#networking

I see

Guys

@waxen scroll Why is PFSense for noobs, just curious?

@waxen scroll to save myself time and headache while juggling two positions and two classes, the easy ways are very desirable

But it started working with promiscuous mode so I don't need to use it now 😄

@signal mantle you can do everything in the GUI plus it does some stuff automatically for you

you dont want that on BTW

last i recall it sends every VMs packet to every vm

@waxen scroll I read that yeah. Well, this is for an isolated lab network but your right, I should have like a router-vm in it so I don't have to enable it

@waxen scroll only now did I finally correctly imagine what you told me.... And it makes so much sense

So I will start incorporating it and play with iptables first

Earlier in the morning I was a little confused

I don't want to leave promiscuous on

It shouldn't even be that hard

@waxen scroll I did

Then I lost it

u WOT

yeah 😦

@little schooner so you have two vswitches.... one for public DMZ space one for private space. Your router gets interfaces in both. Your router will act as GW for the private vswitch. Your router will NAT for all devices in the private zone.

Because its default GW your VPN can access that zone and optionally the internet

@waxen scroll wait, so why is it that datacenters dont use that much security when they are inside the datacenter's lan? all the security is on the outside only?

@waxen scroll and thanks for the description

they do

@waxen scroll oh, i thought you said that they didn't have as much firewall control or rules

im only telling you how to do it with a single server and a basic internet connection

oh no, i am referencing an older conversation we had

not related to my current case

most people split the datacenter into zones.... Production, Dev, QA, whatever else.... each zone uses a firewall as the gateway (at some point)

modern designs actually now do device to device firewalling

no zones, devices are all firewalled

hm. I see.

zone based means that if an attacker gets into a dev device, they can go sideways to other dev devices but might not be able to jump to prod

and dev is never supposed to reach prod under any circumstances anyway, right?

they would have to jump onto a prod dev

what if dev needed to make connection to prod?

for like 2 minutes

no, you can do whatever you want.... but its best not to let dev and prod talk if you can help it. people might abuse that, especially if your company bills for resources.... someone might decide its cheaper to host in dev and let it talk to prod

interesting

theres no right way to do it. its whatever the company decides makes sense for their usage

some might choose to block internet to a zone until you open a request for specific servers, some might not

its complicated

@clear igloo it makes me lol how reddit is all "omg infosec isnt an entry level job" and then i look how it actually is

🤔

3/4ths of it are people who know I PUT RULE HERE. 1/4th is "we want the firewall to BGP because... blah"

Security Engineering and Security Operations can be very different.

oh it is.... but it makes me laugh how often people go "you need X years doing helldesk" or something like that

helldesk wont even help you TBH

Maybe it will if the printer is attacked 😛

please dont give my audit team any ideas

LOL

next thing you know we'll need DNA on our lan to control all of it

also ive met FW engineers who couldnt explain routing to me

That's right up there with programmers with years of experience who have no idea how to operate their computer.

ive heard thats a thing TBH

thats what happens when you go to college for something but dont have the passion to explore outside of your small area

It really is a thing. I can speak from firsthand experience. Though, the FW engineer not able to describe routing is new to me.

that happened when i worked in education, but im sure thats not a one off

most fw eng i meet are pretty competent

@waxen scroll @clear igloo Our fucking Crestron system died again

need router what buy

@waxen scroll I couldn't get it to work. They do not require internet access, but it's that it still was having trouble reaching an IP address part of the real network assigned to a VirtualBox VM that lives inside a Ubuntu VM in esxi.

I thought it was working initially with iptables because I was able to ping all the way down to that. But the nested vms still did not respond.

I should draw out what I'm saying. I don't think I'm explaining it well lol

I had to undo all the changes quickly since I ran out of time testing

@blazing solar https://www.cisco.com/c/en/us/support/routers/4451-x-integrated-services-router-isr/model.html#~tab-documents

Will fit your needs for a few years. Cheers

@waxen scroll that was the troll attempt you were talking about earlier for the ltt thread right? Lol

yep

Nice 1

i did my best with the info given

@waxen scroll yeah uhh probably not

Why do you say that? If its good enough for enterprise its good enough for your needs... whatever they may be

I personally use them in 100s of buildings

Sorry about that. Filter update was bork.

filter update?

i didnt see anything filtered

@blazing solar call em up. you can get that down to $2500

i mean weve got adsl in sooo

bit of a bottleneck

12 mbps

i'd just use the ISP router at that point

14 years old

or wait no

i keep forgetting how old i am

its like 16 years old

Can we filter cuss words? I get nervous when blob uses them.

People should go back to DARN IT! and DANG IT! and Curse you and the horse you rode in on

Oof

@waxen scroll i really just slapped this together but, why, even with an iptables VM, does the ping not go through ubuntu > virtualbox > the centos ip?

is it because the Ubuntu vm sees the packet isn't for itself and doesn't bother processing it?

why not use a hypervisor instead of ubuntu?

@peak cloak I wanted to create a self-contained fat vm with other vms inside of it

and then they can operate in their own private network within this vm

hmm ok

but I am starting to think that because the ping request is for a different IP than what Ubuntu has, it doesn't bother to take the ping request into the nested vm or something

but with promiscuous on, it starts to work

which isn't the ideal config

@waxen scroll the nested VMs should use a virtualbox NAT adapter instead?

@little schooner I would assume the issue you are running into is due to the subnet and it only listening for its own MAC. Both Ubuntu and VM are in the same subnet and Ubuntu will not switch the frame to the VM. Its why when you go promiscuous (bridging) the connection works

I don't have experience with nested VMs but it looks to me to be the issue. IPtables is just for routing and you'll need to slap your nested VMs in their own subnet and your preferred flavor of routing.

@hollow marlin makes sense

Yeah it was driving me crazy a little bit 😅

It's fine for now it's only a temporary setup and any outgoing connection are all automatically blocked too

The issue tho is the insane amount of broadcast traffic when stuff like rdp sessions are running in that env

At least it doesn't show issues at the moment with 20 of them

So I can just move on from it

What

anyone get samba or some other file server working in docker on ubuntu?

I want it to be able to mount some internal drives as volumes

@little schooner that doesnt look like the linux router is also the openvpn server

@waxen scroll oh that's correct. It wasn't

💁

I couldn't move the OpenVPN as it would be a change I need to ask. Prof

He wanted this working by Sunday

@honest wind I want to make the same thing as you ... I think

I want to have a central location to my dev project

Accessible by any of my computer

That I can run docker locally on the remote folder

@little schooner so impatient

Like a NAS

Like what Linus have done for the video editing server

Yes

I want to run the software for it in docker though

Oh, so different than you. I don’t want to run docker from the folder. I want docker to run the software that serves the folder as a nas

oh

Its going to be my weekend project.... that's gonna be a week or two project

I hope not 😂

I already got it to mount as read only for a guest, but I think the read only part is an issue with the FS as the client is a mac

Then having trouble figuring out the auth

got it

services:
  samba:
    ports:
      - '137:137/udp'
      - '138:138/udp'
      - '139:139'
      - '445:445'
      - '445:445/udp'
    entrypoint: "./entrypoint.sh -u 'username:password' -s 'Data0:/share/data0:rw:meecles' -s 'Data1:/share/data1:rw:meecles'"
    volumes:
      - '/drives/data0:/share/data0'
      - '/drives/data1:/share/data1'
    image: elswork/samba```

here's the docker-compose

@waxen scroll @chrome hound This guy in the Ubiquiti server is trying to build a 40Gig capable router for his home Internet

what?

lol

build-build? like no ubnt?

ubnt
40gig router

Yeah he wants it to be cheaper than whatever pricing he got for a mx204 @waxen scroll

i havent looked too deep into ubnt leaf... can it route and not be a spine/leaf network?

http://dl.ui.com/product_sheets/USW-Leaf_Brief.pdf it routes

Yeah

they already have a leaf

so whats the problem they have?

oh. home internet

yeah... wat

they don't want to pay a lot for it 🤣

@rocky badge same people who ask about making nas and forgetting their primary computer they use all the time is the better cheaper option

Lol

I want to make PFSense router using (insert power hungry CPU from 2010 here) and I'm worried it will cost too much power

you're gonna trigger me

Can it also be compact and have 100gig routing?

He was thinking of tsnr

😄

*tnsr

tnsr with a price of contact us today

I wonder what the use case for 40g home routing would even be

muh epeen is about all I can think of

lol all this over the top talk have got me all worked up

oh hey @blob speaking of crap you don't need i finally got migrated to the blade center

nice

https://blob.rocks/grYWb64LLo.png

I'm trying to revive vcenter

https://blob.rocks/cxMsJtosT8.png

ouch good luck man

its hanging on the part it usually hangs at and then times out https://blob.rocks/qRigSZYrrE.png

my dining room table looks like a data center exploded on it lol

lol

I want another server but parents 😩

pfft

who even eats a dining room table anymore

@chrome hound @clear igloo

This might explain some of my problems

RIP 😦

idrac isn't online either

Needs more memories

Ok after reseating ram it booted

All 64gb of it

Nice

Idrac still isn't working

i have r710, 300gb

want a home lab pic?

its not much but its mine!

@clear igloo resetting idrac

home labs are awesome

stfu https://blob.rocks/tjMVQrmpyq.png

I have a question, what is the difference between a moca adapter and a moca to rj45 couple adapter? Do they have the same speeds or no?

Hey, I have a tplink archer c50 ac1200 router. I use my Virgin Media Superhub 3 as a modem. Recently, there have been cut outs that only last for a few seconds but have become very annoying while gaming, because I get kicked out of the game. Is it my modem or my router?

I am no expert in networking, but is the computer connected through wired means or wireless? If it is wireless, maybe you are having a weak signal?

I am no expert in networking, but is the computer connected through wired means or wireless? If it is wireless, maybe you are having a weak signal?
@green crest Not a computer, it’s an every device thing. We use wireless.

And by every device I mean literally every device. Alexas go out, Netflix streams turn choppy, Range Extenders cut out too.

Maybe your router has issues

This same issue happened when we used the ISP provided router/modem, but the cut lasted for 10 minutes instead of five seconds.

Only way to know is checking if the modem is working fine

I’m gonna take a guess and say that his modem sucks ass.

If the ISP router still had the same issue, that it is probably the modem

How would we go about fixing this? Would we have to swap ISP or get a replacement router?

Router/modem i mean.

Wait, is the Virgin Media Superhub 3 provided by the ISP?

Yes. the TP LINK ARCHER C50 is what the bought ourselves.

okay, so contact your ISP to see if they have a replacement or an upgrade for it

There’s no upgrade, the Superhub 3 has been out for a long while. We’ve also asked for a replacement because it’s faulty, but they didn’t acknowledge it. Seems like this issue happens with a whole bunch of other Virgin Media customers, and the company doesn’t want to help the issue with them either. Unfortunately in my area the only ISP that provides speeds over like 30mbps is Virgin, so I’m stuck with them.

Their customer support is bad, and replacement routers go for £50. We’ve been stuck with a £6000 bill for a new roof so we really don’t want to have to spend any more money than we have to.

Maybe the cable that is attached to the modem has issues?

I don’t think so, it’s the cable that came with the new router.

no, the moca cable

The moca cable? What’s that?

The cable that connects to the little socket in the wall?

Like... the one from underground that the ISP puts down there?

yes

Is it likely that that’s the problem?

Maybe, I had a similar problem like yours where my moca cable was damaged and killed off all internet in my house. I had to change out cables and the modem worked

Huh. Okay. It’s late right now so I’ll check it out tomorrow. Thanks for the info.

okay, no problem. it is probably best to continue asking more people in this channel though, they know more than I on networking.

Jack knows more than I do

@waxen scroll @chrome hound So uh

My ISP gave me two public IP addrs

(that's just the GW in the subnet but 👀)

what subnet?

it's a /24 lol

WHAT

wait, this is through dhcp?

i'd be calling them asking them to set up routing so i can make a DMZ

😄

yeah it's DHCP

now to figure out how to route several VLANs through just one IP

ooh ok

should just be a NAT change. IDK pfsense

instead of catch all you define the sources

that doesnt seem right either

why is it two different gateways

seems like something is misconfigured on their end

you can put unlimited subnets in a vlan if you want.... but.... like that? with DHCP doing different subnets? what?>

Wait, are they just handing out DHCP to anything connected to an authenticated ONT

Yeah I got it

I would legit LAUGH if its that

odd setup to have two subnets being issued in the same DHCP zone

the RTT and RTTsd seem really him to me

https://blob.rocks/HruaLkF8ZM.png

thats a lot of vlans you got there

lol

back to a TiB all ready since I rebooted the router

only 22 days

pfft 1TiB in 22 days

We've done 800GiB in 5 days

900GiB now

from just getting fiber

lol

@chrome hound Do you think they just hand DHCP to anything connected to an ONT?

who is it?

A local ISP

possible

we do that on our DIA customers

Calix 711GE ONT

but its all in one range we don't mix them, each Vlan has it'

s own IP address space

ah nice

@chrome hound Should I just try it 🤣

hi, what is the difference between a moca adapter and a moca to rj45 couple adapter?

ok, provisioned port 8 on my switch on my desk for the ONT VLAN https://blob.rocks/etVGpT1IbN.png

Gonna plug in my PC into that 😂

BRUH

they gave me another IP

https://blob.rocks/2mOty3X5c9.png

@green crest its looks like one is just a media converter while the other seems to have more logic to it

which one is a media converter?

the RJ45 version

whats your setup?

Could I just ditch NAT 🤣

I wouldn't if they crack down on you its a pain to go revert

I want to use the moca port in my wall to connect ethernet to my pc

whats on the other end of the port in your wall?

uh

I can see other MACs

on my ONT VLAN https://blob.rocks/960g1M6b2d.png

client isolation is not always a thing ISP's adhear to 😛

Lots of Zyxel from their wifi routers

belkin router https://blob.rocks/F9z8MDszwY.png

bruh

moca

@chrome hound https://blob.rocks/Ht1ZLsfX0f.png

@green crest So it seems like you are really talking about a peice of Coaxial cable in your house?

yes

well I have no experiance with this, but if that coaxial is suitable it seem you should be able to use a pair of the Ethernet over Coaxial units

https://www.amazon.com/Comtrend-GCA-6000KIT-Powerline-1200Mbps-Ethernet/dp/B01MRV4WA1/ref=sr_1_9?dchild=1&keywords=coaxial+to+ethernet+adapter&qid=1599952692&sr=8-9

but it sounds like you need to have the coaxial cable isolated

*WARNING: This product WILL NOT work if the coaxial cable in your home is also being used for cable TV and/or Internet Services (eg. Cox, Xfinity, ATT, etc.)

What about this?

https://www.amazon.com/Converter-Adapter-Coaxial-Connector-Straight/dp/B0855S5N49/ref=sr_1_7?dchild=1&keywords=moca+to+rj45&qid=1599953128&sr=8-7

@chrome hound "What is NAT"

https://blob.rocks/jWwcxKVCcB.png

@green crest thats just a wire to wire for line testing

Note: these coax straight connectors can't be applied for networking, only for analyzing and testing the BNC line to confirm whether the video conversion function works well or not

oh, okay

with out the logic part of the media converter its just noise on the line

😬 unbound 1.6.6

Local ISP's DNS handed out by DHCP

lol

well now you can give all your IoT devices public IP's

🤣

Actually....

I could disable NAT on my guest VLAN

is that possible?

I mean sure you could just pipe it directly out

but I still want pfSense between it lol

well that is where you are going to run into issues

each device would need its own interface

oh

Just put guest WiFi on VLAN 69 🤣

my ONT VLAN

I wonder if they'd ever get mad at me

I have a interesting question, is it possible to replace an ISP service with 5G cellular data and with better speeds?

in theory sure

in theory? how?

pair the 5g to a device(laptop or desktop) have the device act as a gateway(share the connection) hook the device into a router. the device paired with the 5g would be pretty much open to the internet though. behind what ever nat the 5g celluar uses.

@chrome hound The local ISP tech said they handed off Ethernet for businesses 👀

fiber straight into the router

or a media converter if needed

as aposed to what?

gpon and an ont

oh i see what you mean

https://blob.rocks/lWA51YGhbU.png

They also do MetroE

as well as managed UniFi installs lol

can't say I have heard of metro

one community center here has the local ISP

they have UniFi everything

rofl https://blob.rocks/MZxmqbSRBN.png

@chrome hound metro ethernet, L2. What most our l2 P2P/P2MP are. It's just l2 with QinQ with 2+ tags and NNI/UNI ports.

👀

https://blob.rocks/lg6eJEn7e4.png

@chrome hound lol found this on a news article about the local ISP

a new substation for a city

Meh

Fiber shelf boring

That's literally the only photo I can find though lol

Muh 100g cienna

100g is SOOOOO last year

it will be "this year" for years to come. its still too expensive

@clear igloo 😩

Nice 😄

88 Clients right now 🙂

moar

Actually... is this counting MAC addresses it finds from my ISP and ONT

From where my ISP doesn't isolate O.o

https://blob.rocks/iFOrGAbTuX.png these

OOOF

maybe that explains the multiple subnet in DHCP issue

@hollow marlin muh network loops

someone crossed some wires

@rocky badge BY, E7, E9 platforms do port isolation by default. However that is only per blade. If the VLAN is spread among multiple blades you will be seeing those MACs. They'd need to use private VLANs or MetroE upstream.

@waxen scroll cannot say my last job had 3 or 4 VLANs that had 10-15 secondary subnets.....

@hollow marlin they mostly seem like MACs from other customers? They're mainly Zyxel and other consumer routers

There's a Synology, Belkin, and some other stuff

There's a Cisco MAC that's not mine, idk if it's the ISP's or another customer

@rocky badge is just customers MACs

🤔

@rocky badge run a mac spoofing experiment and see if you can yank customers traffic

lol

i suggest spoofing their gateway

do it on the secondary address

you can do a quick hit, see if wireshark picks it up and then stop before they have a chance to look

lmao

😄 https://blob.rocks/fPOXCwDXg3.png

spoof it

😐

Lol

@rocky badge another request

sniff it for broadcasts from other customers

i feel like you might be getting them if the mac table is that full

Lmao

i bet rouing is the support person and you dont know it ;p

Hello everyone, i recently setup a wall keystone jack for ethernet, but now my connection constantly drops and connects. I tried Google ing for a solution. But no luck

sounds like the wire is damaged. rip and replace

Or not properly terminated

i found some channel called networkchuck

who watches that

LTT of networking 🤔

He's decent

Definitely more high level stuff but not bad

yeah i got bored but i liked the way he was trying to explain switching in a CCNA video

pretty clear

yah

@wary rain you tested the wire after termination?

@clear igloo 🤔 https://blob.rocks/MD58KDPJ7i.png

@wary rain you tested the wire after termination?
@peak cloak yes i did. Tested it, and it works.but every couple minutes, it disconnects and reconnects, i confirmed that i used type B connector on each point of the connection, but still same issue

@rocky badge

🤔

😕

How did you get 4 ips like that? Pretty neat and free of charge?

Me? I only have 2 of those, the ones ending in a .1 is my isp

But ye it's nice

AT&T will give me (8) 5 usable static addresses for $15/month or (128) 125 usable for $40/month

@clear igloo that's for Ipv6?

IPv4

They didn't run out of ips?

Not sure what pools they have still but they seem to be offering it, I just don't have a need (yet) 😄

hm still pretty cool

Yah, especially when you consider Comcast charges like $30/month for 1 static address

weird considering they give you a static anyway, as long as your mac doesnt change

@clear igloo HE gives you a /48

I thought that was the case. Not for me. The ip expired within a year @waxen scroll

I found out after my syncthing setup stopped working. Comcast gave me a new ip for site 2

I simply switched it all over to ddns name instead but Comcast was on a roll keeping the ip the same for the longest time

@clear igloo 👀 https://blob.rocks/sqJWVHaYT5.png

@rocky badge 😍

But what's the throughput on HE, isn't it pretty low?

idk

it seems fast

Do you have a tunnel to them or are you just getting a /48 from them?

I know their tunnels are pretty slow last I checked (which is expected since they are free)

GIF

so yeah a tunnel

my he tunnel is pretty fast - good enough for all my web traffic anyways. though its funny all the web sites think I am using a blocker when I am not.

How do you get signed up for that? How do they hand that off to you?

Disregard, I got signed up and have it routing on my FW for testing.

Seems pretty fast compared to ipv4 for me

If you're tunneling v6 to HE it will be slower than v4 unless a specific case where a specific IX in HE is less hops than v4 for the same service.

I had to disable it for the time being due to netflix issues and trying to figure that stuff out, it just seemed that google-related things were snappier

can anyone help me with freenas

no, i dont believe so. this room is for discussion of network equipment like routers, switches, etc

Does anyone know of a way to send a notification in pulseway when (minecraft server name).bat is closed?

asking for a friend

no, i dont believe so. this room is for discussion of network equipment like routers, switches, etc. server chat is in #tech-chat-2

ok thanks

@waxen scroll @hollow marlin

So it's not a Calix... o.O

i thought they ran fiber into your house

Nope, it goes to the outside of our house

GPON is lame

GPON is fine

ISPs think fiber is like copper

if you have unexpected attenuation on certain wavelengths, you cannot use that anymore, have to resplice the entire loop

from a maintenance standpoint, its silly to consider gpon

For AT&T, iirc if the fiber is bad they just run a new one lol

yeah but

since its basically a trunk line

you take down, a lot of service at once

to be fair

cable cuts

are often more than 1 fiber

xD

They only do that for inside the house/unit

Idk what they do from the OLT -> splitter

https://upload.wikimedia.org/wikipedia/commons/thumb/7/74/PON_vs_AON.png/800px-PON_vs_AON.png

This

is very interesting

from a security view

signal bleeding is already an issue with regular WMD systems

But that image above

how they have "seperate" broadcast channels

for things like video

i mean blobby has the mac addresses of all the customers on his line

confirms what I said

ISPs treat fiber like copper

@rocky badge this is just like coaxial

Because AE is more expensive than GPON

Lol

everyone gets a piece of wavelength to signal on

Yes....I know lol

Because DOCSIS also uses TDMA

yes, one user with a defective diode

or

I could also see MACs of other customers

the wrong configuration

jams other users

wat

really?

just their physical addresses?

im trying to get blob to sniff for broadcast

hehe, could you snoop on their L2 traffic?

or arp attack

lol

if you can see conversations

then you can do MitM

I wanna see if that ETH2 is enabled @waxen scroll

take over session

who thinks about security in this

its just a tube

you should test to see if both go full speed at the same time

Adtran also makes a 10Gig ONT lol

yeah

Problem

I don't have a laptop that can do gigabit or has an Ethernet port natively on it lol

and I cba to get power for my USB C dock with Ethernet out there or run a long Ethernet cable for this lol

@waxen scroll I'd laugh if they're doing rate limiting per IP

OOOh

https://www.corning.com/optical-cables-by-corning/worldwide/en/products/usb-optical-cables.html

blob gonna find out hes getting all customers broadcasts and it counts as part of his data plan

oops.

You guys seen what Corning is doing?

They are developing cables for various interconnects, but based on fiber optics

@waxen scroll There's no datacaps

Lol

you can literally

put your crypto keys on a thumbdrive, then cement it

put it deep underground

and plug the fiber into your server

root certificates, done properly.

@waxen scroll I wonder what Cisco device they're using for the gateway 🤔

https://blob.rocks/C2wCozKeRT.png https://blob.rocks/WoZuErCqHK.png

both have the same MAC 🤔

if you can see the mac, maybe you can sniff CDP?

🤔

Most likely a pass though cisco device like a cisco cata router that does end to end

or lldp

https://blob.rocks/bpm2DXIkqA.png

which one 🤔

passive

you dont want any unwanted attention

https://blob.rocks/e7zdDKEort.png

Cdp is not gonna work if they have disabled cdp call back

👌

-------------------------------------------------------------------------------
LLDP neighbors:
-------------------------------------------------------------------------------
Interface:    sfxge1, via: LLDP, RID: 1, Time: 0 day, 00:00:13
  Chassis:     
    ChassisID:    mac 74:83:c2:7c:e0:58
    SysName:      DownstairsCoreSwitch
    SysDescr:     US-48-G1, 5.35.0.12205, Linux 3.6.5
    Capability:   Bridge, on
  Port:        
    PortID:       local Port 46
    PortDescr:    ONT_OUT
    TTL:          120
-------------------------------------------------------------------------------
``` well it found my ubiquiti switch

lol

@rocky badge if you now spoof your origin

you can respond

lets disable lldp

Lol

Shouldnt lldp be disbale by default?

Lets pipe tcpdump to wireshark

Disabled*

idrm

only MAC address of neighbors I can see, are the ones on my /22

other customers of my ISP

@rocky badge Is that LLDP of your WAN?

yeah the switch my WAN interface is plugged into lol

@waxen scroll lol https://blob.rocks/GRt6IOojkt.png

Are they seriously using Unifi for their customers?

no....

that's mine

https://blob.rocks/lWafO45QHj.png

Oh thats your LLDP config

https://blob.rocks/yKIPiHGXqa.png

whats the STP priority? thats another potental thing you can mess with

DTP is discos VLAN trunking protocol

https://blob.rocks/idTDCGTCeb.png

LOL its default?

set yours to 0

@tame carbon Wireshark shows CDP/VTP/DTP all as DTP

😂

ah

$5 when BPDU guard knocks out your connection

not just his, prob all of them

🤣

spoof your mac xD

Calix/Adtran will have BDPU guard at the port edge. If left alone it should just drop Blobs interwebs

Wait

So I'm using my re0 aka WAN_2, right?

oh wait nvm that's within the router

I once tried and succeeded to sql inject uni project of another group (4 groups of 5)

but then IIS had enough of it

and blocked me from all, including my own test server

had to go to sysadmin and explain myself xD

lol

what sane person runs php on windows with IIS

I have an internet plan that is supposed to give me gigabyte internet, my laptop shows that the ethernet cable runs at around 800 mbps but my desktop only runs at 150ish when i change the ethernet cable to the desktop. Can anyone help me figure out why this happens because I am trying to get at least 300 mbps because it is a requirement for my work.
https://www.speedtest.net/my-result/d/d029bbe1-b31a-4573-8072-6b2c5f2049db
My router and modem support gigabyte speed internet as I rent them from my internet company, my ethernet cables are cat5e, and my motherboard is https://pcpartpicker.com/product/jQqbt6/asus-motherboard-z170med3
I am also attaching my computer specifications in the stats.pdf

moar packets @clear igloo https://blob.rocks/VZG1aDFIEy.png

lmao its already at 310k

😄

oof http

lol its all google gen 204 https://blob.rocks/VESuykDROw.png

@untold fern are you sure the cable can handle gigabit?

you have a laptop?

or a cable tester?

yeah the cat5e cable says is supports the speeds

more like cable certifier

it ran 800 on my laptop and a technician also said it ran around 800

yeah, cat5e is on the edge of gigabit, you need to make sure you run it well

not next to powerlines

but they arent allowed to touch my computer or change settings

so you have a laptop?

We'll run an iperf test on the cable

Just set the ip's of the computers manually ( within the same subnet)

and then download and run iperf to the other computer

what site do i get iperf from?

that's what I did as I didn't have an expensive cable certifier and wanted to check if an existing cat5e cable could handle speeds between my upstairs and edgerouter

https://iperf.fr/

You know how to use cli?

I have no clue how to use cli );

I assume you are windows?

yes windows 10

so just SHIFT rightclick on the folder containing the iperf binary and click open in powershell

@untold fern have you got machine plugged directly into the router?

oh

nvm

I was scrolled up

a mile

have you established he's using TBase1G?

its either all 1G

or 100M

and then run .\iperf3.exe or whatever the name of the binary is, that should open up the help menu

true

there's no "halfway"

yeah

the 800

sounds about right

from what you expect

1G

speedtest is garbage

my box can do 10gbit/s only gets 2-3gbit/s on speedtest

Sounds like a speedtest server you're connecting to issue

what type of speedtest?

I've hit 10Gbps on Speedtest.net before

Speedtest by default uses mulistream now. So its not just a single server test

^

https://blob.rocks/vrerEeqAB7.png

oh

need to update script then

https://www.speedtest.net/apps/cli

I have that yes

but its not installed through package manager

so I have to remove that first

and...

Im fresh out of effort right now

@peak cloak gigabit lan should test with iperf, at around 972-990~

Ronin, on your desktop, can you see what the link speed is currently?

how do i do that

open control panel

the old one

windows key + r

oh there's shortcut for network & sharing center?

ncpa.cpl

yeah ^ that

put that in the run menu

double click that ethernet interface

https://i.imgur.com/7BoMwiQ.png

gigabit

works

yeah but speedtest says i only get 150, im trying to figure out how to download iperf to see if the result is different

Yeah, so try the iperf test on the cable

https://www.microsoft.com/library/errorpages/smarterror.aspx?correlationId=1l72kP4lKESPUQgZ.0.0.0

Could be interfere, idk

does windows 10 work with iperf?

Yeah

https://iperf.fr/iperf-download.php

get iperf3

It's cli, so double clicking on it won't do anything

CLI is the only way to go. If you want GUI you need Jperf

Oh that's a thing

Yep now open the iperf-3.1.3..... folder in powershell by going back one directory and shift right-click on the folder - open with powershell

odd

I can't connect to HE's iperf3 server

it doesnt give me an option to open with powershell

E:\Downloads>iperf3 -c iperf.he.net -p 5201
iperf3: error - unable to connect to server: Connection timed out

@untold fern SHIFT right-click

Ronin, hold shift, and right click the directory you are in, not the file

@peak cloak if you have teamviewer, I can just give you a code so you can control my screen

Looks like this: https://i.imgur.com/jHS0DcJ.png

oh hello watermark

i used open powershell window here

yeah

now type

iperf3 -c iperf.he.net -c 5201

that uses Hurricane Electric's testserver

wat

type

cmd

then try again

.\iperf3.exe ....

garbage powershell

You have to put .\ before the executable

so many hoops

yeah..

or that

even CLI is painful on windows :(

@untold fern do powershell like before

Just put .\ before

If you start typing and then tab, it'll auto fill in stuff lol so you don't make silly mistakes like that

Like this .\iperf3.exe

yeah

Yep

full line is

.\iperf3 -c iperf.he.net -p 5201

I edited it

sorry,

xD

i changed it to p and its not loading

is HE's server down?

wat

@tame carbon my original idea was to do an iperf3 test between LAN. So on each side of the cable instead of to wan since he said it worked at the modem

well, might as well use public one

I found one thats alive

but does only 100M -.-

E:\Downloads>iperf3 -c ping.online.net -p 5207
Connecting to host ping.online.net, port 5207
[  4] local 192.168.88.91 port 52119 connected to 62.210.18.40 port 5207
[ ID] Interval           Transfer     Bandwidth
[  4]   0.00-1.00   sec  11.1 MBytes  93.2 Mbits/sec
[  4]   1.00-2.00   sec  12.0 MBytes   101 Mbits/sec
[  4]   2.00-3.00   sec  11.9 MBytes  99.6 Mbits/sec
[  4]   3.00-4.00   sec  11.9 MBytes  99.6 Mbits/sec
[  4]   4.00-5.00   sec  12.0 MBytes   101 Mbits/sec
[  4]   5.00-6.00   sec  11.8 MBytes  98.7 Mbits/sec
[  4]   6.00-7.00   sec  12.0 MBytes   101 Mbits/sec
[  4]   7.00-8.00   sec  12.0 MBytes   101 Mbits/sec
[  4]   8.00-9.00   sec  11.8 MBytes  98.6 Mbits/sec
[  4]   9.00-10.00  sec  12.0 MBytes   101 Mbits/sec
- - - - - - - - - - - - - - - - - - - - - - - - -
[ ID] Interval           Transfer     Bandwidth
[  4]   0.00-10.00  sec   118 MBytes  99.3 Mbits/sec                  sender
[  4]   0.00-10.00  sec   118 MBytes  99.3 Mbits/sec                  receiver

iperf Done.

I have 250M line

@tame carbon nah since itll give you max speed on the cable / nic. Public servers are limited by WAN

that doesnt make sense

server here is advertised with 10G

Ik but you are limited by your own wan speed

I wanted to test the cable specifically

?

https://i.imgur.com/QNchFUu.png

To see if that was the problem

these iperf servers are crap

I am just starting to realize

half of this list, doesn't work

Public iperf servers are worse than speedtest

Lol

I wanted to see if his cable was the problem

Which is why barely anyone uses them

Yeah I only use iperf3 for LAN speedtests

I use it to verify cable runs lol

I dont have a fancy cable tester

but usually

you can just do some traffic on the line

and see if has any errors

I have a cable tester, those are cheap

Cable verifiers on the other hand are like 200 bucks

Those actually test for speed

So I just use iperf for that

I've gotten gigabit by reusing old phone wires in a house

And that's what I wanted @untold fern to try

you need two lines

xD

I don't even have phone lines

Just coax in the house

ew

And 3 cat5e lines

Well now there's more

@peak cloak on my old address, I had the worst ADSL line ever

4km copper

and 3.5mbit/s

they had to fix so many problems

like a loop under the driveway, with a powerline right underneath

causing issues, because our neighbor had an old faulty nas, with the power brick still plugged in

the tech guy who came to fix it, was like the 7th to try

he came in with a DIY FM radio receiver

walked around the house

rang the neighbor (was business office) asked if he coudl come in

walked straight to the back, unplugged the power brick

8mbit/s

@rocky badge sniffy sniff sniff

I don't have any screenshots from the modem

Wow

Coaxial is much worse in that regard

one faulty device

can jam the entire cable

https://youtu.be/9PfQcXc9E9k?t=254

This drop so sick

oh look https://store.ui.com/collections/unifi-protect-nvr/products/unifi-protect-network-video-recorder-pro-beta

another shit NVR

in their shit Protect lineup

that runs shit RAID 5

what

for video?

are they insane?

what do you need parity for lmao

its video

....

you probably want fault tolerance from a failed disk

especially if it's your nvr

^

but THAT NVR?

or ANY UniFi NVR?

they're all shit

just put that on a vm in your closet

small setups dont require that much cpu

Some people prefer/require dedicated hardware

old school

surveilance server

And if its something critical like a NVR

I mean if you have a lot of cameras then a dedicated nvr is a must

^

We have 40Gbps to our NVRs

do you host reality tv?

nope

They're just R730xds lol

one camera for every toilet stall

how much is that per stream?

Each NVR handles around 1000 cameras

There's 3 of them

thats a lot of bathrooms

Because its at max ~30-40 per camera

https://www.youtube.com/watch?v=sGjDLyOmZME

Nice

Yeah, cams I have here do only 8mbit/s

mostly because I underestimated the requirements

I run 4 cameras here

1444p

I forget what codec

but the one that you can just passthrough to disk with no processing

Well we also have to handle streaming to the AI appliance

yeah if I open that

server load doubles lol

So 40Gbps for incoming streams

but luckily we only have one machine that does that

10Gbps for compressed/selective AI appliance

what do you use for processing?

https://www.avigilon.com/products/video-infrastructure/ai-appliance

propietary OS?

or built ontop of linux?

Yes

or both

xD

Well, it's on top of Linux but it's proprietary

https://www.avigilon.com/products/cameras-sensors/h4-fisheye

a shit ton of these

damn, 2012, when IoT was in its babysteps

https://www.youtube.com/watch?v=E4hjx3_A-cw

sorry, offtopic but I just saw this xD

I've seen the videoclip of that song, just never the actual device that was used to render on

See More in the Dark

ok

u go first

@rocky badge I didnt even know there's a Vandalism rating

Vandal resistant with IK10 impact rating

IK10?

20 joules resistance

oh

xD

ok

I thought it would be classed

like with IP

what is a "Spring hammer"

jackhammer?

@rocky badge this thing can speak to the whole world and then some: https://i.imgur.com/NMyZHDd.png

lol

SOAP?

isnt that just

HTTP

it relies on http

its a messaging protocol

which is also listed

but it relies on an application layer protocol

hmm

k technically you're right

but doesnt mean soap gets to deserve the honor of being one

you have no idea how many braincells I've lost

over implementing clients for government APIs

documentation out of date

@rocky badge onenote or wiki for lab documentation?

@little schooner I'd do wiki personally

@rocky badge Is there one you recommend personally? or I should just go looking

The prof isn't reading my onenote docs and I think he'd rather use a website to read docs

https://wiki.js.org/

ohh neat

awesome

Ye i like it

Oh, I need to get wiki up, that one seems nice

Yeah

@little schooner sharepoint

@waxen scroll not free though

That's fine. It's a company lab anyway

He doesn't like spending money

@waxen scroll But I like it though

Your school should already have one

MS for school is practically free

@waxen scroll hmm. I'd have to check with him. Last time he told me the school stopped paying for his department to have access to that stuff

Unless he was referring to Microsoft imagine. I'm not too sure

He's fighting the supervisor for licensing

🤢

sorry blobby

its what 90% of companies use for documentation. he should learn it

nobody has time to learn how to manage a wiki

easier to let systems team admin it and you just provide content

wait is this at a school

@little schooner all of your documentation should be versioned, approved, and audited as well.

sharepoint is free for schools at the most basic plan im pretty sure

with onedrive and office apps

sharepoint is also free if your companies finance people have a backbone. like if you have an azure agreement usually you can bully MS into free O365 if you're a larger customer

i love sharepoint

lmg uses teams so they might use sharepoint 😳

but i think they mostly stick to their local network servers

teams grew on me. freaking hated it at first

still dont fully like it, but its doing the job

i prefer it to the other options ngl

its more convenient than webex

yeah

the sharepoint integration is literally god tier

i love sharepoint

i laughed cause webex was having disconnect issues for like 2 days and most of us just switched to teams perm

so i wonder how long until the company kills it

my college still uses webex

@waxen scroll good things to know. Thanks

Yeah webex was very unreliable for our university

They moved to blackboard collab

i just looked at wiki.js and it looks so cool

@vale reef at this point in my career i dont want to manage it and I want it to just work

let the sys admin do it

thats the advantage to sharepoint lol

😄

@rocky badge your #1 question you need to ask daily when in IT

what do I have to do in order to not support anything anymore?

your goal is to get max pay while doing as little support as possible

Supporting all kinds of things was cool at first until you have real stuff to do. Is it networking? No, open a ticket with IT

yep

and its possible to still be technical and do no support

i dont consider tier 3+ escalation support

as long as its not every week

@hollow marlin im completely unimpressed by equipment and datacenters at this point

give me the CLI/GUI whatever and we're done

someone else can rack it

cables? whats that.

give me the CLI~~/GUI~~ whatever and we're done

;p

@hollow marlin i dont even want to config the damn thing TBH

i give my config scripts to anyone i can

i leave work at 4pm... someone else worries about the maint window at 10pm+

i know blob thinkin im crazy but thats when you make 6 figures

@rocky badge its called taking the hammer and knowing exactly where to hit

my first raidz1

should've gone z2

I only have access to raid 0

Need to get myself a NAS setup for local backups and logs

You know what's better than a nas? Local storage on your main computer shared to others as needed

@waxen scroll that's what I got at home. But it isn't rack mountable and it's a tower. I really should replace it

Why would you nuke your file performance with a nas

Local storage is king

Let your crappy devices take the hit, not your main pc

@little schooner plus you save power bills depending on the situation

@waxen scroll I was thinking at least an 8 core amd mini pc with 10g port and running on power saver mode

I can manage to pull 10gbps over it still. That's the ideal scenario

Thing is that companies love charging a lot more for sff and even then they use terrible cpus in them

The logic is baffling but from business perspective it makes sense.... For them only

How can I check how strong my 4G lte connection is

https://www.tp-link.com/in/home-networking/wifi-router/archer-c80/ is this a good router

usage is multiple devices and coverage of 1500 sq ft

not really familiar with all-in-one home routers

TeePee

@peak cloak they all suck

with ddwrt slightly less sucky

Hello, so i presume that server stuff go under this category right?

depends who you ask

When i request headers from my github page, it gives me 'null=[HTTP/1.1 200 OK]' And alot of other headers ofcourse. Why is it named null? Is there a name for this header?

TL;DR Whats that headers name?

wat

headers

using what

Need a bit more context

i request headers from my github pages site via java's httpurlconnection, and i wonder what this header is called: 'null=[HTTP/1.1 200 OK]'

HTTP Headers

RIght, so you're doing an HTTP request in java

come to #development

@tame carbon knows me too well

@waxen scroll where do software problems end? And where do network issues start?

Layer 7 is very convoluted sometimes

But it was a layer 8 issue this time

the room is for network equipment discussion only, per the subject, so if you start talking layer 7 it better be because you have an issue with a riverbed wan accelerator and not your PHP script for TikTok2

😇

technically, its the other way around

both are software problems

just one, can be outsourced to network magicians

but your tiktok example suffices

xD

surprised nobodys been in here with an F5 problem

I just got a juniper EX2200 PoE switch. I'm trying to connect to the serial console. I have a USB to RS232 DB9 serial adapter. The switch has an RJ45 jack for serial, is there a specific apadapter I need? Or would the startech one where you set the pinout yourself be best?

I bought a generic 'cisco compatible' USB to RJ45 (UART) cable

but the pinout is standard

if you have db9 to rj45, just try it out

worst case, you get some garbled symbols

but the pinout is standard
@tame carbon Amazon definetly sells non standard pinouts.
worst case, you get some garbled symbols
That's what I got with the one I'm returning.

have you double checked parity settings and data rates?

databits, stopbits etc

I checked the pinout against what Juniper specifies.

Yeah, but its still serial

you have to make sure you have the right settings dialed in

Snippet from Juniper's documentation: https://i.imgur.com/cRNhVVu.png

The pinout was completly different. Checked with a multimeter

well damn

Got soldering iron around? xD

And I set those settings

I might just get one of these:
https://www.amazon.ca/Startech-Com-GC98FF-Rj45-Modular-Adapter-F/dp/B00006IRQA/ref=sr_1_9?crid=25K5NCL3N4FDZ&dchild=1&keywords=rj45+to+db9&qid=1600187354&sprefix=rj45+to+db%2Caps%2C165&sr=8-9

I got a generic one like this: https://images-na.ssl-images-amazon.com/images/I/51oFSg-YkoL._AC_SL1000_.jpg

mine looks identical, minus the brand on the cable

https://www.amazon.com/Console-Essential-Accesory-Ubiquity-Switches/dp/B01AFNBC3K

They claim