#networks

Unfortunately I'm not in front of my computer right now. Can I get back to you with some code that I'm using and the full traceback?

On Monday I will resume so I would say that the issue will persist😅

sure, np. someone will be around

Cool

the s_client command here https://blog.raylu.net/2020/09/14/debug_http.html is what output that, btw ^

Alright thank you so much for your time, I really appreciate it

How do I use scapy? I can't find a tutorial thats updated. The only ones I find use old versions that doesn't seem to work with the latest version. And the docs are so confusing and doesn't work

lsc() type in scapy interpréter , this command will give all the info you need

And whats the scapy interpreter?

How can I use windows cmd to see all the available wireless networks in the area?
Like when I choose a wifi through the gui and I see all the different wifis and the connection strength

Idk know how it’s works there but in Linux terminal just run sudo scapy3

https://www.thepythoncode.com/article/building-wifi-scanner-in-python-scapy
This website will help you.But idk how ur going to do this in windows because u have to use ur wireless adapter

Im watching a tutorial that uses scapy.arping() but .arping does not seem to exist for me

Does the available methods vary between unix based systems and windows? I read somewhere that scapy is not made for windows

u can do use scapy in windows I saw some YouTubers

But not sure

if u can do everything

Eventually I decided to prepare the code I'm using and the traceback for today. With the intention of starting fresh next week 😅. I feel like there is sensitive information within the Traceback. Can I send it to you privately alongside the code I'm using to call the api?
Thank you so much in advance

Hey guys

I need help

How can I communicate with my su 200 plc over Ethernet with python

Anyone using Jinja for Cisco config templating

Yes, for simple show commands across Cisco devices.

I need help with some IP address calculations.... essentially I need to convert IP networks, ip/mask, into one or more wild card DNS records that would match them.... so for 1.2.3.4/32 I need to return: 4.3.2.1.sub.domain.org .... for 1.2.3.0/24, *.3.2.1.sub.domain.org.... etc.

I wrote a function that seems to work fine, but it uses a naive logic.... iterates on every possible IP in the given cidr, and then figures out the octetes that go from 0 to 255, then replaces them with wildcard *.... not cool 🙂 I would appreciate hints on how improve this function.

https://gist.github.com/lrhazi/22e1f9ce8cb1917208d8bcce0613798a

I guess my question is just how to find all /24 subnets in a given network/mask .... because those are what I need to replace with a wildcard... others would need to be listed one per IP.

Can someone try and help me in #help-chili if you can, it's about web browsers and stuff like that in python.

I guess this is all I needed:
In [4]: list(ipaddress.ip_network('142.0.176.0/20').subnets(new_prefix=24))

no, keep it on the server. if it's sensitive, why show some random dude on the internet via DM?

yeah, just answered almost the same question the other day: #networks message

It makes sense

I replicated the environment in my local computer executed the same code and it works, but in that server it doesn't🤷

yeah, this works for me

>>> requests.get('https://www.afedegi.com')
<Response [200]>
>>> requests.__version__
'2.25.0'

what version of requests do you have on that one?

2.27.1

ok. on that machine, what happens if you just curl -I https://www.afedegi.com?

HTTP/1.1 200 Connection established

curl: (60) SSL certificate problem: self signed certificate in certificate chain
More details here: https://curl.haxx.se/docs/sslcerts.html

curl failed to verify the legitimacy of the server and therefore could not
establish a secure connection to it. To learn more about this situation and
how to fix it, please visit the web page mentioned above.

ah, so you don't have the CA for LE... interesting

run the s_client command here on that domain https://blog.raylu.net/2020/09/14/debug_http.html

This one?
openssl s_client -connect https://www.afedegi.com -servername https://www.afedegi.com < /dev/null | openssl x509 -noout -text -certopt no_header,no_version,no_serial,no_signame,no_pubkey,no_sigdump

yeah. what did that output?

No output

wat

that seems unlikely

It seems like it doesn't terminate

that sounds more plausible

maybe the server doesn't like your IP :D

Now it does

I added https://

140329658971712:error:2008F002:BIO routines:BIO_lookup_ex:system lib:crypto/bio/b_addr.c:730:Servname not supported for ai_socktype
connect:errno=0
unable to load certificate
139929155102272:error:0909006C:PEM routines:get_name:no start line:crypto/pem/pem_lib.c:745:Expecting: TRUSTED CERTIFICATE

yeah, you don't want https

I did this command to get that output adding https and omitting port number

Pretty weird not gonna lie

https://levelup.gitconnected.com/solve-the-dreadful-certificate-issues-in-python-requests-module-2020d922c72f

oh, is the intermediate cert missing?

that doesn't explain why s_client hangs

yeah the intermediate certs are sent just fine https://www.ssllabs.com/ssltest/analyze.html?d=www.afedegi.com

Yeah I feel like the intermediate is missing that's why it says certificate chain

Btw this is me right now😅

Hey there, I'm back. I've looked into sending data over sockets with struct, but can't seem to figure out how to apply it to my game engine. Since each game object needs to send different data, how could I use a struct to do so? Since encoding/decoding with the struct library depends on a specific format (one that does not accept strings, only a set of numbers such as ints, floats, ect) I cant find a practical use for my engine. I apologize for my naivety, but I'm basically starting from square 1 when it comes to networking.

you don't want to send full game objects, that will most probably be to much data which will put unnecessary load on the server and introduce lag

Right, but some objects only need to send maybe a position, but others may need a scale, rotation, animation state, ect.

using struct seems like the best option but im having trouble understanding how to send that data, especially when decoding that data requires a pre-determined format

i don't know much about game engines, but i would let the servers dictate what happens in the world around the players and send updates to the clients about what's happening
and only let clients send there actions as intents to the server and then let the server decide the outcome of that intent and send that back to the server, just to minimize the chance of cheating

You are correct, that is how I would handle that too, my issue is packing the game object data on the server using structs. Since structs require both a set format in packing and unpacking, I dont see how a client could decrypt object data without that special format, considering the format is different on an object by object bases

The simple answer to this would be to store the decryption format on the client too, but then how does the client know what data corresponds to each object?

I guess I'm having a hard time with the specifics of this lol

and i'm guessing you mean decode and decoded rather then decrypt and decrypted, just so that we are talking about the same thing here

I would imagine lol, sorry not exactly caught up on the vocabulary yet either

To be the most specific i mean struct.pack and struct.unpack

you probably want some transport security in the form of encryption as well, for example TLS, but it's not relevant to this discussion right now

well any information helps, Ill look into it once i get actual data sent from server to client

I can send basic text already, but ive heard sending actual game data should be done with structs

if i have a server and a client using socket and ssl should i pack the ssl certificate into a variable to use it when its executed on a machine or should the client request the certificate? And if you think its the second how does the server detect that the client doesnt wants to further communicate and only get the certificate to connect with it again? should the server just try to send a test message and if a exception is raised it will understand that the client disconnected?

you probably mean TLS rather then SSL, just use a ready made library for it and let it handle all that for you

could you recommend me one

first of all i would abstract it with functions, like an api, so that i can change the underlying implementation of the network protocol and optimize it later

I dont really understand what you mean by most of that lol. Again, all im trying to do is encode game object data, send it from server to client, and have the client be able to edit the corresponding objects data

just that i would have high level functions in the code that i call of the different things i want to happen
then implement those functions with a very basic network protocol and optimize it later on

just use the ssl library from the python standard library: https://docs.python.org/3/library/ssl.html

Can anyone help with this?

Can anyone tell me how to implement the built in plugin supports for PyQtWebEngine, with the Pepper Plugin API, how would you make a plugin, how would you add them to your PyQt Web Browser and how would you make an extensions GUI button for removing and disabling plugins? I found some documentation, I how this can help some of you guys to at least make it a bit easier to help me: https://doc.qt.io/qt-5/qtwebengine-features.html#pepper-plugin-api

!rule 8

@unreal path rules says no 👆

I am trying to use proxies to perform a request, often its not actually using the proxy but my own public ip... How can i prevent that from happening?

maybe its the proxy server that is not working

i am checking that

everything that needs to use the proxy also needs to be configured to do so
and many times your system will still do dns lookups for what is being connected to though the proxy

where i can host a socket server over the internet?

you could self host (hosting it yourself) or you could use AWS for free (for a year i believe) or heroku or repl (although repl is quite limited and requires a workaround to stay active)

how i would self host, i kinda tried to do the heroku method, but i had the socket server start on another thread, cause in the main thread i had the webapp but it didn't really worked out as i expected

you would self host by running the program on your own computer and opening the port in your router settings to allow traffic through

oh i see, it's that port forwading?

yeah

you would typically port forward port 80 and 443 on the router that has your public ip address to some other ports on your computers private ip address on the lan

i see

i think i'm gonna try with the repl just to test it out lol

you picked the hardest option of all three lol

repl automatically stops its process after a certain amount of inactivity, this means to keep your server running you need to GENERATE your own activity which another process

i was researching about it but it says replit actually doesn't handle sockets

you can sign up to an external service to do this for you i think

so basically i have two programs one that is a python program that records audio live and send it to the server that it serves to the website, but sockets doesn't seem to work that good on heroku neither repl, do you think there's a way to convert it into websockets?

the two programs are like the python program for recording audio live and sending it, and the website who manages it and makes it playable, by just entering the page in any device

is there any issue here?

looks okay to me if that is the ip address range you are working with and the number of required users are right and you don't need much more room to grow

I only have two subnets

do you think it is correct?

the subnet calculations and all is right as far as i can see

when I put it on packet tracer it doesn't work properly

as all devices are connected but the message is not delivered from one side to the other

what ip addresses and routing have you assigned to the two hosts and the router?

so the pc's the last host of the subnet

would that be pc-b?

same

no, i see now, it's pc-a

but what does the ip addressing and routing look like on pc-a and pc-b?

how to open that?

you also need to do show run int gi0/0/0 and show run int gi0/0/1 so that i can see the rest of the interface configuration

ok one sec

invalid inputs

ans just a show run then?

in config mode, run: ip routing

to enable routing between L3 interfaces in the default vrf

yeah

does it work now?

it doesn't say anything

do I need to say no shutdown

no

it's just a command to enable routing in the default vrf

oh ok

how do i check if it's working

you can check it with show run again to see if you can see that new line in the configuration

then you can try pinging again from pc-a to pc-b

it didn't add any new lines mate

still requested time out

okay, then it looks like it's enabled by default on that platform

or well, the platform they are emulating

yeah but the issue is still there

from R1, can you ping pc-a and pc-b?

btw, do you know the table I sent, can you tell me the gateway, because i'm not sure if it is this for PC-A (for example): 192.168.103.64

the gateway for each network segment is the ip address of the router interface on that network segment

so the one I sent you?

yeah, so computers on the 192.168.103.0/26 segment would have 192.168.103.1 as their default gateway for example

that 0 should be a 1

these are the details of the pc

pcs

the error is with the pc-b default gateway, it's right now pointing to the .0 network address instead of the routers interface .1

the network address is just another broadcast address of sorts

so, that's no good for use as the default gateway

what about pc-a then?

and then it's the same on pc-a as well

so 65?

.64 is the network address, you should use the routers interface ip address as the default gateway for the computers on that segment

yeah

ok done that

now try pinging between the computers

my guy

lemmi try anpther one

the other one

you understand why this works too now?

as the default gate was wrong

gateway

so the router doesnn't where to send the message?

yeah, so if you should reach anything outside of your own network segment you need a route to that network through some gateway (most often a router of some kind)

it's the computer that didn't know where to send the message to reach outside of the network segment

it was trying to lookup the mac address of a host on the same network segment with the .64 ip address, but it couldn't find one

right

so that is good, thanks for the help, I might some in bit anyway

now it can find the mac address of the routers interface and send the ip packet to that mac address to have it routed to the next network segment

why the switch deliver the message then?

don't

can you see?

i don't it matters

what do you mean?
the message goes through the switch just fine, doesn't it?

can we ping a switch and a router?

this switch is probably just a L2 device, that means it doesn't have any ip address, at least not on this network segment

it just switches packets based on mac address using mac learning

yeah becuase how am I meant to give an answer here?

it will learn which of the switches network interfaces which mac address belongs to

ok. so I don't need to put anything here?

no I mean

aha, i would just put N/A for those cells

as the switch isn't participating in anything that has to do with Layer 3 as it's working on the below layer, Layer 2

but it's still part of subnet A

so it does have a gateway

it's just switching packets back and forth, not routing them, it doesn't care about ip addresses or the ip protocol at all, just ethernet and arp

no, that switch neither has an ip address or a gateway, it doesn't concern it self with ip at all

but the teacher said to give the gateway as part of gateway

Imma put that anyway

but It doesn't have any ip address or mask

as they are not meant to be routing anyway

if the switch supports management you could set an ip address and a default gateway on the switch as well if you would like to

how to do that?

will that not ruin the work, right?

no, it shouldn't it will just add another L3 device on that network segment on that side of the router

see if you can bring up a console on the switch just like you could with the router or if you can configure an ip address and gateway on it similar as you could do with the simulated pcs

it you can't, then that simulated switch is just a dumb, non-management switch and it has no idea about the ip protocol at all

in that case you shouldn't put anything other than N/A on all the columns for the S1 device

I cannot add another device

I'll just put N/A

and even if it's a managed switch, the way it was configured when we ran the lab just now it's still N/A for all those columns for the S1 device

as you have not given it an ip address, ip mask or a default gateway

how long do you think this can take up to?

oh, you have a bit of ways to go

I'll justify why I didn't put this, obviously it makes sense not to put it

is that hard?

but it looks like you should configure all the intermediary devices, i would interpret that as meaning the switch as well

yeah

see if you can configure that in almost the same way as when you were to configure the router

can you bring up the console on that one as well?

so I'll start that in a bit, I need to finish the other bit

you still here?

but that would change what you put in that table

that is the second bit, something different from the begging no?

if you can configure it you can put the ip address, mask and gateway in for S1 in that table as well

wait so let's do it now

one sec

don't I need to implement the ipv6?

first

you still there?

hello?

yeah, still here, multitasking a bit

see if you at least can get a console for the switch S1 so that you can configure it

it looks to be a cisco switch which supports management, in that case it should be very similar to the cisco router R1

ok

let's start from the begging

my time is running out and i really need to be going
how is that console access to S1 coming along?

I have set the two routers has hostnames

wait

you only have one router on that map, the other one is a switch

yeah

telling me to set an ecrypted password

then set a password according to the rules explained in the text you got

doing it now

I'm not really good with this

so bear with me

it should be ccnaconpass

yeah

when it says all EXEC I have given router a password

and now I have to do that to the PCs and switch too?

What is the difference

you can't configure the pcs like that

I might have messed up

but the router and probably the switch as well

it's only the router and switch that count as intermediaries the pcs are considered end stations

did I mess up?

check your work with show run

you have set an enable password

yeah but their meant to be two different password, no?

the other one is for the console, you set it in another way

what is the correct way?

it should be at the end of the configuration that you see when you run show run

so how can I fix it?

conf t
line con 0
password ccnaconpass
login

if i remember it right

see if you can use secret instead of password

at least for enable

enable secret and then password

which is the EXEC one given

right

?

enable secret and then the exec password

i think you will have to remove the enable password first with no enable password as you can only have one of them

oh, some cisco systems just support having one of them not both at the same time

yeah

but you should remove it anyways

yeaj

one sec

just checking now

you also want to have service password-encryption so that your console password is encrypted

that works fine

if you now exit all the way?

that doesn't work

you should have a new password prompt

yeah, there it is, the console password

wait

it doesn't workl

the password don't work

conf t
service password-encryption
end

didn't work on your simulated cisco device?

yes

that should be ccnaconpass

yes

why tho

why what?

never mid

mind

my bad

shall i do the same with switch?

yeah

so password just normal

and secret exec one

wait

I still need to ecrypt

on the switch you also want to set an ip on int vlan 1

it's already there

give me one sec

yeah that's what the service password-encryption in configuration mode does

i need to excrypt

so that is done, right?

that is the vlan ip I set up

yeah, and then you check it with show run and you should not see any clear text passwords anymore

you'll also want to add a default route to the switch pointing to the interface of the router

how to do that?

because it is needed

ip default-gateway 192.168.103.65 because the switch is not a routing device and doesn't have ip routing enabled

ip default-gateway is only used by the switch it self, not for the traffic flowing through the switch

after that pc-b should be able to ping the switch and the switch should be able to ping the ip address of pc-b as well

they should now be able to reach each other over R1

I'm trying to fix that goddam password for S1

you know you can google most of this stuff right, like cisco ios default gateway
because i really need to get going, should have left for quite some time ago

well ok, but it gets complicated after with adding admin and passwrods

that's all

you can go, will you come back?

sure, but it will be quite a few hours until i'm back

I'll be here

for 11 hours

I hope you come back to see some imporovement

okay, before i go i'll leave you with this: google cisco ios add user and don't use the username ... password version of the command, use username ... secret version instead
also, use tab expansion (by pressing tab) on the command line and use ? when you are unsure, like username ? in configuration mode 👋

see ya soon

why isn't it telling me that something has changed, instead it just adds the ipv6 into the g0/0/0

hi again, it won't tell you every time something changes

don't forget to add logging synchronous to your line con 0 section for both the switch and the router

One sec

Lemmi go on my pc

done that

so I'm assigning Ipv6 now

basically the last bit

but I don't know what is link local address

I don't know the gateway on the PCs

?

as far as i remember you shouldn't need to set any default gateway with ipv6 since it should be mostly self configuring in that regard
but then, ipv6 isn't something i work with a lot

Don't worry now

I've done what I could

Thanks for the help anyway

have you checked if you can ping across the router using ipv6?

No, don't worry

What's done is done

have you submitted the task already or are you out of time or something?

and have you checked that you didn't miss any items on the work sheet, like setting the password policy, motd or disabled dns lookups?

Yeah done all of that

Didn't do the last part

I was up all night

I hope they understand and pass me off

Cuz, I cba rn

Hey there, back again. I know I keep returning for a similar question, but every time I feel i've figured it all out, something else comes up. So I've figured out how structs work finally, how I would package all the object data up and send it from the server to the client. However, I'm having difficulty figuring out how the client will determine what object to propagate that data to. The server has a master list of all objects in the world, and so does the client. Since each object sends different data to the client, the format for struct packing is different. The simple answer is to store the format per object in the client, but since the object id is still in the encoded data, we cant get the object, therefore we cant get the format, and we cant decode the data in the first place, so its a loop. Even if we did know what the class of the game object is (ie weapon or player or bullet ect) how could the client know which specific object in the world to use that data for?

is someone able to explain to me exactly how I can change my router to connect to the receiver in a different place than before?

@fossil fiber make each object have a common header that includes its ID (and probably type). the client decodes the header first, determines the type, and then decodes the rest of the object

(this is the same way e.g. HTTP works; you look at the Content-Type header and decide if you're rendering html or text or an image)

so this would use the iterable unpack as opposed to the normal unpack method?

the header is of a fixed length, so you first grab the first n bytes and unpack that, then deserialize the remaining len-n bytes

Interesting, just so Im clear- can you describe what a header is exactly?

it's just some stuff at the beginning of a packet that describes the rest of the packet

for example, b.net 1 tells you which packet it is in the second byte of the packet: https://bnetdocs.org/document/10/battle-net-chat-server-protocol-overview
you then take that ID and deserialize accordingly (if it's 0x0F, you deserialize a https://bnetdocs.org/packet/307/sid-chatevent

HTTP sends the headers in plain text. this header says Content-Type: text/html, so you know to render the body as html (instead of an image or whatever) https://en.wikipedia.org/wiki/File:Http_request_telnet_ubuntu.png

I see, that's actually really cool, thanks! That's exactly what I was looking for

Side note, if we're only reading the first byte, how many different objects can I differentiate? Or would I do it so maybe the first byte tells us it's it's weapon, and the second byte tells us what specific type if weapon the object is, for example..

another example: DNS tells you how many of each record type you're getting. you deserialize each one in order (they're just concatenated together) https://www.catchpoint.com/blog/how-dns-works

every byte can encode 2^8 = 256 values. in 2022, I wouldn't bother using less than 4 bytes for any number @fossil fiber

Wow, I really need to read up on what a byte actually is lol. I will attempt to implement this, ill share the results later, thanks again!

if you use i, you get a 4 byte int (which stores 2^32 = 4 bil possible values) https://docs.python.org/3/library/struct.html#format-characters

@fossil fiber ^

Oh, sorry didnt see that

not necessarily, you used the example of HTTP headers which are of variable length

fair, but we probably don't want to deal with variable-length headers

i sincerely dont lmao

lol

the point is that you can make the fixed length header any number of bytes you want/need to describe the rest of the variable length data that follows the header, this is essentially how a lot of the network protocols work that you use every day without thinking about it

the ethernet protocol header does almost this for example

one questio

is there a way to get a specific (web browser) cookie to python

all cookies set for that domain and path will be delivered from the client to the server with the http request

sorry, im pretty noob, can u explain it to me?

web requests that are made by the client (web browser) will send all it's stored cookies for that domain and uri path to the server (which runs your python code) with the request as part of the http request headers

My slow brain hurts

don't worry, it's new to everyone at one time

Well, so it's possible then?

yes, very much so, as long as the cookie you are after is set for that domain that the server is hosted at (this is a bit simplified, there are some restrictions)

Can you help me to do it?

👉 👈

i don't think i will have time to get you all the way there, but i can give you pointers
do you have a site, a domain and/or somewhere to host that?

Can I MD you?

you take a help channel #❓｜how-to-get-help for this instead and if i don't have time to walk you through it all someone else might be able to jump in and continue where i left off

after you got your self a help channel you just write which one in here

Yeah I do that as first but nobody help and the help chat auto dormant

:(

aha, lets try again and when you have one i'll join it and we can continue in there

i will need to know which channel if you have taken a new channel now since the old one became dormant

yee

im doing it rn

#help-bagel

How to I get my flask app onto my public ip?

you need to port forward on your router

what are some examples

I think some ISPs won't allow that for normal users anyway

you would need to reconfigure your home router to port forward to the computer where you are running your code

I moved into a new house and don't have wifi yet. I have unlimited data on my phone and use it as hotspot on my laptop. I would like to share the laptop connection to my PC through an ethernet cable.

I enabled network sharing on my laptop wifi adapter. Setup IPV4 on laptop ethernet adapter to IP: 192.168.0.1 Subnet: 255.255.255.0
on my PC I set ethernet adapter IPV4 settings to: IP: 192.168.0.2 Subnet 255.255.255.0 Default gateway 192.168.0.1 DNS 192.168.0.1

This worked for a day but then my PC connection got real slow while my laptops connection was still fast. Today I didn't have an internet connection on PC. Media state says enabled and it's sending/receiving bytes but it just has no internet acces.I tried uninstalling adapter/drivers, resetting network settings, /flushdns, /registerdns, /release, /renew, disabling ipv6 and some other fixes. Nothing works. Is there someone that can help me. I need internet acces on my PC desperately for school/work.

Is this related to python?

No

I know its not python, but theres a program called Connectify that will turn your laptop into a sudo-router. You can use it to ethernet the connection to your PC. It may be slow seeing as how you are using a mobile hotspot, but I used that for a while

can any one pls tell me where to start

im gonna give that a try as well. are there any issues with it besides speed?

The free version requires you to manually restart the connection every hour, but paying for it (its not that expensive, I think i bought mine for like 20 or 40 bucks?) removes that restriction

oh ok, that doesn't sound to bad. I'm gonna give it a shot later.

"where to start" with what exactly?

Hi. Suppose that I, as a server, have a trio.SSLStream object. How would I fetch the client certificate, or otherwise validate that the incoming connection's client certificate is signed by a CA to the domain they claim to be from? The documentation of Trio doesn't make it clear and doesn't seem to provide such an option which is critical in my program (federated server-to-server protocols).
I'm using Trio, the structured async library's socket streams.

the SSL context (passed with ssl_context to SSLStream) holds information about CA certs you are using to validate client certs

if you want to use custom CA certs (such as self-signed certs) you can add them to the default CA cert folder on your system or add them to a custom context you create yourself

you can also apparently just call .getpeercert()? https://github.com/python-trio/trio/blob/0c2998f642d119f23a41e52d8b018fea1e1e1c28/trio/_ssl.py#L369

trio/_ssl.py line 369

"getpeercert",```

Ah, thanks 😄

Hi, I am not sure if this is the right channel but I try.
I currently develop a flask API.
I want to deploy the flask API a a docker Container.
Now I search a way to create something like a load balancer.
So, my main app should access the API via the IP but behind the IP there should be different instances of the flask API for load balancing (the Endpoints of the API did much heavy work to I want to have multiple instances for load balancing)

What should I google?
I can not find the right way

haproxy is also an option

Ok thanks guys I will have a look

Can apache2 put wordpress in https://localhost/blog and phpmyadmin in https://localhost/phpmyadmin ? If yes, are there any tutorial / sites for me to follow?

it can without any problems accommodat for that
however, how you do it depends on your specific setup

Yes i am wishing for a tutorial for that specific setup, i cannot find any or i dunno what keyword this technique called

you should be able to find tutorials on how to set each one up individually with apache
by default phpmyadmin will be configured to live under /phpmyadmin, follow any of the standard phpmyadmin on apache tutorials online and be sure to secure it

Can anyone help me with a Scapy question?

which os/distribution are you using to run everything on?

just ask the question in the channel and see if anyone can answer it (unfortunately i'll be going afk for a while now)

What's the best way to check if a sniffed packet is outgoing or incoming?

Aws ec2 Ubuntu

@cloud spruce

i don't think you can know for sure, but you can try to figure it out by looking at the mac addresses and ip addresses in the packet

How do I get rid of the b' '?

It's a print line I wrote

for phpmyadmin, this will probably work on aws as well as it's ubuntu: https://www.digitalocean.com/community/tutorials/how-to-install-and-secure-phpmyadmin-on-ubuntu-20-04

.decode() does trouble and str() also doesn't work

The whole line is a str or a byte

Or it’s in a dictionary

that's how I wrote it for now

What's your question exactly

Don’t use str in scapy

What's the alternative then

Thanks for linking the first result on google search but its not for specfic setup and now both wordpress and apache2 using port 80, I dont even know if setting apache2 port 8000 can auto redirect /phpmyadmin, reverse proxy is cloestest thing come in mind but still cannot find tutorials about it

U can do :
v = b“domain ”+pkt[....]
Print(v.decode)

I'm not sure I understand what that means

Could you explain please if its not too much trouble

make a variable where it’s a byte So when u get a byte u add to the variable so now we have full line of bytes. Then convert it into str by decoding

#packet[DNSRR].rrname = b"google.com"

#line = b"Domain: "+packet[DNSRR].rrname
#print(line.decode())

ahhh

@ember ledge but sometimes the value comes as a str and sometimes in bytes

use replace("b","")

meaning some packets I can't concatenate

before u have to make it a str

On what if I may ask?

Both values?

yes

l = b"Domain:"+b"google"

l = str(l)
l
"b'Domain:google'"
l.replace("b","")
"'Domain:google'"

or before u return the domain u can check if its a byte just decode there before printing it

wait u said sometime it returns bytes and str?

Yep..

that's the problem basically

try:
return data.decode()
except (UnicodeDecodeError, AttributeError):
return data

u dont need that

just try to decode if i got a error thats mean its a string

It works!

I just filter out the non str responses

which are no use to me

you are amazing for helping some random guy online

thank u

welcome ;)

Yes, you use Apache rewrite rules

It's probably easier to just use subdomains though.

http://phpmyadmin.localhost/

it's no problem using the same port for both wordpress and phpmyadmin as they are on two different paths
you should not need any other port for this and reverse proxy and the rewrite module works but is unnecessary for what you are trying to do

it may be the first hit on google depending on what you google
it's a very long tutorial but at least it tries to secure phpmyadmin which is more then i can say about a lot of the other much shorter tutorials which i was hopping that you didn't follow
we are trying to help people here without knowing what knowledge they have or what they have tried already, so that attitude is unnecessary

How can I convert my Nginx website from port 80 to 443?

By convert I mean do I have to do anything in terms of Cloudflare settings, Domain, etc.?

When I tried switching it in the server block, I started getting Error 521s

where are you hosting your site, is it on cloudflare?

Hosting on AWS, Using cloudflare

I just installed a SSL certificate from CloudFlare on my server

yeah, that's the first thing you need

I wanna transition to Full SSL Encryption (CloudFlare setting)

Next?

unfortunately i have not used cloudflare my self, so just know some basic stuff about it

Ah ok

Whenever I set my Nginx port to 443

Website stops working

cloudflare needs to know where to reverse proxy the traffic

How do I set the new port then?

as i haven't used cloudflare my self i don't know exactly how or where, but it has to be somewhere on in the settings at cloudflare

I don't see a port option

Could it be in the DNS possibly?

no, DNS has nothing to do with ports

it might just automatically assume port 443 on the remote server when you change the ssl/tls setting on cloudflare to "Full" (start with this one first) or "Full (strict)" (if you get the first one working you can move on to this one)

have you configured your server to use the private key and the certificate with the intermediate certificates in the chain?

@ember ledge setting up nignx with ssl/tls certificates: https://www.digitalocean.com/community/tutorials/how-to-host-a-website-using-cloudflare-and-nginx-on-ubuntu-16-04
and setting things up at cloudflare: https://www.youtube.com/watch?v=MYYb9IqWIOU

Yeah I did, I added the key and the certificate to my Nginx server block

Sadly still displaying a 521

Any websocket pros around?

i don't see any questions about it so i don't see why there would be any

Ha that's fair

Just struggling with a websockets issue and didn't get any bites in my help channel

i mean i've implemented the websocket protocol, so i know a bit about the internals, but i don't know your question

Sorry

I'm trying to send data to several websocket clients at once, but I'm running into concurrency issues with asynchio

How do you start a server and keep it alive while also doing other tasks?

I think I need to have two tasks running, one that handles the new WS clients, and one that runs a while loop over sending data to all of them.

which server library are you using for the websockets? i could take a look to see if there's a nice way to do it

Ah I just saw the #async-and-concurrency channel. Maybe that's a better fit

Just the regular 'ol "websockets" library

https://websockets.readthedocs.io/en/stable/index.html

https://websockets.readthedocs.io/en/stable/topics/broadcast.html#
what about this mechanism here?

handler handles WS client connections, and you can broadcast data to each client concurrently

I'll try that, I've been hesitant to use it though, because eventually I will want to send different data to all clients

there's a lot of potentially relevant discourse later on in the documentation there which you could repurpose pretty easily, or at least fit into what you want

Yes, you're right, I have prematurely written off this page, there is indeed a lot of good info here

Thank you for the help

nw, ping in #async-and-concurrency if there's any implementation issues

import websockets
import socket

any difference between them?

?

yes there is, sockets is generic and built-in

okay

websockets are a specific protocol i think

which one am i supposed to learn first

i'd start with socket

also i think websockets is async?

From https://stackoverflow.com/a/4973689:

Even though they achieve (in general) similar things, yes, they are really different. WebSockets typically run from browsers connecting to Application Server over a protocol similar to HTTP that runs over TCP/IP. So they are primarily for Web Applications that require a permanent connection to its server. On the other hand, plain sockets are more powerful and generic. They run over TCP/IP but they are not restricted to browsers or HTTP protocol. They could be used to implement any kind of communication.

okay so sockets then

yeah

import socket

with socket.socket(socket.AF_INET, socket.SOCK_STREAM) as s:
    s.bind((HOST, PORT))
    s.listen()
    conn, addr = s.accept()

what does conn and addr do

import socket

HOST = "127.0.0.1"  # The server's hostname or IP address
PORT = 13583  # The port used by the server

with socket.socket(socket.AF_INET, socket.SOCK_STREAM) as s:
    s.connect((HOST, PORT))
    s.sendall(b"Hello, world")
    data = s.recv(1024)

print(f"Received {data!r}")

s.connect((HOST, PORT))
ConnectionRefusedError: [WinError 10061] No connection could be made because the target machine actively refused it

??

Host and port are the same în both files?

conn is the object for the socket and addr gives you the address and port for the remote peer that connected to the server listening socket

if the server is using the same ip address and port that the client is trying to connect to i would say you have a host based firewall that is blocking the connection, which is kind of rare for connections to the local host loopback interface 127.0.0.1

oh, windows... check your windows firewall settings

and how do i do that..

sorry, not really a windows person, i'm on linux desktop since basically forever

okay it's fine

DO NOT use WebSockets when not specifically developing something for Web browsers

(I don't make and generally don't use Web applications or most of the modern Web for other reasons, but anyhow I vastly prefer native programs)

Do torrents create a true PvP connection between seed and leech?

if so how? does it all just boil down to the tracker giving the leech the seeder's IP and then the leech opening a socket pointed at that IP?

why not?
That's actually useful since it's a well known protocol, firewalls and other middlewares are well aware of it and it generally works well

Note: not meaning in a way to always replace sockets

recursive_error: Simpler technology (i.e. not basing application protocols session protocols on top of application protocols) has much less overhead
It is understandable to have WebSockets for Web applications because after all that's all Web applications could use

Also this question has been bugging me: Why would you use programs in browsers, usually hundreds of megabytes big, when a program of a few kilobytes (in case of programs I use) or a few tens of megabytes (in case of the casual user) would suffice?

hello there

i wanted to ask, how can we block a hostname from joining or even able to send packets to our server?

i would use a firewall in the network if it's available otherwise a host based firewall on the server it self
if you don't have access to configure such things you can configure your server software or change your code to pick up the remote ip address of the client and refuse those connections or requests depending on what level your code is working with

Not sure if you are referring to the hundreds of megabytes big for the browsers themselves of the javascript/html/etc.
But regardless, the benefits are that it comes down to making the deployment and updates so much easier and manageable, in addition to keeping the users captive. It also enables the consolidation of the backend (and thus mutualize some of the costs) and to deal with a level of complexity that cannot be contained to a single machine.
From a user's perspective, it provides me with a working environment, with my data, from anywhere at any time.

In the context of websockets, we could take coinbase as an example. They provide a websocket feed of the market updates.
On their side, scalability and reliability is solved with traditional tooling.
On the user side, users can use that in their frontend, or even write their own program, including python scripts, to connect and get their data. Since it's websocket, there are tons of libraries around.

and i'll add to what @cunning garden said by mentioning that it will most likely be less of a hassle to get the traffic through firewalls and proxies and one can easily reap the benefits of protected communications with the help of TLS which will be well implemented and supported by many different web servers and much easier to setup that way

and as to why someone would opt to use a "program" in a browser, because it doesn't require the user to install additional software on their computer, just go to a website and start using the service without much downloading, installing and setup

Hi guys, I don't even know if this is considered a "networking question" but I want to be able to run my python project on the cloud so I dont have to run it on my computer

its a super small script with a few 3rd party libraries

I looked at azure but dont even understand where to start... every tutorial I've seen seems like its answering different questions, and is way above my head at the moment

Tutorials don't really work all that well for this. best if you refer to Azure's documentation or go exploring yourself

Once you kind of understand how it works, it becomes much easier

If anyone has done this plz let me know. I have a multiplayer game using sockets and it works but only if both clients are on the same local network i would like to set it up where i can give this game to anyone and they can join a party but the only way i found out is enabling (Port Forwarding) which mean everyone has to enable it which is not what i want.

create a server software for the game that everyone can reach and connect to, that way none of the clients need to setup port forwarding as they don't connect peer to peer directly

So it seems like what you're doing right now is having your players setup their own individual servers and running into the issue of not all of your players network setting being configured to accept connections from the web.

One way you can fix this is bu hosting your own gameserver that all players connect to. They can create a party on your server and just share a code for others to join in

You'll have to maintain a record of all parties and players, as well as making sure that the server is up and running.

(Port Forwarding) which mean everyone has to enable it which is not what i want.
That is not true. Port forwarding need only be configured on the network of the server.

Hi, I am writing a client side driver to test and interface with a device. The device requires me to start the communication service, and after the start request, it will start sending UDP datagrams every 30ms. The device can send a few types of UDP datagrams, and they are variable length with different fields. They should be parsed according to their OP Code and length encoded into the header of the message. The problem is that the offset, or location, of those header fields is not consistent between messages. Frame of Type A will have the OP code at 0x08 offset from the start, where as a frame of Type B will have the OP Code at 0x04 from that start. How should I handle this?

anyone know how to use sockets to monitor the changes to a website

i think @barren flower is using a peer-to-peer network where each client need to connect to every other client
i don't think there is any server software created for this game yet other then the client it self
that's why i suggested creating a server that everyone that should join the same game connects to
then only the person running the server needs to port forward if it's not running directly on a public ip address already

you will need to poll the website with requests at an interval and compare the response

people do this,any idea why?

Might anyone have an idea to why a text-to-voice script I wrote isn't outputting any sound to the speakers when running the script over SSH on a host computer?

I am guessing it has something to do with how when you SSH to a host, you are created a child session, and for some reason this child session does not have access to the main host computer's speakers.

Hello anyone here i can talk to talk about servers?

Im making a game that requires data transfer and request from a server and my team is complaining about how this things work

Imo abuse

i would say that is @tired elbow opinion and is using "strong language" with the upper case text

i do partially agree that one would probably not be best served by using websockets outside of a browser environment in many cases and should opt for tcp or in some cases even udp sockets, unless you have specific requirements and have weighed your options carefully

reasons for using websockets outside of browser environments can be due to for example the server environment that has been chosen to develop the software on the server side

if it's sound out of speakers connected to the remote system you are running ssh to it can still be done but it will be much more involved to get it working

what's the complaint/problem more specifically?

That's called BCP 14 language, but yeah

I personally prefer SCTP

its complicated

i prefer to pm

i won't be able to dedicate my time like that as i'm doing other things as well
if you put it in the channel or in a help channel others can join in and help you with the problem

ok

sure, but as you might know it is many times interpreted as raising ones voice or even screaming then chatting, especially if it's not an abbreviation of some kind
and even in BCP 14 context it's meant to strongly or even forcefully convey ones intention/meaning and remove any ambiguity

SCTP is a nice protocol 👍
but can sometimes be hard to traverse firewalls with in more hostile network environments or if one needs to go through a proxy which might only allow proper http on port 80 and the connect method and proper TLS on port 443
on the other hand it can in other environments be easier to bypass the firewall with since the person configuring the firewall might have "forgotten" about the fact that there are other protocols on-top of IP then just TCP, UDP and ICMP 🤦 😄

Yeah, those are sad, but they are also uncommon
Also, there's SCTP-over-TCP

The main problem with SCTP isn't with routers; rather it's with NATs

s/TCP/UDP/

anyone here?

what should we do when we have slow internet?

that is really a broad question with too little context, i think you need to be more specific

Should I be running NGINX inside or outside of a docker container?

If it’s cellular internet, u can turn off backgrounds apps (that ur not using ).

it will help a little, about speed and also saving data

SSH doesn’t support audio unfortunately

I'm trying to establish a connection between 2 programs of mine who act as a client and a server.
However, the connection shortly ends after being established. Any help?
**Code is in #help-peanut **

pls help

Is there an E) all of the above

sadly

no

i wouldn't exactly say that d) is correct as it's not "the internet" as such that does the exchanging, it's clients and servers that does that, the internet just facilities the transfer of information between those, but now i'm being picky

the other three are true but due to confirmation bias in both search engines and social media platform I would say even if c) is true in theory, in practice it's mostly the other way around, you go deeper and deeper in to the same rabbit hole as what you usually search for and click on

hi guys. i'm writing a user guide for a company. the company i chose is smal and sell energi drinks or juice. so the question is, what kind of computers should they use. pc, mac or something else. anyone has some advice? 🙂

i don't think the #networks channel on this Python server probably isn't the right place for this question
but I would say it depends on budget (mac is expensive) and what proficiency the employees of the company has with the different operating systems
also, if the computers will be in a customer environment there might exist a consideration about what image the company project towards customers, depending on the demographic the company is targeting with its products

i'm discussing in python channel.:)

Is that original or fake?

i decided now that the company would have windows 11. . the operating system is microsoft 365,and i wrote about how to install it

the company is small. i have no idea how it works at the company . i haven't been there before.lol. but my teacher said that the company would open as new, and the workers do not know much about tech. cuz there was a question about how to install app programs

i think that makes perfect sense
cheaper than mac, and it's easy to find people that can both use and service an windows environment
just to clarify, it's windows 11 that is the operating system, not Microsoft 365, the latter is the office suite of programs

impossible to say from just a picture like that, and 802.11g looks like really old tech

nice, one more question.
what network do the company need? i suggested LAN. but waht do u think is better, connecting it wired or wireless? and what do they need to connect it?

to keep cost down I would suggest wifi, especially if they are going to use laptops
installing a lot of ethernet cable infrastructure can cost quite a lot and you would need to pre-plan the layout of the space and how many plugs should go where and its quite static

what kind of space is this, office or store?

i guess i don't need to think of the cost. cuz it is not real, but we need to write something about the network suggested for them. this is the question from the teacher(
What network will you set up for them - which one is ideal
)

store i guess

if it's a store there might not be a lot of computers and maybe not even laptops if there is fixed positions for the computers, then cable might make more sense

What do you recommend for me,
Also im thinking to buy the tp-link one

depends on what you are going to use it for and what your requirements are

how does it seem for the office?

Packet injection, monitor mode

🤔 all for "educational" or pen-testing purposes ofc?

Hello, does the socket library creates a server from scratch or does it just binds to server like a WSGI?

aha, that explains the choice of older tech such as 802.11g hardware
it's hard to find cutting edge or even current gen hardware that has drivers that can do that
some "alfa" stuff is good for that, depending on the chipset used
but that is as far as i will go on this subject because of:

!rule 5

you would create client or server software from scratch with the socket library

Hi everyone,

Currently I'm trying to install a Cloudflare SSL certificate on my server. I am following the DigitalOcean guide on how to do so, but once I successfully install the certificate as per Digital Ocean's instructions, my website stops working.

This is the output of sudo systemctl status nginx:

This is my Nginx configuration:```nginx
server {
listen 80;
listen [::]:80;
server_name api.website.com;
return 302 https://$server_name$request_uri;
}

server {
listen 443 ssl http2;
listen [::]:443 ssl http2;

ssl_certificate /etc/ssl/certs/cert.pem;
ssl_certificate_key /etc/ssl/certs/key.pem;

server_name api.website.com;

location / {
    proxy_pass http://localhost:8000;
}

}```
I am using a proxy_pass because I have a FastAPI API running locally on the machine.
Any ideas why my setup is not working? When I switch back to non-SSL and using port 80, it works fine.

Please @ me if you respond.

I’m attempting to send data collected by a python script to a chrome browser on another computer (both on same network) via WebSockets but when trying to establish a connection on the browser via JavaScript I get “WebSocket connection to x failed”

Scoured the Internet for a solution but no dice, was looking at other alternatives to WebSockets but again having trouble finding

we need a little bit more information on what you have tried on the python side of things, not the collection parts, the "send data to a chrome browser" part is probably enough
what are you using there, i.e fastapi or the websockets library directly?

Hello, about https and ssl certificates, does someone know where the certificate is located in the response? In the header? In the payload?
Like how does the client actually know this is https, instead of just http?

TLS/SSL does not live on-top of or inside the http protocol, the http protocol is running on-top of the TLS (what used to be named SSL back in the days) protocol (check out the OSI model)
the certificate is exchanged in a handshake that happens when the client connects to the server right after the TCP handshake has completed
after the client and server has completed first the TCP handshake and then TLS handshake the client can start issuing HTTP requests

I apologize, as this is not inherently a Python question. I just thought I'd ask here because of how good the help is here.

Currently I'm trying to install a Cloudflare SSL certificate on my Ubuntu server that uses Nginx. I am following a guide on how to do so, but once I successfully install the certificate as per the instructions, my host seems to stop working and Cloudflare shows an Error 522 when visiting my domain.

My Nginx Configuration: ```nginx
ubuntu:/etc/nginx/sites-available$ cat ascend.so
server {
listen 80;
listen [::]:80;
listen 443 ssl http2;
listen [::]:443 ssl http2;

server_name  ascend.so;
root   /var/www/html/ascend.so;
index  index.html;

ssl_certificate /etc/ssl/certs/cloudflare_ascend.so.pem;
ssl_certificate_key /etc/ssl/private/cloudflare_key_ascend.so.pem;
ssl_client_certificate /etc/ssl/certs/origin-pull-ca.pem;
ssl_verify_client on;

client_max_body_size 100M;

autoindex off;

location / {
    try_files $uri $uri/ =404;
}

}```

$ cat /var/log/nginx shows this:

2022/05/20 13:30:49 [error] 9267#9267: *113 rewrite or internal redirection cycle while internally redirecting to "/index.php", client: 45.9.135.234, server: ascend.so, request: "GET /phpMyAdmin-5/index.php?lang=en HTTP/1.1", host: "3.15.150.145"
2022/05/20 13:30:49 [error] 9267#9267: *114 rewrite or internal redirection cycle while internally redirecting to "/index.php", client: 45.9.135.234, server: ascend.so, request: "GET /phpmyadmin2017/index.php?lang=en HTTP/1.1", host: "3.15.150.145"
2022/05/20 13:30:49 [error] 9267#9267: *115 rewrite or internal redirection cycle while internally redirecting to "/index.php", client: 45.9.135.234, server: ascend.so, request: "GET /phpMyAdmin-5.1.1/index.php?lang=en HTTP/1.1", host: "3.15.150.145"
2022/05/20 13:30:49 [error] 9267#9267: *116 rewrite or internal redirection cycle while internally redirecting to "/index.php", client: 45.9.135.234, server: ascend.so, request: "GET /phpMyAdmin-5.1.0/index.php?lang=en HTTP/1.1", host: "3.15.150.145"
2022/05/20 13:30:50 [error] 9267#9267: *117 rewrite or internal redirection cycle while internally redirecting to "/index.php", client: 45.9.135.234, server: ascend.so, request: "GET /phppma/index.php?lang=en HTTP/1.1", host: "3.15.150.145"
2022/05/20 13:30:50 [error] 9267#9267: *118 rewrite or internal redirection cycle while internally redirecting to "/index.php", client: 45.9.135.234, server: ascend.so, request: "GET /phpMyAdmin-4.9.7/index.php?lang=en HTTP/1.1", host: "3.15.150.145"

That's very weird since I'm not even using PHP.

I see, so tsl/ssl is a protocal of the presentation layer in OSI model. So should the client build ssl/tsl request in the packet each time the client makes a request to the server? Or the server automatically nest the layer in the packets?

do you know what this client with 45.9.135.234 (the ip range is registered to Cable World in Spain) is?
otherwise it might be something that's just randomly probing the internet for vulnerable setups

I think it might be some random thing, I've never even used that.

As for the other issues, do you have an idea?

kind of, TLS stands for Transport Layer Security but really has a bad fit within the OSI model
my point was more that it's HTTP which lives on the application layer is wrapped inside TLS which in turn is wrapped in TCP and so on
and the certificate exchange will happen before any HTTP stuff and the HTTP stack don't even have to know or bother with if it's wrapped directly in TCP or has TLS sitting in-between it self and TCP, for the HTTP traffic it will be all the same
if it was a path it would probably look something like Ethernet/IP/TCP/TLS/HTTP

Ok, got it, thanks.
I just wanted to know if the client/common user/browser actually requests the certificate, or everything happens on server+authority, and then client/browser reinterprets the recv http as http(s).

the client/browser need to implement TLS and the certificate is sent to the client by the server as part of the TLS handshake and the client has to validate the certificate
but this all happens before and totally independent of HTTP, there is no special HTTP request for that or anything, you can run other protocols then HTTP on-top of TLS
https is just the combination of HTTP over TLS

i see that you are doing mTLS there with client side certificate verification
i guess that is to make sure that only CloudFlare can connect to port 443 on that server

So the client/standard browser (chrome, safari, firefox) add a TLS protocol nested bewteen TCP/HTTP, for every single request, by default?

not for every request, but for every TCP connection between the client and the server
then the client can often reuse that connection for many http requests

Ok, so when tcp connexion has been established between client and server; and ssl/tsl handshake made, then the proof of handshake/security would be somewhat stored in client's session until connexion closed

https://websockets.readthedocs.io/en/stable/intro/quickstart.html#connect-from-a-browser

yeah basically, i guess that is one way to describe it

Copied this example

Python side didn’t have any errors

Thank you

Does anyone have any experience with an AWS Lightsail instance not connecting?

I can no longer SSH into it. I have a feeling it might be ufw?

Hey, I am trying to scrape from a site which requires "validation_id". I have this id, but im stuck at how I need to post that in my header? any help very much welcome ( sorry if wrong channel)

Why does a short TTL help DNS load balancing? I thought it would just mean that the entries update faster but how does that affect the load?

would it not be the same quantity just with more up to date IP addresses (more or less)

it seems obvious/logical but theres a step missing in my head

with a shorter TTL you get the agility to move the ip addresses faster to rebalance the load or act upon failures quicker because the DNS entries will not be cached in DNS resolvers along the way for as long

correct, i see no other benefit to a short TTL than what i just wrote above, which seem to be along the lines that you are already thinking
are someone or some text telling you otherwise but without explaining why they say so?

Thank you, I’m not sure if Im taking it too literally but why does this aid load rebalancing if if is simply updating addresses rather than redistributing them between servers?

(sorry for the terrible drawing art is certainly not a strong poinr XD)

The old entries are updated faster that makes sense but if its the same number of entries (green stars), which are being "replaced" with the updated entries (blue stars) then how does this affect load balancing - i kinda am reasoning it as the same number overall

I think I have missed a logical step or have not got a correct understanding of DNS load balancing

before you go in to DNS load balancing, do you have a deep understanding of how the DNS protocol works?

i hope so but if you have time to go over it then please do, then I can check my understanding

I understand how DNS resolves domains to IPs if thats what you mean, if not then no

and i assume load balancing is just the same as general server load balancing

going into how DNS works in depth will take way to long to write here, but maybe i can skim it a bit

^

a client want to look up a name, lets say a client wants to look up www.google.com
the client will typically use the stub DNS resolver built in to the OS to request that information
the OS has the IP address configured to one or more DNS resolvers that it will send such requests to, it doesn't do the heavy lifting it self

yep

the DNS resolver will look in it's cache to see if it can find an A or CNAME record for that name, if not, it needs to look it up
to look it up it will start to see if it has a cache entry for one or more NS records for an authoritative name server for the domain google.com to ask for such a record

yep

if not, it needs too look that up first, and it will check for a NS record for com to ask
if it doesn't have such a record it will look in it's root hints file to find the root domain servers to ask them about an NS record for com

i learnt as like browser -> root dns -> TLD -> domain nameserver -> ip adress sent back to broswer

(theoretically all the above may not be necessary)

once it gets an answer it will cache it for the number of seconds that the TTL says it can cache such an entry

okay does that vary by server or by entry

nope, that's not how it works

;-; okay ty

your above explanation makes sense

it can varies by entry, but many times it's set for the whole zone and then you can override some entries with longer or shorter TTLs

every resolving DNS server has something called "root hints" which is a list of hostnames and ip addresses for the global root servers
each entry is typically an ip address that is not for a server but instead an anycast address that will be load balanced between many servers spread over a big area and many different data centers and ISP:s to create high availability of these servers

anycast is a whole subject by it self and is a very powerful tool to spread load from clients around the world and achieve high availability for the service, but for right now i'll leave it at that

thats okay, thank you

what OS are you running?

(I will make a note of it and look into it)

i use several machines they run windows & linux

traceroute dns?

any unix/linux like environment where you have the dig command will do if you want to follow along with commands

okay

yes please

lets say you where a DNS resolver that a client has configured as it's DNS server, you would have a list stored on the server, the content of that list would look something like what you get if you run
dig +noall +additional @a.root-servers.net . NS

that is very cool thank you

the DNS resolver server would use one of the IP address from that list and ask it for the a NS record (the DNS servers) for the .com domain, you would such a list if you issue the command
dig @a.root-servers.net com NS

oh okay yes!

btw what does the 2nd column denote

the 6 digit numbers

using that list it would pick one of those entries that contains the authoritative DNS servers for the .com domain to find out about the authoritative DNS servers for the google.com domain
dig @a.gtld-servers.net google.com NS

okay I see

the second column is the TTL, the maximum number of seconds that the DNS resolver may cache the entry for

oh okay and they are consistent (in the list) since they are the same zone?

that is how it usually looks but they can be different, but typically they will be the same within one zone

dig is a tool from the bind DNS server software package
the output of dig almost the same as the zone configuration file could look for bind (and many other DNS servers as well)

the resolver server would do this walk all the way until it either has NS entry that matches the domain it is trying to look up or until it gets a negative answer

so we'll do dig @ns1.google.com www.google.com NS

and we have our negative answer, because there is no DNS server for www.google.com, but there could be

yes

it is clearer with the examples, thank you

now that we know that www.google.com doesn't have it's own authoritative DNS we will query the last authoritative DNS that we got about an A or CNAME record for www.google.com

dig @ns1.google.com www.google.com CNAME will be negative
but dig @ns1.google.com www.google.com A will give you a positive answer

you'll also see that they have decided to give this A record a lifetime of only 5 minutes (300 seconds)

now the DNS resolver server can reply back to the DNS stub resolver of the OS that was forwarding its DNS request to the resolver server

and the resolver server will typically be caching all those answers to reuse all or parts of that information the next time it needs to do lookups until each entry expires

the OS will let the browser know which IP address to connect to to reach the web server for www.google.com

the whole DNS infrastructure and the domains can be seen as a tree structure

all in a few seconds as well that's pretty cool

further down tree = more precision?

i will google an image

probably within one digit or low two digit number of milliseconds even

wow

that's incredible

not more precision, at the root you are as far from your final destination as you can and then you come closer and closer to your destination

i put the root at the top my bad

family-tree style

that's fine, you can see it as an upside down tree too, that doesn't matter much but you work your way from the trunk out further and further out the branches

yes getting bit by bit to the actual place you want

i need to go afk for about 30 minutes, then i'll be back

that's okay I am much happier with this now

thank you very much!

exactly and the client computer doesn't even have to do this work

the walkthrough with commands helped a lot it's much better to see something real rather than theoretical speculation

thank you

@scenic vortex now i'm back again

hello

at the same time you learn how to troubleshoot DNS problems by walking the tree by hand

as you could see when running the dig command the hostname or ip address after @ sign is the server you ask and then you specify the DNS name that you are going to ask about and then you may also include the record type that you want to ask about

and as you saw you got multiple answers for some queries and single records for others

when you get more then one record it's typicly refereed to as a RRset (a set of multiple Resource Records) and you can pick any one (or even several) of them for your next operation
the responding server usually will shuffle the order of the records around when sending them just in case it is sending it to a dumb receiver that always picks the first or last record to spread the load, but the receiver should pick any and not just the first or last one, so it's just a precaution

here you have the first example of load balancing in DNS, to spread the load among DNS servers for NS records and between other servers for other types of DNS records

but this way the DNS server doesn't really have any control as to which record will be used

an authoritative DNS server that is handing out the leaf node records such as A records and CNAME records can decide to give out different answers to different requests

this still isn't very granular as the requester is probably a DNS resolve server that is serving many clients and will cache the answer and then just serve that same answer to all it's clients for the duration of the TTL without asking the authoritative DNS server again until the record expires

@scenic vortex remember that i'm skimming through this here, the resolver server is actually doing even more steps when walking the tree that those dig commands hiding

okay

this is cool for now

remember when we asked the root servers that we already know about from the "hints" file?

yes

the request and answer would rather look more like this the following dig +noall +auth @a.root-servers.net com NS

(btw just realised will have to go in 10 mins wasnt keeping track of time ;-;)

you notice that you are not getting any ip addresses for the DNS servers for those requests?
it will have have to look them up too in the same manner before it can proceed unless it receives something called "glue records" (bonus answers that it didn't ask for but that are related) in the additional section of the answer

okay, anyways we have just started to touch upon the load balancing part of the story

but this is basically what is happening every time a browser, your python script or other program want to look up a hostname to get the ip address of where it should connect

thats awesome

i think you can also begin to see how using DNS for load balancing servers is a pretty coarse and blunt tool, but it's still useful if you use it in the right way

typically you use it on a high level and then you use other types of load balancing where you have more control closer to the servers

yes

so you might use DNS to load balance traffic between IP addresses that is handled by other types of load balancers to spread the load between them

like a load balancing for the load balancers or to direct traffic from one part of the network or the world towards what the DNS load balancer believes to be the closest server farm to the requester, which will typically not be the client it self but instead the DNS resolver server that the client is using

if you don't have any load balancer you can use DNS as a poor mans load balancer by just sending out multiple records so that the clients will spread the load amongst all of those servers that the records are pointing at, but without much control over the process

I am afraid I g2g, thank you very much for all your guidance and teaching @cloud spruce it was brilliant

(i will be able to read anything when I log back onto discord tomorrow if there is anything you recommend I should look up)

well, hope you got anything out of it 🙂
see you around 👋

thank you for your time it has been extremely helpful

your welcome 🙂

Hi anyone have experiance using Flask-user library?

you'll find lots of people that knows Flask and it's related libraries in #web-development

I did ask.. But no one replied.. I hope someone will reply

Does anyone have a good list of proxies?

Hey network peeps,

I just released a new library, CIDR-Bottle: https://pypi.org/project/cidr-bottle/
CIDR-Bottle is yet another implementation of a Patricia Trie for handling network routing information (such as ROAs & Routing Tables) for reconciliation.
However, unlike other implementations it supports both sub-tree checking and longest-prefix matching.

I know there are others out there, but they were either missing features, or just weren't pythonic, so I wrote my own.
I would love some feedback (hopefully either positive, or at least constructive).

hey, i am kinda stuck
how do i use rcon to send and request commands, i am getting timeouted always

!code instead of screenshots of code please

and are you running the game server on the same computer?

what's with the bottle/drinking naming? is it a reference to something?

probably just a joke since CIDR almost spells and sounds like cider

https://tenor.com/view/over-my-head-no-nope-gif-7356334

that seems plausible 🙂

yes

from rcon.source import Client


def main():
    with Client('127.0.0.1', 25575, passwd='test123') as client:
        response = client.run('listplayers')
        print(response)


if __name__ == "__main__":
    main()

error:

rcon.exceptions.SessionTimeout```

i try to send the rcon command to my local gameserver

what os is it running on?

windows 10

have you changed the port for your server?

By default, SRCDS listens for RCON connections on TCP port 27015.
can you run the following in powershell and make the window a bit wider before running the command to show that something is really running on that port?

Get-NetTCPConnection -State Listen -LocalPort 25575

can you paste the output of that command in here?

doesnt work says check request arguments

@cloud spruce

oh, theirs your problem then, nothing is listening to that port, so that's not what your game server is listening on or it's not currently running
if you instead run the same command but without -LocalPort 25575 you will get a list of all the ports that has something listening on them

the error messages are really crappy though, it should instead say what is actually wrong or give an empty list as output, but no not microsoft...

alright i got a list and now ?

@cloud spruce
port now open

still error: rcon.exceptions.SessionTimeout

did you start the server?

yes is running

or need restart?

i restart to be sure

still error sir

don't think so, it's running now according to the output in powershell
now it's probably your windows firewall that is in the way

i opend port for incoming and outcoming on my windows firewall

for udp and tcp

incoming tcp on that port is what you want to open for
should be enough

it is

server and python file are local

and your not running python in any virtualization such as wsl/wsl2 ?

idk tbh i use standard of this

you're probably okay then

@cloud spruce i check logs now it sends to console hello, but it gives timeout error

and cant request data to print user list etc

rcon.exceptions.SessionTimeout

If I have a API request that requires a machine learning model to run (1.5 minutes), should I respond with 200, store the job in a database and then process the request after that? And in the frontend, I just query ID to see the job status in the DB?

if you run that powershell command again and look at the numbers under OwningProcess and run this command with those numbers at the end instead of numbers_here

Get-Process -Id numbers_here

this?

gives error

ah wait

@cloud spruce what now sir?

you see the name at the end there, is that the name of the server program that you expect to be connecting to?

yes thats the server

yes, the numbers has changed since you restarted the server process
but looks like you figured that one out already 🙂

yes

hold on, i'm looking up things as i'm not used to windows, i'm on linux since more or less forever

alright thank you very much!

in powershell, try:

Test-NetConnection 127.0.0.1 -Port 25575

looks like your firewall is giving you trouble still

i also updated the command above to say 127.0.0.1 instead of localhost so that it does the same thing as your program and doesn't try IPv6 (the ::1 that you see in the output)

could be one way, the people in #web-development or #async-and-concurrency might have ideas on how to run a long running process under the framework that you are using

what happens now if you try to run your python code?

same

rcon.exceptions.SessionTimeout

@cloud spruce

server sees the rcon request btw

that is defensively a step in the right direction 👍
does it say the same in the log if you change the password in your code to something that you know is wrong or does it say something else or nothing then?

rcon.exceptions.WrongPassword

in code

@cloud spruce

good, then we know a 100% that the password that you where using was the correct one, you can change it back again
is the command listplayers the right command?

still same

yeah it is

@cloud spruce

strange, because you get some warning in the server log
at least we know the server now gets the connection and the command
so that much is at least working now

yeah, do u think we can get it fixed?

there must be something wrong with either the game server software or with the code, since we now know that the connectivity works

Hi I have a very basic networking question. I have a server that is sending me UDP packets from address 10.0.0.10, port 2000, to my machine at 10.0.0.101, port 54874. I am trying to receive those packets using a python script. Do I create a socket and bind to the remote machines address and port? Or do I bind to the local machines ip and port?

I have tried both, and am still failing to receive the appropriate packets. As its UDP, do I need to set my receive buffer to the exact length of the message?

on their docs

    try:
        with Client('127.0.0.1', 5000, timeout=1.5) as client:
            with Client('138.201.62.108', 27216, passwd='prastacruc') as client:
                response = client.run('listplayers')
                print(response)
    except socket.timeout as timeout:
        print(' >> timeout')```

i did this

and got timeout

@cloud spruce ideas?

this doesn't look like it makes any sense

        with Client('127.0.0.1', 5000, timeout=1.5) as client:
            with Client('138.201.62.108', 27216, passwd='prastacruc') as client:

your trying to connect to two different servers
one on you localhost 127.0.0.1 and TCP port 5000 where you don't have a game server running and without any password, this will of course fail with a timeout
if it had not failed you would have connected to the remote system with ip address 138.201.62.108 and TCP port 27216 with a password and overwriting the variable client that was set previously, but that will not happen since the previous connection attempt fails and the code never reaches this point
i think you're looking for something like this:

    try:
        with Client('138.201.62.108', 27216, passwd='prastacruc', timeout=1.5) as client:
            response = client.run('listplayers')
            print(response)
    except socket.timeout as timeout:
        print(' >> timeout')

if that is the right ip address, tcp port and password
then you probably want to change your password as well

@cloud spruce hey bud i use mcrcon as module now that works instantly without errors