#networking

@pseudo blade should i get the Ubuntu server version or regular?

Ubuntu Server.

ty

witch one lol

the size of em are vastly different

nvm got it

18.04 LTS.

Gets support for longer.

Version names are year.month

Also those are the bittorrent links.

Totally cool if you know what you're doing, but you might prefer one of the alternative download options.

@pseudo blade Would you happen to know the general category name of routers?

Like how desktop computers are considered to be Edge devices, or endpoints

what would routers be called for a category?

Depends on where they are.

Well I wanted to have a way to differentiate them between the duties of a switch and router

It'd be an edge device if it were a CPE, for example.

Cisco used some terminology for that but I cant remember it

duties of a switch and network Could use the OSI's layer 2 and layer 3 terminology.

oh I guess that works then

Today I was going to setup SSH keys to log into my networking gear

I noticed that it is not secure to use username and password

Yea, routers can be many names. They can be core routers, infrastructure routers, edge routers, etc.

Basically what I was trying to do is give it a category so I can match credentials to SSH entries I need to use it with

so it would be like Edgerouters - SSH credentials

or Access Layer - SSH credentials

like that

For some organization

Cisco had a really nice name for it but cant remember

Yea, Cisco loves their nice names

Is it a bad idea to use the same password for a few ubuntu servers?

Yes.

In the DC you have TOR, EOR, MOR, etc.

So, I should expect to change them all

I have a password manager here

For routers, depends on the role. Access router, distribution router, core router, etc.

@clear igloo Yeah, names that would allow it to be specified granular like that

Changing the password in Ubuntu is as easy as sudo passwd <username> I suppose?

Or just passwd if changing your own.

Okay. And if root has no password on it, it cant login i suppose?

I can just ignore it?

Depends on your config.

I think ubuntu disables it

Yea, Ubuntu disables root by default though you can re-enable it

By default.

Oh thats good. Yes I did not change the defaults

I also started to run services with their own user account instead of running them as root

Good.

I was getting scared because if the service would somehow go rouge or have an exploit

they would essentially have root access to whole server

Had a look into containers?

Just docker for now

Might be useful for you.

Docker works.

I use it for LibreNMS

their docker container

Had a look into running other services in it?

Not yet.

It's useful if you want to constrain applications and their dependant resources.

I can restrict a container to... say... 1GB RAM or bind it to a specific IP or interface or even restrict CPU usage.

I did not know it could restrict resources too

That sounds like a VM i guess

I've only just deployed it not really understand fully Docker

I can block off access to all bar a virtual filesystem, or let it see just part of the local filesystem.

It's not really like a VM because you're using the host's kernel.

Hmm

Can't run Windows in one on Linux, for example.

Or vice-versa.

Right right.

Microsoft's running a Linux VM in Hyper-V when you start Linux containers on Windows.

They can't run natively unless they are Windows containers.

good to know

Is it a good idea to have many different usernames or is it okay to use the same username but always a different password on each device?

I like having the same username with different passwords. Then, when I ssh, I never need to enter the username

^

Or tie everything to an AD and then you can use the same username/password for it all 😛

Okay thanks

I am redoing a lot of credentials and stuff

and this idea just occurred to me

Yea, if you have a lot of devices and especially a lot of people accessing them, AD is rather helpful.

I agree. I have ad authentication configured for some esxi servers

LDAP is the open method of doing it?

OpenLDAP, yah

And I have a question: I did a network capture looking for SNMP packets and I saw that the packets expose my username via SNMPv3

Is that normal for it to do that?

Then it says this

@fresh copper I got it working by just using a pfsense vm in esxi and it seems stable

I'm a simple men, I see priv Key I think SQL

haha

Why does edgeswitch default with snmp on

it was set to 'public' community string

My ERX had SNMP default off but even though it said it was off, it was secretly on, with public community string

Thats a problem. And this thing was running for a full year

Well, glad I caught it now vs later

Is there a reason why edgeswitch only supports priv-des for snmpv3?

@little schooner @fresh copper Yeah, cisco is hard on the after-fees...that’s a shame. I still gotta get a cisco router for the 100 fiber tho.. why can’t ubiquity have one of those, it would be so much easier to manage everything from 1 place. Idk, I like ubiquity’s gui a lot, but...the cl is much better on the ciscos. Well, back to square 1 i guess..

Edgeswitch cli was a little clunky to work with

edgerouter was okay

I actually found a bug with one of the command statements with setting up snmp. It fails to validate username and group names to not have dashes or underscore characters. When you go assign the user to the group, the message says it detects illegal characters. They don't say where, though!

It turns out the username entry was causing it. So it turns out that one command statement is validated while some others are not. Very dangerous if its the wrong thing

Lol, it didn’t know that happened. Now i do thx ✌️

Edgerouter is a major step up

is that a safe brand? https://www.ebay.com/itm/Tenda-Nova-MW3-3-pack-Whole-Home-Mesh-Router-WiFi-System-Coverage-up-to-4-00/223112226295?epid=13025722218&hash=item33f28665f7%3Ag%3ACBUAAOSwh49bfKwc&LH_BIN=1

@white coral Never heard of it

@white coral https://www.amazon.com/eero-Home-WiFi-System-Beacon/dp/B0713ZCT4N

That one is what amazon bought and it has high reviews

hahaha

no

its high up there because amazon owns thew ero brand

What do you call the covers on the wall that hides ethernet wire and power cables?

it's like a long white channel-thing that runs up the wall with openings at both ends

but I can't find the name of it

outlet covers

?

@white coral hmm I don't think it's that. this Cover basically attaches to the wall and is like 10 feet tall. Throughout the length, all the wiring goes into it from the bottom and is hidden in the cover until it reaches the top

at the top is where you connect it to other hardware

on the wall, it looks like it blends in, showing no wires at all

conduit

I just found out that if you use 8.8.8.8 or 8.8.4.4, publicdns.goog resolves to those same IPs. locations.publicdns.goog has a TXT record with all of the IP prefixes that they use and the airport code of those prefixes

@fresh copper neat find

@ancient vigil hmm thats what shows up on store sites?

Hmm, not those

It is more like a cover that attaches to drywall

and then under it you run the long cable

akin to like hiding the wires for a wall mounted TV

with a white trim cover running up a wall

But the opening needs to be a little big bigger than that

I need to fit like 40 cables

And run them up the wall (can't hide them in the ceiling, etc)

Yeah, except running vertically

like 10 feet tall going up

Like this?

instead of running sideways in the wall like that

yesssss that!

But bigger openings than that

https://www.google.com/search?q=wall+cable+covers

Like the size of a triangle duct vent

I guess like this but I need it much bigger

hmm I will search that term

Wow, basically something this big

but that one doesn't mount to the drywall

that makes a hole behind the wall

Im getting closer, conduit term helped narrow the search

You might have to do multiple runs side by side for 40 cables

is anyone from france here ?

Does GRE Tunnel add latency?

You generally won't find much more latency from connecting directly to a device vs over a tunnel however, if you are accessing something other than the device tunneled to (for example, you tunnel to a friend and then access google over it), will have higher latency than just over the internet because you have to access that service via some other device. If you imagine a triangle with your device, the device you are tunneled to, and the device you are connecting to, the direct path will be faster than the one that goes though that tunnel. If you give me some more information on your specific situation, then I can help more

im trying to forward a TCP port on my router but im not sure which part goes in the external port box and what goes into the internal port, also for the IP bit i know you need your pc/device's static ip but im not sure how to find that, please tag me if you can help or dm me

CMD ipconfig -all

It should show you your Physical Address for your NIC.

@bright forge Basically, whatever port your are forwarding goes on both the internal and external port. There are situations where you would not want this but it is unlikely that you are in one of them. As the guy above me said, use ipconfig -all in cmd (you can open one up with Windows Key + R then type cmd then press enter) on Windows or ifconfig on macOS/Linux

The physical address is a set of letters and numbers for me. Format Ex. A0-A0-A0-A0-A0-A0

That is your MAC Hash.

do i want the IPv4 address?

What are you trying to look for your systems internal IP address?

my static ip for my pc

I think if I remember correctly it should be the IPv4 Address.

I could be wrong though.

192.168.x.x usually

mine is 10.167.x.x

Just google how to find your static address.

i did

Ah, yah, 10.x.x.x is also private

Do you have a Comcast Gateway?

idk

the router im trying to portfoward on is a wrt1200ac

CMD should tell you what your internal static IP is.

yup

also just wondering, for me the DNS servers thing and default gateway are the same, shouldnt the DNS servers thing be in the format of like x.x.x.x

For ipv4, yes

DNS Domain Name Service is what your network uses to resolve IP address to domain names.

the reason im trying to portforward is to setup this thing called Remotr where you stream your pc to your phone or other pc or whatever device your using, and to set it up for like say my phone was on a different network then my pc, you have to portforward a certain port which was TCP port 8193

Generally you shouldn’t change this unless you really know what you’re doing, or unless you using some type of VPN with a custom DNS.

whelp ill have to do this later cause i gotta go

thanks for the help tho

I did my best.

¯_(ツ)_/¯

@bright forge don’t worry that the DNS server and default gateway is the same. Your router (the default gateway) also has a dns resolver built in. This is a good thing as it allows better caching and other benefits

Except for the DNS amplification attack

1.1.1.1

  1.  1.  1.  1
  1.  0.  0.  1
  8.  8.  8.  8
  8.  8.  4.  4
  9.  9.  9.  9
149.112.112.112
208. 67.222.222
208. 67.220.220
 64.  6. 64.  6
 64.  6. 65.  6
198.101.242. 72
 23.253.163. 53
176.103.130.130
176.103.130.131
209.244.  0.  3
209.244.  0.  4
 84.200. 69. 80
 84.200. 70. 40
  8. 26. 56. 26
  8. 20.247. 20
 81.218.119. 11
209. 88.198.133
195. 46. 39. 39
195. 46. 39. 40
198.206. 14.241
172.98.193. 42
208. 76. 50. 50
208. 76. 51. 51
216.146. 35. 35
216.146. 36. 36
 45. 33. 97.  5
 37.235.  1.177
 77. 88.  8.  8
 77. 88.  8. 1
 91.239.100.100
 89.233. 43. 71
 74. 82. 42. 42
109. 69.  8. 51
156.154. 70.  1
156.154. 71.  1
 45. 77.165.194
185.228.168.  9
185.228.169.  9
 99.192.182.100
 99.192.182.101

Those are the main trustworthy ones

for some reason, ManageEngine's OpManager would not work with snmpv3 reliabily

Does EdgeRouter have a bugged version of snmpv3 or something?

it's crazy and frustrating

@fresh copper I see 75.75.75.75 is missing,

So I've been digging through the datasheets for Mikrotik's products and I've noticed something very interesting. It seems that at least two of the listed "architectures"... Are precisely the same. SMIPS and MIPSBE appear to be one and the same, and the differences are likely purely to wall off specific features from specific devices.

I'm aware there's are actual Simple MIPS architecture... but the SMIPS devices use precisely the same processor as some other MIPSBE products and an architecture change in that scenario is completely impossible.

@unreal wedge yea, there are a few more. There are also the alternatives to the old L3 ones at 4.2.2.1, 4.2.2.2, 4.2.2.3, 4.2.2.4, and 4.2.2.5. Plenty of ISPs have them too and there are a huge number of small ones

The database I have shows 15,989 servers in total

i have 1 server on cs go

So i got a domain controller with 2 network adapters, 1 to go outside to the internet(bridged) and one LAN but for some reason any devices that are connected through lan do not get internet while the DNS does translate domains to an ip for the connected devices and the DC has internet

@rocky badge ^^

🤔

did you try restarting the domain controller?

are the clients getting the right dns servers from dhcp?

I restarted it a lot xD

And the dns works

Do they have a properly configured gateway?

are they using a hosts file?

did you run ipconfig /flushdns on all the clients

can the clients ping 8.8.8.8?

Is your network firewall preventing access?

lots of things

The clients cannot acces the internet in any way, but if i ping a domain the DNS will send the ip for that domain, i didn't touch the hosts file at all, flushing the dns doesn't help, the gateway idk at all and all firewalls are off

and you are sure that you setup the Forwarders on the domain controller correctly?

Idk how to forward properly

I cannot find any documentation on forwarding

It would be in the DNS management console on the domain controller

right clicking the server > properties

sec, lemme load these

Forwarders tab

Which will take like 10 minutes lol

whoa 10 min

okay

I will be driving so I won't be able to respond for a little bit

I should have put it on my ssd, not my hard drive xD

yeah if you could that will help

dramatically

Not much space left on the ssd

And the 7 snapshots don't help

I can't actually test it here though, i'm on another network now so the bridged adapter breaks

But yea, forwarders uses 8.8.8.8 which works just fine

@daring plover okay. What is the output of tracert 8.8.8.8 on a client device?

Can you post it

We need to find out where its dropping along the path

Currently i cannot test that as i'm on another network so the bridged adapter breaks but i did it before and it couldn't get past the LAN adapter of the DC

I cannot even ping to the bridged adapter on the DC

What appears to be the problem?

What do you mean by the bridged adapter breaks?

I'm on another network now so the config for the bridged adapter is incorrect and if i change that the DC will mess up

So currently i cannot test

I can only check if i configured certain things correctly

What is it that you’re trying to accomplish exactly? Bridging two networks together?

I got a DC connected to the internet through a bridged adapter and it has another LAN adapter through which everything else is connected to the DC

But for some reason i cannot get internet on everything that is connected to the DC

DC?

domain controller

Oh, uhm. IIRC, in order to bridge two networks together you essentially need one end of the bridge to be connected to one router, and the other end of the bridge to another router.

There have to be other ways

I mean, there probably is but I’m not sure of how to help you on that.

I’m sorry.

Imma drop this here though, should help

It’s blank?

Nope

You probably cannot open it because the teacher made it with something strange

libreoffice can open it though

My best recommendation for you is to use the OSI Model and or the TCP/IP stack to diagnose your network problem.

Start from layer 1 and up.

We were told to ignore the OSI model completely

Why?....

We don't have to learn that, we don't know shit about it

They consider it worthless

Bro, that’s crazy.

It’s actually really helpful sometimes.

@thick minnow it's like the best network troubleshooting tool

@daring plover not sure why they don't have you learn that

you won't be touching my network without an understanding of it

and Cisco will say the same

Depending on how you use it, it’s pretty much the only way to diagnose any network problems.

We mostly hate cisco xD

And i personally see 0 use in the OSI model

Well, what model are you using?

DoD model?

None

Uhhh....

Why?

The wing-it model?

More like the, wait why isn’t this darn thing working model.

I don't get how the OSI model can be usefull though

I highly suggest you educate yourself on it.

We just look where the connection runs into issues, but we don't care about the layers

hmm

that's different

It doesn’t particularly matter what vendor and or brand you’re using for your networking hardware, but the OSI model or the TCP/IP stack is universally useful to know.

My clients etc can reach the lan adapter on the DC and the DC itself including the DNS though but it cannot reach the bridged adapter for some reason

I’m telling you, use OSI or the DoD model to diagnose your problem.

Google it.

I don't see how it could help

I just follow the connection for as far as i can

It only helps if you understand how to use the model

Ever heard of something called the process of elimination?

I'm out of things it can be

We spend hours trying to fix it

Verifying pretty much everything

We're missing something but are completely clueless as to what

I wonder why....

If you want to properly diagnose and resolve network issues, you need to understand how networks generally work, which is why you should learn those aforementioned networking models.

Ik how it works, but there is no need for any model for that

The fact that you say that, is worrying to me.

We even consider 2 layers of the OSI model non-existant

What is bad about learning a networking model? Elaborate please?

No use, we simply know from where to where the connection goes

It is pretty darn logical

I’m telling you, if you used the OSI Model and or the DoD TCP/IP stack, you would have resolved your problem fairly quickly.

Since you don’t seem to think it’s necessary, well...

Best of luck to you.

I have followed the connection to where something goes wrong but i cannot figure out what

The OSI model will not help me there

I already know around where the issue is

Look, I’m not going to argue with you. You do whatever you want.

I’m just saying In the real world most people will use/know those models for troubleshooting network issues.

I just don't fully know how to connect the 2 adapters properly

There is no documentation on it

I'm mainly guessing whatever may work as there is no other option

There is no documentation and i tried whatever i could, what else can i do?

Aside from asking people that did manage to do it before

@thick minnow

Yes?

Read

I did, I still stand by my previous response.

The OSI model simply cannot help there in any way

A lot of layers already fall away in this case

For some unknown reason the domain controller just cannot forward 1 adapter to the other

And i'm out of ideas

Sorry, I can’t help you.

Better ask someone else who knows the technical setup of your layer 2 or 3 devices.

@little schooner Could you maybe help me out?

Anyways, i'll be back in like 30 minutes

had no idea an adapter with bridge abilities was in the mix

can't directly attach it to a router or switch?

Reduce the problem

I'll just get back to this tomorrow, this issue is pissing me off too much right now

The reason this issue is pissing you off is because you don’t know what the issue is, and you won’t know what it is until you narrow down what layer in your network the problem resides.

That is what the OSI or DoD model is good at.

Additionally, once you narrow down what layer it is, you can start diagnostics on any hardware on that layer and see how the hardware is configured. (Most of the time it’s a configuration error.)

Finally it’s always a good idea to check your actual physical topology and make sure you connected everything appropriately.

That is my final advice to you.

LOL, "OSI model not useful".... Problems can exist anywhere in there and if you don't start with one layer and troubleshoot that and move on up (or down) then you'll never figure it out, you're just throwing crap and hoping it sticks

Start with Layer 1, make sure the cables are properly run, optics are good, etc. and then move up to Layer 2. Do you have a MAC address entry for that device on the adjacent box? And just work your way up from there

could anyone here give me a hand with some route adding/deleting, so that I don't accidentaly delete my internets?

On what os?

windows 10

i'm trying to route all traffic to a specific IP (dota 2 server) through my 4g adapter, and everything else through ethernet, and i think i know what i have to do.... i just don't know the entries i have to type

route ADD (network) MASK (mask) (IP of the adapter)
so if it's a single address for example
route ADD 1.1.1.1 MASK 255.255.255.255 192.168.100.1

or route -p if you want it to stay around after a reload

to delete it just do route DELETE 1.1.1.1 and that's it

uh...

the forum post i found said to delete the active route that has the 4g adapter gateway first, is that correct?

No, ethernet should be the preferred route but if route print shows the 0.0.0.0 route going to the 4G adapter then you'll need to reconfigure it first

it does.

both are 0.0.0.0.0.

-1x0

Can you post a screenshot of those two?

Or what is the Metric for both?

the 42.129 is the 4g adapter

the .1.3 is ethernet

odd, usually one has a higher, less preferred metric, let's make that happen first. Do, route change 0.0.0.0 mask 0.0.0.0 10.168.42.127 metric 100 IF 9
If the 4G adapter is the Remote NDIS device

it is, lemme do that

if it's not then replace the 9 with 4 for the Asus NIC

ok, cool

when you do route print again there should only be a single 25 metric

route change 0.0.0.0 mask 0.0.0.0 10.168.42.127 metric 100

like that?

yup, need to put IF 9 at the end

got an OK

cool

do another route print, let's make sure 😃

route print now shows only 1 with a metric of 25

the other has changed to 125

cool, now it will use ethernet by default and 4G only if ethernet goes down for most traffic

Now we can add in the specific route for the DOTA2 server

ok cool, so route add... 209.197.29.1?

I’m actually reading about IPv4 and IPv6 Addressing in my Networking Course that I’m taking.

route ADD 209.197.29.1 MASK 255.255.255.255 192.168.42.129

route -p ADD 209.197.29.1 MASK 255.255.255.255 192.168.42.129
will make sure it stays after a reload

can i just add a second one? dota 2 has 2 servers

Yup, follow the same syntax

It’s Chapter 5 on the uCertify CompTIA Network+ Certification course I’m taking,

Nice, how are you liking it so far @thick minnow

So far so good, yesterday in class my professor talked about Ethernet Technologies etc..

Switches, VLANs, Trunking, PoE, etc..

@thick minnow All good stuff

vlans especially

@empty cosmos Try a traceroute to 209.197.29.1 and see if it goes out the 4G adapter, just to double check

My school offered Cisco netacademy for my studies I did all 4 levels of network classes

packet tracer is awesome. to help learn

how do i... do that traceroute thing again? XD

just ping it?

tracert 209.197.29.1

My professor also talked about Port mirroring, link aggregation, and he also showed the class the in the lab portion of the class how to initially set up a switch.

I like studying networking stuff. 😃

Yah, it's a fun field 😃

it's fun. I see it like a game

not even work

jolly fun o_o

first hop went to 192.168.42.129

which is

4g?

Yup 😃

If you enjoy what you do in life, it’s never work.

sexy

Exactly, I've been working as a network engineer for 5 years now. Haven't really "worked" a day yet 😛

@thick minnow I used port mirroring the other day to troubleshoot snmpv3

by far, super helpful with wireshark

Yeah Wireshark is pretty neat.

Just don’t use it on “open” networks. 😉

haha, or don't spin up nmap on the corporate network >.>

ok so, real important question

is there a command to default everything back to normal?

no default command but if you do route DELETE (network) then it will remove the entry

I’m also studying Ethical Hacking and Network Penetration Testing on the side kinda as my hobby.

It’s also a very cool field.

ethical hacking is pretty dope

Yes, if it’s Ethical.

Pen Testing can really help you be a good validation engineer too 😃

https://tenor.com/view/the-simpsons-mr-burns-evil-smile-evil-plan-oh-yes-gif-4617744

only ethical

@thick minnow @clear igloo FFS, i'm using VMWare and all i gotta do is be able to ping anything on the internet so most layers are non existant

Without Networks, Cyber Security and Security Consultants wouldn’t exist.

quick question, if i remove the 4g adapter,

I get the ethical hacking and network security fields are growing but

will connections just default to

ehternet?

idk I didn't find them as enjoyable

@empty cosmos Yah, it should

I know it's good to know them though

not a waste of time

I get a better kick out of knowing that something is protected vs being the attacker

There is just something i configured incorrectly or a config i missed, but idk what

I really like Networking, it’s fun to learn how they work, set one up, troubleshoot it, etc..

It can be nothing else than a config

Yes and the network is basically a requirement of all businesses

like it's not going anywhere

Just move it "to the cloud" XD

hah yeah with sdn and stuff

ok, one last (promise) problem >_>

sdn wan

SDN?

software defined networking

Oh yeah, sorry,

My professor mentioned that yesterday.

He said it’s going to be another big field.

I still think it’s good to know all the core fundamentals though.

yes where software makes the decisions

no more asic stuff

As i'm just talking to a wall with my issue i'll just start asking things to make sure i did them correctly, if a computer has 2 adapters and only 1 goes to the router and then the internet as the other adapter is a lan adapter, should the lan adapter have a gateway and if so, what should the gateway be, the bridged adapter or the actual gateway

@daring plover Then it's probably an adapter put in the wrong network or something, OSI model can still apply. Check your vswitch is configured properly and has an uplink port

In order to get internet on the lan

I have done it before, i'm just missing something

so, the whole thing worked, except what i thought was the dota 2 SA servers isn't, so i guess google was wrong for once

so in-game isn't actually working through 4g

how would i go about finding out what the actual IP is?

It has no switch

No need for one

you should really use one though

Sorry guys I have to go for now, I have to prepare for my 4 hour Java Programming class tonight.

I had issues where router couldn't really handle the Mac addresses and stuff

and ended providing no connection

They have never even spoken about switches in vmware yet

@empty cosmos hard to say, they could be pointing at a domain and have it load balance to a bunch of different IPs

@daring plover hmm in vmware

Even with only 1 device connected to the lan it won't work

Yea, for like the 5th time, in vmware

if you have esxi it's called vswitch0 as the first one

it does have one

No need for one

I have done it without before

I just don't know what i'm missing

that makes it tricky >.<

Anything on the lan can reach the lan adapter on the domain controller, the domain itself and its DNS but it cannot get to the second adapter

The DNS can however provide anything on the lan with the ip for domains

ESXI ALWAYS uses vswitches, EVERY network has one, period

We don't even know what ESXI is

You need to map the adapter to the proper network and if it needs to leave you need to set the uplink port correctly

We never use switches either

It is possible without them without any issues

There is just something i'm missing

IIRC, switches are like one the most important parts of a network?

So....Why don't you use them?...

What VMware are you using then? The desktop client?

What exactly is your logical topology here?

VMWare workstation pro 15

Yes, but are you running that on a computer?

Yes

If so, that is a client.

I assume you're also using the VMWare extension pack?

Ah, I'm in ESXi vmware mode.
have you checked the adapter mapping then?

Idk, we're literally all using a cracked version in class xD

"cracked version"

kek

As for some reason the school couldn't provide us with actual keys

We got acces to IBM software etc which we will never use but no vmware

Ok in laymans terms, explain to us what your "class" is trying to accomplish?

We all got somewhat different networks to make

What type of network were you instructed to make?

@daring plover I assume you've followed this article already? https://pubs.vmware.com/workstation-9/index.jsp?topic=%2Fcom.vmware.ws.using.doc%2FGUID-476EEC7C-4DBA-481B-A772-52CFC572E2A7.html

I gotta make this without switches, firewall or router

well, i guess since i can't actually get the server IPs for dota, missoin failed, would there be any other way to do this @clear igloo ?

@clear igloo Ik how bridged networks etc work, but you could say i cannot get one adapter to send most data to the other adapter

Not easily unfortunately @empty cosmos , I'm sure there is a way to force it over 4G for DOTA but I'm just not sure =/

is there no simple way to set like, this .exe uses that network adapter?

kinda like you can say this .exe uses this gpu?

Not that I know of 😦

sad days

There is probably some paid software that can do it but I'm just not sure of if it exists or what it might be

@empty cosmos I haven't been following but why can't you get the server ip

@daring plover probably because I cant figure out exactly the dota 2 SA server IP

probably for the protection of their servers XD

What the hell do you need that for xD

well, the story is that i moved recently, and got "fiber" installed, but it has crazy packet loss

makes gaming real hard

while I piss off a technician enough for him to come fix it, i've been using my 4g data to game on

but like... I like to be gaming, and have youtube on the 2nd monitor, or netflix, or something

and i can simply disable the ethernet and enable the 4g to play dota, but if I do that and play youtube in the background, my data plan drains

so i was hoping i could use BOTH connections at the same time.

just... for different things.

You could use wireshark to try figure out where it goes to but idk how the ip would even help you

what's wireshark

Shows all network traffic

Even if they re-route the data you'll be able to see the place that reroutes it which you may be able to connect to to play but i still don't get how the ip is gonna help you

peeps here were hepling me do a route to the IPs i specified through the 4g and not the ethernet, whicdh is why i needed the IP

I don't know shit about 4g, i don't even use it myself so behold a noob question, can you use it on your desktop?

I am using it on my desktop 😃

like, i tethered

my phone

to my desktop

Through USB?

aye

so it shows up as a network adapter

If you include the wireshark addons it can read the usb ports aswell

So install wireshark and include the USBPcap or whatever it is called exactly and listen on the usb port

i just downloaded it. would it need to? windows recognizes it as a wired connection.

Did you also let it install things such as WinPcap?

And USBPcap

yeah, just did.

Then one of the connections it sees should be the 4G

sec, almost done.

rebootin

doesnt look like i even needed the usbcap thing.

I just hope you have a good data plan.

Cellular 4G tethered connection from your phone to your gaming desktop?

Online MMO will eat up your data alive.

i've tested it, dota 2 is pretty light on data

i have like... 15? 20 gbs, or something, that i dont use 1 gb of

dota 2 isn't exactly an MMO, its only 5v5,

so... with wireshark running, it seems most of my connections while dota 2 is runnning goes to a 205.185.194.51

would that be... the dota 2 SA server?

Likely

pinging that gives me roughly the same ping as in-game...

And valve corporation appears to be involved in that ip

aka steam

My DNS cannot find it though so that doesn't really help

But yea, that is likely dota

DNS resolves domain names into corresponding IP addresses.

Ik, but you can also request a DNS to show you the domain for an ip

That is, if that server allows outside requests for that.

Sometimes they block that for security.
They could also have a firewall blocking all incoming traffic that isn't whitelisted/allowed.

Then the error is different iirc

i tried

didnt work still 😦

You said you have a fiber hookup to your house?

I assume you have the proper hardware at home to be able to take advantage of this?

He has mayor packet loss

Even if his hardware was too weak to properly utilize it he shouldn't have packet loss

Packet loss occurs when packets get lost and or can't find their appropriate destination. (Most often it's due to timeout's.)

Or a faulty physical connection

And iirc he said that it is new

Yep, he moved recently

It's possible, but if that is the case then you wouldn't have internet connection at all.(Depending on what your physical connection issues are.)

As you said, it depends

But considering he moved recently that is quite likely

Well, it could also be that the service in his area could be less then ideal.(That or the people that installed the fiber hookup didn't install it properly.)

He could also be running in half duplex but the loss from that should remain minimal

True.

Which can come from a faulty connection anywhere

I doubt a fiber connection would be running in half-duplex though.

It can still happend on fiber i believe

Point is, there are many variables. Let's just hope he resolves the problems.

Maybe he even re-used his old cables and damaged them

i assume you mean like, my PC's hardware?

my pc should be fine to recieve the 30 down 30 up they "offer" =p

its not gigabit

what's half duplex?

sounds like a wrestling move

A half-duplex connection allows a device to either receive or transmit data at any one time. However, a half-duplex device cannot simultaneously transmit and receive.

This essentially lacks redundancy in your network.

When multiple devices are connected to the same shared Ethernet segment such as a Layer 1 hub, CSMA/CD must be enabled. As a result, the network must work in half-duplex mode, which means that only a single networked device can transmit or receive at any one time. In half-duplex mode, a networked device cannot simultaneously send and receive, which is an inefficient use of a network's bandwidth.

And yes, I copied and pasted that.

eh, that sounds like junk connection, it really isn't

its great

when it works right

XD

I doubt your NIC in your PC is the issue. Although it is good to make sure you can actually get speeds of up to 1GBps

Half duplex may also send packets in both directions at once sometimes

Resulting in packet loss

Although that shouldn't be that common

" half-duplex device cannot simultaneously transmit and receive"

@daring plover it can never happen

It will attempt to never let it happend

But it can occur

how would it attempt? it can't it can only send one TX or RX

it won't attempt.

half duplex is when it has already been negotiated by both ends

it can't attempt

It's possible but extremely unlikely. If you have the switch and computer try to xmit a packet at the exact same time to each other then, because they loop the RX to TX in half-duplex mode, you would get a "collision". Normally one would be sending so the other wouldn't attempt to, correct, but if they both had something to send to the other at the exact same moment, then it can happen

I believe after seeing a collision, they will wait a random amount of time before sending again in the hopes that the other device picked a different amount of time

Yah

it's nice to see the insight behind that

I would say you're much more likely to have a duplex mismatch though and today those are usually pretty rare themselves 😃

You don’t generally see that in most modern networks though.

@thick minnow And at 10meg? 😛

Pretty much.

What even is that like 10BASE5?

What would even be the reason for using a half-duplex eco thing?

There is Green Ethernet which is a real thing that decreases PHY power for short runs and some other stuff which saves power

Hmm, interesting. I never really knew that was a thing.

There is also Energy Efficient Ethernet (EEE) which only works on 1G links

WTF indeed.

lol

@fresh copper My switch supports that eco mode for short runs

Though I do have a long run of 98FT so i guess its never used

Yea, mine does too

Anyone dealt with Storage Spaces Direct?

Anyone know about assigning virtual interfaces to physicial ones on enterasys

Half these commands arent the same as IOS

@gusty knot https://dachristen.files.wordpress.com/2012/11/c5_manual1.pdf

is ther any one who knows a good refurbished hardware seller in europe, i need a new powersupply for my Dell T620

Thanks for it, Stingraypc on ebay sells good stuff

https://tweakers.net/nieuws/149730/kpn-treft-voorbereidingen-om-later-dit-jaar-1gbit-s-glasvezelinternet-te-leveren.html

for the non dutch people: we are getting 1Gbit fiber connections, and maby 10Gbit connections

Dutch largest ISP is looking in to it

me like 😃

@toxic quartz I already have 1Gbit and could upgrade to 10Gbit with my own hardware with https://www.tweak.nl/

What’s up folks?

@slow belfry thats half the price for 5x the speed in belgium

I WANT

Hahahhaa

@zenith ridge they offer great support too and you may use all the hardware you have.

No restrictions.

At telco's like KPN that simply isn't possible unless it's a b2b setup

To bad I'm not living in the Netherlands

They should make their network bigger :D
I really think a lot of people would love the faster internet

in belgium

If I'm not mistaken in Belgium there is a lot of restrictions regarding deploying infrastructure. That is why most are restricted to reusing existing mediums like coax.

Then they are stupid, because by 2020 ISPs here have to offer 1Gbit options aswell

so either they make it easier or don't force the ISPs to deploy Gigabit as an option

Well, that's why Docsis is still alive

Cause the technology is brain-dead.

DOCSIS full-duplex should be coming out by 2020 or so

That would be nice. I am so tired of 600/20 being my ratio

Yah, it would, in theory, allow for up to 10Gbit in both directions. So knowing the ISPs in the US at least, they'll offer 500/500 and triple the price XD

Still this is BS. Uses a metric ton of power to maintain even if there is no usage. And always battling noise in coax.

👀

Only 379.2PB of traffic

Pffft

It really depends on the polling period. Maybe it's 5 years worth of traffic? XD

Something like that

~120 days of traffic 😛

Any tips for a 2u server?

A model you recommend or something like that?

not really, but we can help you pick a model of network equipment here. might we suggest a cisco 4451 with a UCS blade?

@clear igloo what model UCS blade should they get?

lol, E-Series is the only supported one for the 4K 😛

E-Series it is then

the router itself is 2U, it meets all requirements asked of us

can you please let BaCk know who their cisco account rep is?

small business unit i think

Sure, the rep is on the Discord, their tag is @waxen scroll

@clear igloo the last place i worked for bought many 4451 with UCS and didnt use ANY of the UCS

they were supposed to use WAAS and just were like "nope."

xD

WAAS, ewww

tons of money wasted

Not wasted, it was well spent on bonuses 😛

anyway

@clear igloo no thanks to you i ran some fiber to the N7k

works FINE now

TAC still asking for remote sessions and packet captures

Does anyone here have any experience with FreePBX ?

Google Voice

🤔

Wait ur not blue anymore

@waxen scroll

👀

I've never been blue

Always just regular rank

hey

has anyone heard of the archer c60

Oh then i mixed up whoops

@dire hearth I've been trying to work with free pbx with moderate success. What you needing. Feel free to PM me.

meanwhile in greenland. internet sea cable is broken. some fisher men destroy it by accidents.

90kbps now.

so they did announce the sea cable boat will arrive this month. and they did not arrived yet. next month it is...

What device would I need to wire a desktop by ethernet to the router? It is in an adjacent room and I do not want to have holes drilled or long wires.

@thick minnow you can use Powerline adapters without making holes

Protip dont put them in a powerbar

😂

How good are they if you live in the UK? And which ones do you recommend?

I'm in the US. I've tried Zyxel and NETGEAR variants with success

Why is wireless USB not an option?

it should be better than powerline by a lot

well he asked for line options. but that could be an option too.

I have an adapter (AC 1900) but would like wired so I can use steam link (yes I know it is discontinued)...

oh... so there are products which can also convert wireless to wired

like what?

https://www.amazon.com/dp/B015Z3OD22/ref=emc_b_5_t

this is one example but there should be others

it says its a range extender but theres a mode to extend it through ethernet

I thought it converted ethernet to wifi but I could be wrong.

@thick minnow I have dlink dap 1300 (I think that's the model #) and it worked on the same principle. it was a wifi to ethernet bridge

my parents have one, it can take a wifi signal and let an ethernet computer use it

Yeah I think I need a wifi to ethernet bridge then rather than powerline

dont you want to run wires through walls though, its great experience 😄

No would rather not drill holes

@waxen scroll my attic is full of insulation couldn't even walk in it

so is mine, i still did it

i just moved it out of the way and put it back after

that's a lot to take out

will need a mask, this pink stuff flies in the air I think

i took a pic so friends could see my pain

lol

its like swimming

😄

the only problem with DIY ethernet is that you cant buy 8 boxes like the pros do

when i ran wire professionally i would do 8 at once

at home its a bunch of one offs

takes forever to install

and i didnt take out any, i just moved it to the side like in the pic

i did wear a mask cause im paranoid

Home insulation is some toxic stuff.

Also, I was reading in my previous chapter in my Networking course that generally when you’re going to run lines, you should consult the fire department(If you’re doing commercial installation.) and use plenum coated cables that are not near any air vents.

There is also the distance of the wiring to keep in mind as well.

Generally try and keep it less than 100m to the next closet or patch panel.

90 metres max, plus 2 5m patch leads.

You can sometimes abuse tolerances in the spec to go a bit further, but YMMV and I wouldn't rely on it myself.

Hmm, interesting.

@pseudo blade I have a 100 feet run that goes from my 2nd floor to basement

But it is of cat6a grade, so I still should be okay with the signal

100ft is easy.

That's way under.

try 100 meters

😂

100 meters = 328ft

hello

how can i install openwrt on a tp link router

Ello

Find ur model here https://openwrt.org/toh/hwdata/tp-link/start

i already did

the thing is

i can't install it through the router page

the only way i googled how to do it is through tftp and i don't even know how to do that

so if anyone knows how to install it through tftp can anyone help

Leaves

k

heh I got the metrics messed up

feet and m

😂

now if only that could happen with coins and dollars. then 100 pennies could convert to $100

@coarse marsh if you router requires the tftp method then you might as well give up. You have to buy a USB UART adapter, open the case of the router, find the serial header (which may not be populated requiring soldering), hookup the UART adapter and do some stuff to convince the router to load your firmware. Some routers don’t have a serial header and it has to be done by jtag which is worse. I really don’t recommend it for beginners and it would probably be pretty hard to do it myself

That's pretty complicated

Welp guess I can't install openwrt

Some companies don’t want you installing openwrt on certain routers so they out in a lot of effort to make sure that you can’t do it

Oof ok

Well thanks for telling me

Like 99% of routers can be reflashed, lol. Might not be easy, but nothing my screwdriver and my TTL adapter can't fix.

I could try but

I wouldn't wanna risk anything

🔥

Always exercise caution when doing anything like this, and remember that it will most likely void your limited warranty for that device.

So if you mess up, or if you brick the router, that's on you.

Hey guys and Girls!
So today I've been setting up Microsoft Server 2012 R2
I have AD, DHCP and secondary DNS on Raspberry Pi which is Pi-Hole.
So, everything else is working, besides DNS.
DNS is not getting resolved automatically at all. You know no access to anything whatsoever. I made a Forwards List added my Main WAN router address.
So in general I have to add DC static IP to the Preferred DNS for it to work
Any ideas ?
I know there's a networking issue somewhere that I'm missing

Most newer routers have their own DNS resolution built in to them.

Consider checking the way your router is set up.

Also make sure that DNS is enabled on your computer's NIC.

Lastly make sure that your DNS Server and your Router can communicate properly.

You said it's on a Raspberry Pi?

No

The setup is this

The Router is the WAN gateway with DHCP dissabled and ect.
Then there is Win 2012r2 Server with DHCP and DNS controllers
Raspberry Pi is out now of the network, I disconnected it

Why do you have DHCP disabled on the gateway? Is it that you want the server to handle the DHCP requests and assignments?

Yeah, that's the main idea

Centralizing the Server to control all Device Addresses

Can the client communicate to the server?

Yup

Ping the server and see if you get all the packets back.

10s

Ok that's good then.

So what exactly is the issue here?

Mainly DNS

You can't resolve webpages?

Without manual setup in each of the devices to use Servers DNS resolver, no access works (mostly PC's and Wireless Tablets)

Basically each device gets the IP but not the DNS apparently

Do a CMD ipconfig -all and see what you get in terms of the DNS information.

That's why I'm confused as well

Is your DNS server on the same network as the clients or separate?

Same network.

It receives the DNS server from the Mainframe, but, not resolving anything at all. when I add googles DNS it starts working now

🤔

Ok good, now when your clients send out an DNS Request where do those requests go?

Windows Server

1s I'll make a cmd response picture

Do clients send their DNS requests through the gateway?

It's the lab setup before deployment
https://i.imgur.com/rDRnRsC.png

Only if the gateway is set as the DNS server.

Or if he forwarded all DNS requests to be sent to the DNS Server.

Some gateways can force traffic over port 53 to redirect to their own DNS server.

it could be easier to explain if I did a network diagram 🤔

Sure go ahead, lets see your logical topology.

👍

Something that is good to check is how you configured your DNS server and Gateway.

I've heard this issue before, wasn't it like two days ago?

Checking the DNS config. It might happened that I have not configured it 😅

yes it would be helpful to configure it with forwarders

also helps if you fully update the server with updates on new install before installing roles

2012 R2 comes broken without updates with some roles

I'm just trying to help any way that I can.

I've never done anything like this in my life.

I'm just going by what I've learning in my class and also from just common sense.

can't say I've seen this problem either

I remember some of the students struggling in class before we handed them out updated copies of server 2016 eval

then all the problems with roles stopped but nothing will fix it if role configured wrong

they were using active directory In my case

Well I'm IT Network and Security (Ethical Hacking) student

Graduating this summer

@acoustic lagoon yeah I support you guys

in college as lab assistant

Well, Microsoft Servers always been my freaking thorn in the arse

Forwarders are configured

yeah Microsoft is tricky, my professor pushes Linux a lot instead

I prefer Linux as well

there were 4 semesters of Ubuntu 16 in classroom

students like it just fine

we put up a game server for ethical hacking students in a VM

like a capture the flag kinda thing

@thick minnow Forwarders are configured. Have the address of the Router which has ISP DNS

ISP DNS may not be in some cases what you want your clients to use, in some case you want to force the clients to get DNS from your DNS server.

I'm also taking a CompTIA Networking + Course on uCertify as part of my Network Essentials course in College this semester.

I have my midterm coming up.

I'm also taking Programming 1(Java for beginners.)

I remember Java. my class started out with teaching Alice and then jumping to Java for last 7 weeks

he should of just did Java straight in beginning

I also like to learn about Ethical Hacking and Network Pen testing in my spare time.

all these hackers here and im just wondering why nobodys opened wireshark to look at why the issue occurs?

🤔

@thick minnow Nmap makes a basic but great network mapping took too as a side effect of being a pen test tool

IT WORKS

nmap is good, but it can be tricky sometimes to use.

nmap is good to know though.

@waxen scroll if they have port mirror ability, sure

Windows Server is fine

dont need to port mirror unless network packet loss is suspected

I forgot to configure the damn DNS server 🤦

lol

happens 🤷

blobby boy

hi

@acoustic lagoon you got it now that's great

hiiii lz

You can't sniff the traffic thats coming out of port 1 if pot 1 doesn't have port mirroring to port 2 enabled....

All 300 devices now respond and are able to access the domain/resources

I think I'm gonna go make dinner now

😂

and this is why you have r e d u d a n c y

Truth.

@thick minnow I was thinking by VLAN, I think that's where I got spoiled

can't have a network of 200k going down

😉

Also truth.

Network stability and redundancy is crucial in most modern networks.

Yeah my college is working on that. On monday we'll start combining the parts and deploying next friday

yes. just like in my classroom. a oversubscribed single FE port to a core switch of 20x GE port computers

xD

lol

I was able to convince my professor to spec out 20 Intel 8700 workstations for our cyber operations classroom

he placed the purchase order monday

I am happy, we will have state of the art equipment in the whole school

why do you need port mirroring to wireshark?

have you not tried wiresharking your network card before?

all it takes is one on your side and one on the server side

i wouldnt span unless i suspect packet loss

@waxen scroll installing Wireshark on server would pollute the install

but I can install it on the client desktop

from one workstation, I can port mirror any traffic from any port or vlan straight to my main workstation

without having to install Wireshark on any of them

saves a lot of time and configuring

When you're against a wall, not wanting to pollute an install isn't an option, and you can uninstall the tool later. As an IT, I usually have a device or WinPE boot image on a USB with all the tools I need to diagnose issues, which would include Wireshark, thus not polluting any existing installations.

you can't use PE either if secure boot is on

ive worked at some pretty large companies, this isnt your cowboy IT operation, and none of them had the polluted install concern. we put agents and/or wireshark on there

Then grab a laptop, and secure boot doesn't do anything anymore, other than get in the end-user's way. There's plenty of exploits to poison secure boot.

@waxen scroll well Wireshark installs some buggy network capture drivers from what I heard

I don't want to do that

@unreal wedge Well then I remembered that if you use Microsoft approved boot images, it would technically work

so not a bad idea

maybe but here's this: they blocked usb booting via password too

so the laptop idea it is then lol

@waxen scroll I guess they aren't security conscious either.

they are. they have a massive security team, audited by multiple government agencies.

Adding applications increases attack surface though

they missed that

It's the same reason why you don't install Chrome on a server system

Wireshark does have exploits that they fix from time to time

if you see the release notes

My professor said that when he needs to monitor large amounts of network data from a network, what he does is he sets up a remote connection that forwards the mirrored traffic to whatever system he is using and runs wireshark on that.

does anyone know common problems to port forwarding with a luxul router... im trying to setup a Minecraft server and as far as i know i did the port forwarding correctly but it still isnt going public...

yes I run Wireshark on a remote computer that gathers it from others

and it catches both ends not one

that's the best part

25565 25565 for the TCP UDP.

did that

case in point: had a ssdp protocol error where it went from an AP to unificontroller

Did you assign your public ip to that?

but it had extra traffic that the AP couldn't see via Wireshark on one line

I saw that traffic with port mirror and solved the issue

no i did the ipv4 address of my pc to it

it was contacting external ip with the ssdp request

ipv4 is your local machine address.

and you wouldn't know if you were only. plugged into one end

You do install Chrome on a server environment when you need it, though. Even if the updater is borked, being picky about the applications on your server isn't worth it. As long as I have a decent firewall in-place, and there's not something else making the software insecure, do it.

At least in 32 bit form.

IPv6 is 128Bit.

yea thats the ip that i put into the port forward for my router

Minecraft doesn't can't run on IPv6.

@unreal wedge Then comes the risk assessment where if the security controls cost outweigh the benefits

your saying i should do my public ip there then>

?

and in environments that means it allows chrome, etc on server

Your public IP probably changes every day or so.

You can maintain compliance in other ways.

@unreal wedge sure

no the public ip never changes i know but if we dont set a static ip for the ipv4 then the ipv4 will change

Then set the static IP via DHCP with the device's MAC address.

IPv4 is the local address of your machine on the network.

yes

If the device is offline, and you're using a locally-set static, when the device is offline, the router will reassign the IP, which causes fun issues, unless the IP isn't in the DHCP pool.

yep i already set the ip to static for my computer

IPv4 is also the format of your public IP*

ahh ok

well i put my computers "static" ip into the port forward and theoretically the public ip would be used for my friends to join over the internet right?

I thought IPv4 was the local device address on the network?

Am I wrong here?

that's local IPv4

it's a NAT IP

there's also public IPv4, from the ISP

Ah I see.

Well considering that I was just reading about IP Addressing a few days ago I should have remembered this.

that's a tough chapter because they show a lot of numbers and examples

192.168 is Class B right?

I remember Cisco slides from that class

so many examples of subnetting and addressing

@thick minnow class C

Right ok, sorry.

so no one has any ideas as to why this isnt working besides its the isp's fault?

@thick minnow it's good to ask, because those are the people who will learn the most

ask questions

Truth.

I just hope I do ok on my Midterm Exam for my Networking class.

lol

https://blob.linusdrop.tips/0c4d434de0.png

xd

If you take it seriously I'm sure you will

@rocky badge That's code word for Yolo life

lol

https://blob.linusdrop.tips/cb0cecd391.png

I was reading about decimal to binary and binary to decimal IPv4 conversion.

VMware for lyfe xddd

@rocky badge oh right I did see Mac OS support in esxi

My brain:

that's neat

you'd need an unlocker iirc

same as VMware Workstation

https://blob.linusdrop.tips/a77c1c8ec7.png

So you're running a MacOS VMware VM?

yes

What for? Just for fun?

ye

Well, I have a virtual box(Yes I know, the horror) Kali Linux VM.

I would like to have VMware but you know...

Money...

lol

oof

https://blob.linusdrop.tips/9edb1bd142.png

it's nice xd https://blob.linusdrop.tips/ca84286a54.png

Enterprise, you lucky lucky man.

👌 https://blob.linusdrop.tips/dcd4c7841a.png

Is there a free version of this?

yes

For 30 days?

https://my.vmware.com/en/web/vmware/evalcenter?p=free-esxi6

forever iirc

Woah...

yes free forever

with its license limitations which were...

can't remember

I will defiantly be downloading that. Is it free because they dropped support for it?

just no dual socket support or something

no: vMotion, no vCenter connectivity, etc

CPU limit

I have no idea what those are.

RAM limit, etc

vcenter is basically the best feature there

^^^

I know CPU,RAM,HDD and stuff are.

https://blob.linusdrop.tips/0IXuoeFJWaNN.png

@thick minnow they are features of the VMware vsphere platform

vSphere vCenter appliance

they add on additional management capabilities