h0dgep0dge, ok I tought I should expect a really faster speed
08:12 < c|oneman> phone apps are also garbage in terms of performance, especially over SMB
08:12 < phocking> yeah bruh idk like, i'm a network engineer with a decade of experience who has ran campuses with forty aps and several hundred wireless endpoints and an outdoor wireless internet service provider... and 40mbit OTA (over-the-air) is about as good as you will get even with the best gear on the best days
08:12 < jackbrown> h0dgep0dge, what is the real speed suing a Gigabit cable instead (withot bottle necks) ?
08:12 < h0dgep0dge> i dunno, maybe it's in the name
08:13 < c|oneman> just transfer a file from your laptop over wifi, to a wired computer, you should see 200mbit.
08:13 < c|oneman> neevrmind your phone
08:13 < h0dgep0dge> and nevermind file sharing lol, use something that's optimised for speed
08:13 < jackbrown> c|oneman, phocking nodoby can tell me from his exerience how fast go file oeve a 1Gigabit LAN ?
08:14 < c|oneman> 100MB/s
08:14 < h0dgep0dge> if you specify no bottlenecks, it'd be roughly a gigabit lol
08:14 < h0dgep0dge> how many significant digits do you need in this answer? heck
08:14 < jackbrown> c|oneman, 100 megabyte ?
08:14 < c|oneman> yeah
08:15 < phocking> https://www.pcmag.com/article2/0,2817,2425225,00.asp
08:15 <+pppingme> it goes at 1gigabit, if you have nothing slowing it down..  but then there's a bit of tcp/ip overhead, storage bottleneck, possible cpu bottleneck if doing any kind of network encryption, and the list goes on
08:15 < phocking> Now, 102.4 Mbps is a decent throughput rate especially for a router with a theoretical speed of 300 Mbps and with Device 1 and Device 2 connected to the 2.4GHz band. In general, I like to see somewhere near half of the maximum throughput the router's manufacturer states the router can reach (that rate is only in a testing environment free of any Wi-Fi interference. You will never see that speed in
08:15 < phocking> real life).
08:15 < c|oneman> just figure out how to use iperf
08:15 < phocking> keep in mind, that's half duplex 2x2 mimo
08:15 < phocking> your phone doesn't do mimo
08:15 < phocking> most don't
08:16 < phocking> i think your question has been adequately answered, and i'm disengaging. have a good night y'all! :D
08:16 < jackbrown> thank you guys
08:17  * h0dgep0dge googles iperf
08:19 < h0dgep0dge> so i was talking to a buddy the other day, we were discussing ipv6 and nat, and I said that ipv6 would render nat obsolete, and he suggested that perhaps there is some kind of security to be gleaned from obfuscating the source addresses for the machines on your network
08:19 < Dagger> phocking: more to the point, the "maximum throughput" is actually not the maximum throughput but the signal rate, which is a very different thing
08:19 < h0dgep0dge> he wasn't asserting it, it was just a musing, but what do y'all make of that?
08:20 < Dagger> 300 Mbit/s means that 1 bit takes 1/300Mth of a second to transmit (...on average; it's actually split over a bunch of subcarriers and more than one bit is transmitted at once)
08:21 < h0dgep0dge> Dagger: like how 300 baud isn't the bit rate, it's the symbol rate?
08:22 < Dagger> phocking: if you go through and work out the maximum throughput, considering all of the Wifi headers, L3 headers, L4 headers, plus the ACK packets going back the other way (remember Wifi is half duplex) plus the gaps left between packets, you end up with the maximum attainable user throughput being something like half of the bit rate
08:23 < Dagger> at least you do for .11g, it's probably better for more recent standards
08:23 < Dagger> h0dgep0dge: that might be a better term
08:24 < Dagger> and v6 already obfuscates source addresses with privacy extensions
08:24 < Dagger> there's not much benefit doing more than that, and there's a *lot* of downside to NATing
08:25 < h0dgep0dge> I get that there're a lot of downsides to nat, what i'm talking about wouldn't be a reason to keep ipv4, just wondering if you'd be losing anything
08:25 < h0dgep0dge> but aparently not, so that's interesting
08:25 < h0dgep0dge> i'll have to let my buddy know he was right
08:26 < Dagger> remember that even if somebody knows your address, they still can't connect to you unless you configure your firewall to allow it
08:26 < h0dgep0dge> sure, i couldn't even think of a reason you might want to hide your address, but it's not inconcievable that someone would want to do that
08:27 < Dagger> and privacy extensions means the address stops being your address after <7 days, so there's a limited window of opportunity anyway
08:59 < purplex88> will it considered a ddos if attack launched from different virtual machines created on same server?
08:59 < phocking> Dagger: yeah we on the same page lol
09:07 < longxia> purplex88: haha, i guess distributed means from the point of view of the one who is attacked. In that case ditributed would strictly mean distributed across multiple source IP addresses, i would think.
09:08 < longxia> purplex88: in what way the attack is parallellized doesn't really matter if you read it like that.
09:10 < purplex88> i wanted to clarify if 'distributed' is geographical word
09:14 < longxia> purplex88: geographical distribution often follows from that definition, als see https://en.wikipedia.org/wiki/Denial-of-service_attack#Distributed_attack
09:15 < longxia> s/als/also/
09:18 < topicali> i'm in the vicinity of a hotspot for my internet provider, but it requires a web login. anyone have experience doing this with a CPE router (e.g. a mikro tik with routeros)?
09:18 < h0dgep0dge> topicali: not sure what you're trying to do exactly
09:19 < topicali> h0dgep0dge: i live near my work, but their wifi requires a web login
09:20 < topicali> i'd like to have my mikro tik (routeros) connect to that hotspot, and login so i can use the wifi connection in my apartment
09:20 < topicali> i did it years ago with a cantenna and dd-wrt, but now they require a web login
09:21 < h0dgep0dge> how you'd do it depends on what shceme they're using for authentication
09:21 < h0dgep0dge> is it based on source ip? mac? cookies?
09:21 < h0dgep0dge> well, obviously not cookies
09:21 < topicali> it's like when you go to starbucks or something and you have to hit 'agree' on a website
09:22 < topicali> external guest authentication..idk if it has a formal name
09:22 < h0dgep0dge> i don't see a reason you couldn't authenticate the router and use snat, but i don't know of an actual router suite that supports that, it'd have to be custom
09:23 < topicali> in my mind, it sounds feasible with some script executed on connection
09:24 < h0dgep0dge> it sounds like something i'd feel pretty comfortable having a go at, but something that would be a PITA to help someone do over irc
09:24 < h0dgep0dge> sorry guy
09:24 < topicali> it's an open (no encryption hotspot), but i use vpn so not worried about that
09:24 < longxia> topicali: would it be an idea to have a raspberry pi handle that for you. From the mikrotik you could use the packet generator, i guess, but you'll still probably need to parse the incoming http to be able to form a valid response.
09:25 < h0dgep0dge> raspberry pi is a good call
09:25 < topicali> luckily i have 2 rpi's sittin around
09:25 < h0dgep0dge> if you have an appropriate radio and antenna, the cantenna sounds perfect
09:26 < topicali> i didn't even think of using an rpi to do it
09:28 < topicali> i'm pretty good on the networking/configuration part, but not so savvy on radio propagation
09:28 < h0dgep0dge> ppfft, forget about it, radio is black magic
09:29 < topicali> e.g. proper antenna size, dbi, power
09:30 < topicali> well i have a mikrotik on the way https://www.amazon.com/dp/B00BTKPTNI
09:30 < h0dgep0dge> impedience, near field, far field, you're gunna need a warlock or some shit
09:30 < topicali> lol
09:31 < topicali> if i run into head scratching, i'm happy to paypal/venmo someone to help me via screenshare/teleconference
09:32 < topicali> like '16 dbi antenna'..not sure exactly what implications that has
09:34 < topicali>  is a 16dbi antenna better/worse than a 24.5 dbi antenna? does it depend on the application/situation?
10:03 < h0dgep0dge> i can't claim to understand what gain is
10:03 < h0dgep0dge> i guess in simple terms it would be sensitivity right, but i don't know how that jives with directionality
10:20 < purplex88> is default gateway assigned by NAT?
10:20 <+pppingme> h0dgep0dge if you can focus a signal in one direction (with no additional strenght from the transmitter), you effectively increase the signal strength..  thats a simplified explanation of gain
10:20 <+pppingme> purplex88 no, its assigned by your dhcp server
10:21 <+pppingme> assuming you're doing dhcp..  since you said assigned, its implied you're doing dhcp
10:21 < purplex88> default gateway = 192.168.1.1
10:22 < purplex88> my ip = 192.168.1.100
10:23 <+pppingme> purplex88 common situation..  is there a question in there?
10:24 < purplex88> whats my nat ip?
10:24 <+pppingme> purplex88 you mean the IP that your private subnet is being nat'd to? not enough info from what you've provided..
10:25 <+pppingme> purplex88 go to http://myip.showmeisp.net/
10:25 <+pppingme> what ip does that show?
10:25 < purplex88> thats WAN IP
10:25 < purplex88> i mean nat server inside my router
10:25 <+pppingme> yeah, assuming thats right, thats the IP that your private subnet is being translated to..
10:26 <+pppingme> the nat process doesn't have its own IP, it simply translates your "inside" ip's to your "outside" or "wan" ip..
10:26 < purplex88> nat server?
10:27 < purplex88> so dhcp server inside my router is assigning me IP address and default gateway
10:28 < h0dgep0dge> yeah, the nat server, for your nat client
10:28 <+pppingme> purplex88 well, assuming you're running dhcp on your router...  most home users do..
10:29 < purplex88> how dhcp's ip is same as gateway?
10:30 <+pppingme> its common for your router, aka gateway, to run your dhcp server..  very common for home users
10:33 < Apachez> SAQ Grimeton livetelegrafitransmission on longwave in about 12 minutes :) https://www.youtube.com/watch?v=3K26MO5R8UU
10:33 < purplex88> pppingme: ok i see so dhcp is assigning private ip to my computer and gateway to router?
10:34 <+pppingme> not "gateway to router"  gateway and router mean exact same thing in this context
10:34 < purplex88> gateway ip*
10:36 < Apachez> transmission will be at 17.2 kHz
10:41 <+pppingme> yes, dhcp generally assigns all that on most networks
10:41 < brutser> hi i need to put a router behind the isp router that will take over the pppoe connection from the isp router. for this i need to re-configure the nat too i think. is there someone who has time to help me with this?
10:42 < brutser> i got no concrete question yet, i need someone who can look at the current settings on the router and see where to start
10:44 < Apachez> https://sv.wikipedia.org/wiki/Radiostationen_i_Grimeton  http://grimeton.org/
10:46 < adrian_1908> hello. i'm connecting to a vpn via openvpn and appeared to have run into sporadic dns leaks (the dns queries going to my router instead through the vpn tunnel). this seems to be an issue related to systemd-resolved, but it cannot reliably reproduce it. now to my question: are online dns leak tests reliable enough (statistically), or is there some linux tool i can run for a while to thoroughly test for leaks?
10:47 <+pppingme> Oh boy, more paranoia, I gota go
10:50 < Apachez> adrian_1908: look at the logs in your firewall
10:50 < Apachez> if you see outbound dns there then your machine is leaking
10:50 < Apachez> thats why you should have a dedicated vpn box with a cleartext side and a cryptoside
10:52 < adrian_1908> hadn't considered checking logs instead of running some dedicated process. better solution actually, thanks for the suggestion.
11:06 < Barones> Hi, I'm looking for reference about where protocols are processed in hardware, any books or article?
11:07 < Apachez> define hardware?
11:07 < Apachez> such as fpga/asics?
11:07 < Apachez> depends on hardware being used
11:07 < Apachez> but generally speaking all packet forwarding is handled in hardware
11:07 < Apachez> while exchanging routing info is done in software
11:08 < Apachez> which then feeds the tables in the hardware
11:08 < Barones> yeah, switch asics and routers forwarding and authentication methods
11:09 < Barones> does pppoe is processed in cpu?
11:11 < Barones> actually, how does a router cpu answer to distinct PDU's? I mean, if it has to authenticate a user so it stops forwarding until it is done?
11:21 < Apachez> depends on the model
11:21 < Apachez> some use more in hardware and some use less
11:21  * spaces is model is just perfect and sexy :P 
11:21 < Apachez> some use fpga's to modular process stuff in "hardware" when needed
11:21 < Apachez> that is a firmware update can change this behaviour
11:21 < Apachez> while with asics you get more performance but is stuck with how the asic was designed
11:21 < Apachez> good example is ssl termination
11:22 < Apachez> when things move forward to TLS1.3 and 1.4 asics who had 1.3 are stuck there
11:22 < Apachez> while fpga can resolve this with a firmware update and voila now the device is compatible with TLS1.4
11:23 < tropicat> can it be that a router that has multiple outbound links has a slower transmission rate on some of those links but faster transmission rates on some others
11:23 < tropicat> *can there
11:23 < tropicat> basically I am asking with transmission rates depend on the router or the link
11:24 < h0dgep0dge> i mean, it can be both
11:25 < h0dgep0dge> if my internet is only doing 1MB/s then getting a brand new router might make it faster, but no router is going to pull 100 MB/s through my dsl
11:29 < Apachez> sure
11:29 < Apachez> your might have different uplinks
11:29 < Apachez> 1G free of charge internet connection and then a 10G which you pay for to use
11:29 < Apachez> then you would most likely try to prefer that 1G free of charge link
11:29 < Apachez> to keep costs down
11:30 < Barones> hmm Is there any literature that approaches this topic? protocols processing
13:06 < julius> hi
13:06 < djph> 0/
13:06 < julius> can somebody help decypher me the iperf3 output? the jitter number is all over the place... its way to high?   https://bpaste.net/show/826db00a13ec
13:07 < djph> what medium is the test over?
13:07 < julius> ds lite
13:08 < djph> ds lite is not a transmission medium.  try again.
13:08 < julius> from my local lan -> ethernet -> router -> internet (dsl) -> vps
13:09 < djph> so you're testing across the internet? that's probably 'fine' for you then.  14 seconds seems stupid high, but it's probably related to time between starting the server and the client (among other things)
13:10 < julius> i want to know if my router is working properly concerning "small" packets from pc games, which mainly use udp
13:10 < djph> looks fine
13:11 < julius> 14 seconds cant be correct
13:11 < djph> I mean +/- 1.7 msec is fine
13:11 < julius> i can ping the machine with 20ms
13:11 < julius> ah i see, so the last number is a overall jitter
13:12 < djph> it's probably a bit off at the top, because of differences in client/server time
13:12 < julius> ah, let me check
13:15 < djph> but yeah, it's fine
13:15 < julius> yes its off...and of course ntpd -gq does just hang :/
13:16 < djph> that's always annoying
13:17 < djph> but yeah, your internet connection seems fine
13:28 < h0dgep0dge> i have an important network question, how to you pronounce eth, as in eth0? Is it a long vowel sound, like eat? Or a short vowel sound, like meth? related question, do you pronounce the vowel as the E in ethernet?
13:29 < dp> meth
13:30 < Apachez> https://github.com/ValveSoftware/csgo-osx-linux/issues/1678
13:31 < djph> hard 'e' as in 'need'
13:31 < djph> (also, as in 'ether')
13:32 < h0dgep0dge> until just a few moments ago when i heard someone say it that way i'd never considered someone might say it different to me
13:32 < djph> what, you say it with a soft 'e'?
13:32 < dp> Happens with a lot of such made-up words
13:33 < h0dgep0dge> eth rhymes with meth, though i'm unsure how i would pronounce ethernet
13:33 < djph> dictionary has it with the hard 'e' as well.  you're simply saying it wrong.
13:33 < dp> I'm definitely eeethernet
13:33 < dp> But eth is meth
13:33 < djph> ˈēTHərˌnet
13:33 < dp> Strange, really.
13:34 < dp> You'd think I'd say eth0 and ethernet the same way, since they are the same word at heart
13:34 < h0dgep0dge> I'm pretty sure i say eth like meth and ethernet like eat, but I resent your claim that someone can "simply" be "wrong" about pronounciation
13:34 < h0dgep0dge> I agree, i would think they would match
13:35 < dp> Odd that I say eeeethernet (e like in need) but eth0 (e like in meth)
13:35 < h0dgep0dge> it's like the opposite of wlan, I consistently say/think "wi-lan", which matches the long version (wireless lan) but doesn't match a literal reading "double-you lan"
13:36 < djph> h0dgep0dge: wait, if you're saying it with the hard / long e (eeeethernet)
13:36 < djph> then you're not wrong
13:36 <+xand> who cares
13:36 < h0dgep0dge> I'm not wrong, but i resent you saying that someone could be wrong
13:36 < djph> Merriam-Webster :)
13:37 < djph> h0dgep0dge: go to your safe space then.  Dictionary has given pronunciations of words.  Saying it differently is *wrong*.
13:37 < h0dgep0dge> disagreeing with dictionaries doesn't make you wrong, dictionaries aren't authoritative
13:37 < h0dgep0dge> and you don't know what a safe space is
13:38 < djph> you're right, I don't hide from people who disagree with me
13:39 < h0dgep0dge> Hey look at this, i just wrote a dictionary, and under "h0dgep0dge" it says "always right about stuff"
13:39 < h0dgep0dge> do you seem my point?
13:39 < h0dgep0dge> seeeeeeee* my point?
13:39 < djph> h0dgep0dge: nope.
13:40 < h0dgep0dge> the point is that dictionaries aren't authoritative, because everything in a dictionary was just written by some guy
13:41 < h0dgep0dge> it's a handy reference to understand how words are used, but it's not an authority on what's correct
13:42 < djph> suppose you can make that argument about anything you want.  I mean, "RFCs" are "just written by some guy", as are "encyclopedias", or "manuals"
13:42 < dp> They're especially inaccurate with dialectical differences
13:44 < h0dgep0dge> i'll take encyclopedias first, that's fully true, encyclopedias _aren't_ authoritative. you don't think anyone has written something incorrect in an encyclopedia?
13:44 < h0dgep0dge> as for rfcs and menuals, those are written by the people who invented/designed/built the thing they're writing about, so they _are_ authorities
13:45 <+xand> Oxford English dictionary uses spellings that most people in the UK don't use
13:45 <+xand> mainly "ize" instead of "ise"
13:46 < julius> if i use -b 10k  or -b 100k the output for iperf3 is the same, doesnt that specify each packets size?  [  4]   0.00-10.00  sec   808 KBytes   662 Kbits/sec  1.145 ms  0/100 (0%)
13:47 < h0dgep0dge> and that's not to mention that rfcs become obsolete and manuals are revised, so they're really not ultimately authoritative either, but they're much closer
13:48 < h0dgep0dge> i'd love to keep rambling about nonsense here, but i'll feel bad if i steamroll over julius' question
13:49 < dp> Oh crap I never noticed
13:52 < h0dgep0dge> how about this djph, a compromise, I'll agree that a long E is the only correct pronounciation, if you agree to only spell it æthernet
13:53 < djph> julius: no, it specifies the speed at which you want iperf to try hitting (default 1mbps)
13:53 < julius> ah right, thats what i meant
13:53 < julius> h0dgep0dge, carry on
13:53 < djph> h0dgep0dge: whichever you want
14:05 < julius> djph, still, shouldnt there be a difference in the last line of ipef3?     command line is: iperf3 -c serverip   -i 1 -b 100K -p 10000 -t 10             and         iperf3 -c serverip -u -i 1 -b 10K -p 10000 -t 10     both end with: [  4]   0.00-10.00  sec   808 KBytes   662 Kbits/sec  1.145 ms  0/100 (0%)
14:06 < julius> the jitter is of course minimal different, but the rest looks like the same
14:06 < julius> if the packet size is different i would expect different numbers for transfer or bandwith or both
16:11 < jquinby> os/close
17:52 < Mead> gosh this is agrivating, I've got directv dcau1r0-01 DECA (ethernet coax adapter). It gets an IP address from my DHCP and when I put the IP address into my browser it gives me a login.   I can find little to no information about the device, I even just asked directv for a user manual and all I got was an set of install instuctions for an DECA adapter.   My google-fu has failed me too.
17:53 < Mead> anyone know where I can find more information?  The fact that it is holding a IP address makes me uneasy after purchasing it second hand.
17:58 < goldstar> when setting up a VTI interface, must the IP addrs for each endpoint be in the same subnet ?
18:00 < brentaarnold> Check out my recent work fellas <3 https://ibb.co/ecPb2J
18:05 < mohnish> Anyone here?
18:06 < Mead> I am
18:07 < mohnish> Oh hi
18:37 < Fr0stBit> Is a NS server the same as a DNS server?
18:37 < stairmast0r> anyone else still having issues due to the level3 outage?
18:38 < compdoc> havent noticed anything lately
18:48 < purplex88> whats uplink and downlink of switch?
18:49 < Peng_> Fr0stBit: Probably? Could mean something slightly different depending on the context.
18:49 < longxia> Fr0stBit: yes, usually, but NS is more generic. Also see https://en.wikipedia.org/wiki/Name_server and https://en.wikipedia.org/wiki/Windows_Internet_Name_Service
18:49 < Mead> uplink ports are the ports connected to either/or another switch/router that leads to the layer 3 gateway
18:50 < Mead> downlink ports are pointing towards another switch that doesn't have a direct route to the layer 3 gateway
18:51 < Fr0stBit> I mean, i know how a DNS server works but i kinda confuse the option that the hostname providers give you to use a 'custom' name server instead of theirs like this: https://snag.gy/1VAXMz.jpg https://snag.gy/zaPcpi.jpg
18:51 < Mead> not to be confused with "links" that are "down" (not working) or "up" (working)
18:52 <+xand> Fr0stBit: in that context, nameservers is the authoritative DNS servers for a domain and are shown as NS records
18:53 < Mead> Fr0stBit:  the "custom" name servers is so that you can tell them to use specific name servers other than the default one they provide
18:54 < purplex88> Mead: do uplinks always have high bandwidth?
18:55 < Peng_> Only 5? :T
18:56 < Fr0stBit> Yes, i kinda understand this, but how does it work in practice? I suppose i need to tell an authoritative DNS server the hostname<->ip mappings but why do i need to tell the hostname provider the authoritative server's address?
18:58 < Peng_> If you didn't, how could anyone know which authoritative nameservers your domain uses?
18:58 < Peng_> So how it's normally done is that you enter them into a form on your registrar's website, and they submit them to the TLD's API
18:59 < Mead> purplex88:  ideally you want your uplink to have higher bandwidth than the downlinks.  Switch makers will make a 10/100 mb switch with a couple gigabit ports or a gigabit switch with a couple 10gigabit ports for uplinks, but it isn't required.
19:01 < Mead> purplex88:  this rabbit hole gets even deeper if you start talking about a managed switch with trunking and spanning tree
19:02 < purplex88> not required?
19:03 < Fr0stBit> Peng_: Ok thanks!!
19:03 < blinksy> what's the difference between dnssec and dnscrypt?
19:04 < Peng_> Everything except the first 3 letters
19:04 < Mead> not required to pass frames
19:05 < Peng_> blinksy: DNSCrypt (or DNS-over-TLS or DNS-over-HTTPS) are normally used to encrypt and authentication traffic between you and your DNS resolver.
19:05 < Peng_> blinksy: DNSSEC is used to authenticate traffic between a resolver and authoritative nameservers.
19:08 < purplex88> Mead: so simply uplink is to send and downlink is to receive?
19:33 < ic3cube> Anyone good with mac address NPS auth for laptops wireless?  So a laptop will connect to the wireless as soon as its online and its a remembered network; then the user can authenication
19:33 < ic3cube> authenicate**
21:02 < Yamakaja> Is anybody around here familiar with the specifics of VyOS' / EdgeOS' /config/scripts/post-config.d behavior? Can i use that to launch applications which don't fork into the background or is that going to block the boot process?
21:06 < zenix_2k2> one question so i have recently learned about the TCP/IP suite but after that do i also need to learn about the OSI model ?
21:06 < zenix_2k2> or quite fine to go
21:10 < linuxmodder> zenix_2k2,  OSI model is tied into TCP/IP so it will be part of it
21:10 < linuxmodder> TCP/IP USES the OSI model
21:10 < zenix_2k2> well good to hear
21:18 < Mead> linux_probe:  tcp/ip uses the TCP/IP module,  the OSI is sort of an expansion and refinement beyond the scope of TCP/IP
21:24 < zenix_2k2> and btw, between the application layer and the data link layer which is the one that is responsible for packetlizing your data ?
21:26 < zenix_2k2> cause my book said something like "This layer splits data into packets to be sent accross the connection medium and then wiring such as Ethernet or token ring get involved" but in the other page it says "if you FTP a file from computer A --> B, the data in the file is packetlized at the application layer and sent through all layers on computer A"
21:27 < zenix_2k2> and by "this layer" i mean the data link
21:31 < learner> hey guys, can anyone help me with my pptp set up please. I have set up a pptp server on ubuntu 18.04 server. i'm using mschap-v2 and mppe-128. I have no problem signing in and browsing uning linux clients. my problem is with windows. I can sign in, however it hangs up right after it reaches the mppe section. help please?
21:35 < zenix_2k2> so guys, which layer actually packetlize the data ?
21:35 < zenix_2k2> cause that book still sounds kinda weird
21:35 < zenix_2k2> and it is a for dummies one
21:36 < deavmi> anybody here have knowledge on silc?
21:56 < brentaarnold> Is there any advantage or disadvantage to using DHCP relay in both switch and firewall when running DHCP on a Windows DC?
22:00 < ElLaxlaxem> Why would you want to let DHCP through firewall?
22:01 < endre> nope
22:07 < brentaarnold> ElLaxlaxem: I have two VLANS, LAN and WLAN. I want the firewall to pass DHCP requests from WLAN on ge-0/0/2 to LAN on ge-0/0/1 where the servers reside.
22:08 < ElLaxlaxem> I assume the switch you were talking about is connected to ge-0/0/1? If you want to relay DHCP across firewall boundaries then I imagine you would surely need to enable DHCP relay on your firewall
22:12 <+catphish> you only need dhcp relay on the switch
22:13 <+catphish> (or any layer3 device)
22:13 <+catphish> the firewall doesn't need dhcp relay, it just needs to allow the dhcp packets through
22:13 <+catphish> you only need dhcp relay on the gateway for that network, whatever device that is
22:14 <+catphish> brentaarnold: oh, just read your second message, if your firewall is the router between the 2 networks, then that's where you need to enable dhcp relay, i don't think the switch would be involved in any way (it's not doing layer3 in this scenario)
22:16 < ElLaxlaxem> How would firewall know where to relay DHCP requests if the actual DHCP server is behind the switch and not known by the firewall?
22:17 < brentaarnold> Both ge-0/0/1 and ge-0/0/2 are connected the switch
22:17 < brentaarnold> But their outputs are controlled by VLANs
22:18 <+catphish> can we start over?
22:18 < bray90820> So is there any point to having 1 wall ethernet jack in your house
22:19 <+catphish> brentaarnold: you have 2 VLANs, right, and you have a firewall?
22:19 < ElLaxlaxem> bray90820: You need second wall for it to be useful
22:19 < bray90820> Well then I need to look harder
22:19 <+catphish> bray90820: it must go somewhere
22:19 <+catphish> brentaarnold: and you have a dhcp server connected to one of the VLANs only?
22:20 < bray90820> I just bought a house and there is only one wall jack that I can find but I will look harder
22:20 <+catphish> bray90820: usually it'll go back to a cupboard, or maybe the attic
22:20 < ElLaxlaxem> It sounds all kinds of crazy to somehow shoot DHCP requests over WLAN
22:20 <+catphish> Exagone313: huh?
22:20 < ElLaxlaxem> Oh wait, I mixed up WLAN and WAN
22:20 <+catphish> lol
22:21 <+catphish> brentaarnold: if you can answer my questions, i can help :)
22:23 < bray90820> catphish: Well the first one I found was in the upstairs loft so I will just check it out when i go over there later
22:24 <+catphish> bray90820: well it must go somewhere, either 1) to another socket somewhere in the house 2) to an external service provider or 3) it used to go to a room but it's been removed
22:25 < bray90820> catphish: Thanks
22:25 <+catphish> my house has a ton of coax cables that don't go anywhere because i filled in the sockets and cut off the cables, it's 2018, nobody needs terrestrial coax to every room
22:25 < ElLaxlaxem> Maybe it's the phone line not Ethernet lol
22:25 <+catphish> yeah that was my thought
22:26 <+catphish> though most countries have very distinctive sockets for incoming phone service, and dont terminate in the loft
22:26 < bray90820> Haha my house has coax in every room
22:26 < ElLaxlaxem> I wish I had sockets in my rooms because WiFi is not as punk
22:26 <+catphish> yeah i'd love cat6 to every room
22:26 <+catphish> but house is too old to easily install it
22:26 < bray90820> And I need sockets because I have devices that don't have wifi
22:27 <+catphish> i have 2 APs to cover my house, it seems to work
22:27 < tds> we've got wattle and daub walls here, which makes running wiring a little tricky ;)
22:27 < ElLaxlaxem> i've got asbestos
22:28 <+catphish> tds: same here
22:28 < bray90820> What would you recommend I buy for an AP if the jacks arn't there
22:28 < bray90820> what about this
22:28 < bray90820> https://www.amazon.com/Alfa-R36-Repeater-Extender-AWUS036H/dp/B004ZF0I3U/ref=cm_cr_arp_d_bdcrb_top?ie=UTF8
22:28 <+catphish> it's like a combination of sticks, mud, plaster, and newspaper
22:28 < bray90820> I have one of these laying around
22:28 <+catphish> it's probably a colossal fire risk
22:29 <+catphish> bray90820: maybe try powerline
22:29 < theunix> how finding the problem
22:29 < ElLaxlaxem> real men run wires through indoors not walls
22:29 <+catphish> you can get powerline plugs with built in APs
22:29 < bray90820> Powerline?
22:29 < theunix> apps not connect
22:29 < bray90820> catphish: like this?
22:29 < bray90820> https://www.amazon.com/NETGEAR-PowerLINE-1000-802-11ac-Gigabit/dp/B01929V7ZG
22:29 <+catphish> like this: https://www.tp-link.com/uk/products/details/cat-18_TL-WPA4220T-KIT-V1.20.html
22:30 <+catphish> bray90820: yeah, that one you linked to is way better!
22:30 <+catphish> "Use your existing electrical wiring to extend your Internet access to any room in your house. "
22:30 <+catphish> they are a good option when you can't run new wires
22:30 < ElLaxlaxem> That shit is unstable or so I heard
22:31 <+catphish> ElLaxlaxem: it varies a lot, but often better than wifi
22:31 < ElLaxlaxem> just use damn cables
22:31 < ElLaxlaxem> you dont need to drill walls
22:32 <+catphish> in my house i just have one long ethernet cable, it runs from one end of the house to the other, under the carpet
22:32 <+catphish> that works well, not great, but neat enough
22:32 < ElLaxlaxem> yeah you need to tap it few times halfway
22:32 < ElLaxlaxem> like nsa
22:33 < bray90820> Capitanno: Yeah thanks that actually looks pretty good with what I am doing I don't really need wired internet I am only using it as an interface for music playback which is actually connected to the router the only reason I need wired is because the devices don't have wifi
22:33 < tds> I'm still using powerline stuff here, it's been pretty stable but relatively low bandwidth
22:33 < ElLaxlaxem> real men use flash drives
22:33 < tds> I should probably try the new "gigabit" ones and see if I can push more than 20Mb/s over them
22:34 < ElLaxlaxem> or get a dish and RF handbook
22:34 <+catphish> they work pretty well in my house, but ethernet +wifi works marginally better since i got unifi
22:36 <+catphish> one option i always forget: you can always run ethernet externally, just drill, run the cable round the external wall, mount the port on the surface of the inside of the exterior wall
22:36 <+catphish> that works great if you don't mind the unsightliness externally
22:36 < ElLaxlaxem> real men use 1 device only
22:39 < Mead> I wouldn't suggest doing that, too easy to get access to the etherent wire to sniff the packets
22:40 < Apachez> anyone into tomcat here? is there some kind of builtin watchdog you can configure so when the app tomcat is hosting goes poff (including tomcat itself) then tomcat can restart?
22:44 < brentaarnold> catphish so sorry, was in game :P
22:45 < brentaarnold> Yes, I ahve two VLANS set on the firewall AND the switch, 101 and 111
22:45 < brentaarnold> 101 is LAN and 111 is WLAN
22:45 < detha> Apachez: just make a cron job to restart tomcat every so often
22:50 < Apachez> its a wintendo box :(
22:50 < Apachez> and I dont want to restart it if its running correctly
22:53 < detha> 1) find a measure for 'is running correctly', like doing a http request, 2) write some batch file/vbs/powershell the does that, and restarts the service if it fails
23:16 < Apachez> well thats where my skillz are failing on windoze
23:16 < Apachez> if it were a linux box then it would already be done :)
23:16 < Apachez> damnit
23:16 < Apachez> another q... in the chrome apk for android - isnt there some chrome url where you can enable support for older ssl/tls ?
23:30 < FoghornLeghornU> What is the best self study resource to learn about networking and computing ?
23:30 < mgolisch> are there any 8port switches with a sfp+ port?
23:30 < mgolisch> i have not found any
23:34 < brentaarnold> Sorry, lost power for a bit
23:35 < FoghornLeghornU> Thanks
23:45 < dogbert_2> mgolisch, not sure if those exist...might find a 12 port one like that
23:46 <+catphish> brentaarnold: does the switch do any routing? or is it just a switch? ie what device is the gateway for the 2 networks?
23:46 < Apachez> mgolisch: sure, HPE got some
23:46 < dogbert_2> hey Apachez
23:48 < Apachez> mgolisch: with or without poe?
23:48 < Apachez> http://h17007.www1.hpe.com/us/en/networking/products/switches/switch-selector.aspx
23:48 < Apachez> 2530 08G
23:57 < mgolisch> yeah they have some but they are realy expensive
23:57 < mgolisch> :(
--- Log closed Mon Jul 02 00:00:21 2018