#networking

a L2 switch uses the CAM table to forward frames within the same broadcast domain, typically from an host to its default gateway of between two hosts in the same subnet.

CAM table only records MAC -> Port & VLAN

if you receive a packet with destination X, from source MAC Y

destination isn't a MAC, but an IP.

why do no cheaper switches support ipv6

why

It'll be cheaper running additional ethernet upstairs

That's what I think I'll do

Yes Layer 2 switches forms cam table Actually a switch is a multi port bridge, it takes an incoming packet, and looks at the destination MAC address It decides what port to send the traffic to by looking at its CAM table (MAC to port # mapping) A switch does NOT do ARP to route ethernet frames A layer 2 switch does not even know what TCP/IP or ARP are. If it did, how would it route non IP traffic? Ethernet and TCP/IP were not designed with switches in mind, switches are supposed to be transparent. This means they do switching with no protocol support.

@clear igloo so what you are saying, if you want to support dualstack, you need an L3 switch?

Because this doesn't explain the behavior that @peak cloak is experiencing

In the L2 context, the sender has to know the MAC of the destination port. which it could get through ARP.

If you want to route L3 traffic you need an L3 capable switch or a router, if you're going on the local subnet ONLY then an L2 switch won't stop anything since it doesn't know or care about L3 addressing, the PC will send a broadcast frame to learn the MAC of the other device and keep a local ARP table. There are however "smart" L2 switches which I've seen cause issues for some stupid reason at L3 which is probably this case, I suspect they have limited L3 capabilities that aren't advertised

The core switch I have doesn't advertise ipv6, so maybe it's just a dumb netgear thing

It's the DGS-1210-10P if anyone is wondering and the netgear one is GS308E

@clear igloo that clarifies my confusion. Seems, what I've been understanding as L2 was actually just L3

all the gear i use has L3 switching

Yah, ARP can ride that funny layer between L2 and L3 and you can have an ARP table on an L2 switch for management stuff

Question do you think the HP G8 will be good for a file server?

@tame carbon I did need to brush up on some stuff that I've glossed over lately. Brush off some cobwebs 😄

Depends, how much do you like noise @thick minnow

or where will it live I guess is the better question, if you put it in a basement and nobody is nearby then you'll be fine

But putting it next to your bed or something is not going to be fine

Yeah, i have a room in my basement for it

Then you should be fine, you're talking about like a ProLiant server right?

Yes

Not a blade or anything, then it should do well

Ok thanks

It won't be the most power efficient thing compared to a low power QNAP using an ARM processor but it will give you room for VMs and whatnot later or beefy plex server if you want (CPU dependant of course)

depends on which model though, the smaller LFF models can only hold 4 3.5" drives

Well i am already using Windows Server 2012 R2 on VirtualBox and i hate it. Its just too slow and hard to manage. I would rather have it hardware not remote

@peak cloak @tame carbon The GS308E seems to have a "block unknown multicast" setting which can mess up IPv6

hmm, I'll check that off

Yah, see if that's enabled and try with it off, I'm curious now 😄

now if I can only get to the admin page

I'll have to do it later, right now I have school. I'll have to disconnect the switch and connect to it via the default ip

Sounds good, let me know later

@clear igloo meow so mad

mhh

coffee.

@peak cloak no console port? or L2 management?

no

rip

this was my first switch, I got what I thought was best

I've jerry rigged an arduino to simulate console cable before :)

The D-Link switch I got for free

Hey, I'm wondering what's the best network through mains plug I should get for a house that barely gets WiFi upstairs.

is running ethernet an option? That's always the best thing

Too expensive for us atm.

ethernet cable is cheaper than powerline?

You mean run ethernet cable all throughout house?

no, you can just run an ethernet cable to the area where you have bad wifi and put an access point there

idk much about powerline, can't recommend anything specific

Ahh, oh well, thought about cabling the house but it's an old brick house that will be hell to do up. Thanks for answering anyway.

yeah, that would be a pain

if you have coax you can use moca

unless you're astoudingly lucky

powerline won't work

especially in a two story house

for powerline, does it need to be on the same circuit?

OK, sanity check time. I'm trying to set up my Google Domains records so that *.ddns.mydomain is privately resolvable inside my network and publicly to the A record associated with the bare ddns.mydomain FQDN set up with Google Domain's DDNS synthetic records. In theory, all I should need to do is create an appropriately formated CNAME record for the * subdomain right? 'cause I've done that and I can't get it to resolve from querying the ns-cloud-c[1-4].googledomains.com nameservers. (also posted on LMG networking subforum: ) The CNAME needed to be for *.ddns to ddns.mydomain

A records point

CNAME points to A record

finally got web access to the switch, it's such a pain

@clear igloo that setting is disabled, still no success

Like you said, theoretically it should work, idk what I'm doing wrong though

maybe it's something with router-advert

but my laptop got an ip

ok even with my desktop over wifi it's not getting an ipv6 ip

hmm, it was able to receive the advertised ipv6 dns server

maybe a restart will help

@clear igloo would IGMP Snooping affect it?

I think it's a lost cause to get it to support ipv6, some reviews say it completely block ipv6

didnt read the whole story but it feels like your issue might be MTU size ?

@neon escarp basically one problem is that my upstairs distribution switch doesn't have ipv6 support, even though theatrically it should still work, but it doesn't

it should work but as i said ipv6 can have slightly increased frame sizes which could be dropped by your switch. IF your switches are configurable you could try to increase mtu size to something like 2000 and see if that works.

Can't change MTU on any of the switches

Don't think that's the issue

IGMP is for Multicast

yeah ik, I was changing stuff since I thought ipv6 uses multicast right?

inter group messaging protocol

@peak cloak can't you go to port configuration?

MTU should be a configurable option

not seen a network device that doesnt have support for that

regular frames are 1500

the GS308E is very limited for a "smart" switch

I see MTU, but it doesn't seem to be able to be changed

https://i.imgur.com/PmfL3Kk.png

https://www.netgear.com/about/press-releases/2019/gigabit-ethernet-switches.aspx

The 308 is listed too

but nothing about supporting v6

I think this is a scam

that's smart managed pro

I have a smart managed plus

it's so stupid

yeah but as @clear igloo said, it shouldnt matter

I have a feeling they blocked it on purpose

yes

call netgear support

not gonna waste my time with that lol

ask them, how it is, that a switch that operates on layer 2, doesnt work with v6

how much did you pay for that netgear?

40 bucks

mh

that, the ER-X, and the EAP225 were my first real networking purchases

no regrets with the EAP

ER-X does what I need it to, it's fine

this switch tho is a pain

@peak cloak Their website says though, L3 routing and ipv6 is only on select models

but you just need a switch

which is L2

idk if you have any sort of other configuration runing on that switch, that might have it run on L3 instead

Because an unmanaged switch can do v6.

it's all factory settings except that IGMP Snooping is disabled

not much to configure

have you ran wireshark on it yet?

does it even switch any v6 traffic at all?

no, how do I check

Are you able to get a v6 directly connected to your router? Check the simple things first

yeah, I'm able to ping v6 google on the router

From your router or PC?

if you set a static v6 on your local machine, can you ping from there?

using your prefix

router

thats good

Connect your PC to your router and test to see if you get a v6 SLAAC address, bypass the switch

Stateless address auto configuration

just to clarify :)

I'll mess with it later, I made the mistake of changing a setting right now the router is doing some weird stuff

https://xkcd.com/2259/

perfectly legit

Ok

@tame carbon what's your hardest network problem

@hollow marlin this is amateur hour

you cant just post a meme about how hard network issues are and not have a good story

if i were to get a router which the source is WAN, would the router its getting WAN from reduce ping from the WAN routers LAN ports

The more devices in between you and the internet the higher the ping

Unless you're a corporation and have $10k acceleration devices

💩

are there a way to make my public ip static?

Ask the isp

https://static.haydenjames.io/wp-content/uploads/2020/03/home-lab.jpg

you cant just post a meme about how hard network issues are and not have a good story
@waxen scroll
When I would stay at my grandmothers, I'd use an old router as an AP to boost the signal in the guest room. Used a 8 character password because she had like 4 others with wifi in the area too, and didnt want anyone getting in. Still simple enough to type out since it was a phrase with an underscore followed by digits. Figured it was simple enough for others to get. even wrote the config under the router for anyone to find.
Aunt came over, wanted to use her iPhone in the guest room.Also noticed the bad signal in the guest room. I told her about the AP and the password on the sheet under it. Told me its stupid and doesnt work.
turns out when I set it up on the iPad, - and _ are visible as characters on my device, but dash and underscore were not default visisble on her iphone at the time, and instead of switch keyboards/symbols, she blamed me for setting it up wrong
does that count?

@waxen scroll figuring out how to set up multicast on my network

that cost me 2 days of my weekend

@tame carbon I had some netgear Router I bought from Costco a while back. somehow evded up with 3 of them so I set one as an AP. As I normally dont really review my network config every night, it wasnt till after a power outage that I found out that the one I set as an AP defaulted to an open network.

Me one night: Heh, look at the idiot with the open network. Netgear-170

Wait a minute, 4 bars.
-Walks to room. Oh shit.
-Connects to AP.
-Puts in local address to NAS
-NAS logon page appears
(oh shit)

I see you gave free wifi

A charitable gentlemen

Free printouts too

Just going to charge you to pick them up

@tame carbon Now time to setup NG-MVPN

Idea: Set up a SSID with a weak password.

Then point everything inside of it at a captive portal.

captive portal with paypal payment

buttcoin only

butt-connect

That's like being an ass

What is the min speed for playing games

Speed of internet

I have a connection of 50mbps but I have packet loss

How to fix it

In game stats

20-60

Yes

Nope

I had this issue in csgo and valorant

I will just change my isp

Hope it works

@proud jolt

https://sourceforge.net/projects/winmtr/

Run this. target IP: 1.1.1.1

have it run for about ~100 packets

then send a screenshot

This should help narrow down where your network latency and loss is coming from

@elfin socket @tame carbon 🍿 Here's some of mine:

1. Massive fire alarm system for a campus. Each sub-alarm panel uses serial to communicate to the master alarm. Because it was a massive campus, you cant just run serial to multiple buildings miles away, so serial to ethernet converters (10mbit auto neg). I was called into a 911 center (but for the company only) and arrived to alarm beeping going off like crazy (its fire alarm fault indicator). They would clear it but then 10 seconds or so later it came back and started beeping again. Go through OSI model Layer 1 > 3. OK links are error-free and not flapping. Hmm looks like tons of ports on this switch are dropping frames. I configured a port on the switch in the same vlan and attached my laptop and ran wireshark. My laptop just sitting there listening was receiving close to 1Gbit/s traffic. The poor 10mbit alarm ports couldn't take all that traffic. The cause? Bug in switch code was broadcasting a servers unicast traffic.

2. Company's servers all randomly disconnected between zero and four times per day at the same time. OSI model all good. No floods seen in netflow. This company splits their datacenter up into zones. To escape the zone you need to go through a firewall. We had no ability to high speed packet capture without lots of loss, as the company had 0 budget for taps and things like that. Weeks later.... it was discovered that the ASA was running an IPS with all features enabled. What happens is the ASA has hardware ethernet paths inside it (same as outside but inside there's no cable). These inside ports were slammed because all features were on. It would disconnect the datacenter when it overflowed. The idiot who configured this quit the company before the issues started happening.

3. Client complains they cant reach their server. They cant ping it. They are on the same network / vlan as me. I can ping it and reach it. Turns out the server switch ASIC was flagging that source/destination pair as bad and dropping the traffic. We couldn't figure it out without support going into debug mode on the ASIC which outputs tons of jibberish if you dont know how to read it. Code bug.

Was looking up people's experiences with gigabit from a company i might go with. Some guy raging at the fact that his speeds drop to 100mbps sometimes... Anyone else experience this with their ISPs?

Also, there are very few posts with actual proof with this company so it's hard to verify if this is common with them, or maybe this is just common with any isp.
Also this is from 3 years ago and it's FTTH not FTTC

Can someone recommend a server for AD DS around $100-300? I have been looking at a Dell Poweredge R610 but that´s not going to work because the last os it supports is WS 2012 R2. Thanks

@toxic citrus the ISP cant control the speeds from speed test servers. When they say 1Gb they mean between your house and their facility. It's possible that persons ISP doesnt have good paths to those test servers

Usually ISP's will host speedtest server's on their network in order to make it seem faster, but their peering may suck.

Ah yes peering! That's the keyword I've been missing for months

The sales rep was saying "it's always 1gbps" and i couldn't think of that word

@hollow marlin in like 2010 i had a 1gb port in a colo with a good provider... I couldnt get the full gig from most sites. It had to be usenet downloads or something like steam

i imagine its still a problem

Snazzy Labs made a good video about how even with a 10gig connections, most servers don't do 10 gig and how it's usually overkill

But how about multiple users? Let's say 2 steam games downloading full speed each and then a 4k Netflix stream or 2 (a plausible situation in my house, should we buy giga) would there be some ping issues due to bad peering?

yeah, he described it more of a hose, so with more user it becomes more "worth-it"

One thing's for sure; anything is better than 2mbps and 600 ping like i have for the past few weeks

that's worse then standard satellite internet

It's 4g

I mean
"4g"

My ISP is completely screwed the past few weeks

No idea why

Can't fet through to support

DSL? Cable?

ComReg (ISP enforcement) hasn't done anything

4g

oh

I thought that was just a temp backup

No, my house is 4g and my phone is 4g

Phone was always bad for dropping connection every few mins

So I can't do anything on it

Dunno what to do with it haha

surely peering can't be the cause of such low speeds right?

do a traceroute

see where you have the most ping

actually mtr would be better

https://sourceforge.net/projects/winmtr/

it's both ping and traceroute in one

if you have linux it's already built-in

hmm, I'm getting lost packets myself to nyiix.as13335.net

but that's after like 10 cycles

so maybe an anti-ddos thing on their end

Using ping for packet loss is not a reliable method when you are hitting the hops. Control plane policing is default in Juniper (which has become the majority for SP) and typically configured in Cisco as a standard. The defaults are very low, ~100pps, and with many services randomly pinging hops its not uncommon to trigger the policing. Ex. here is one of our hops with the number of dropped/policer pings due to thresholds

@hollow marlin imagine the lols if more people started dropping ping.... like 1.1.1.1

i worked at a company that would trigger internet failover if CNN, NBC, etc were unreachable as well

i use DNS checks in my internet IPSLA instead... i set it to a root server and check the root servers DNS against itself

People already complain when 8.8.8.8 drops. Its the best when I get escalated from a customer running Cisco ping 8.8.8.8 repeat 10000 and are freaking the hell out when they see 3 !s.

I then explain that is not a valid way to test loss and then let them rant for a few mins how 0.0003% loss is unacceptable

i know if i worked at google thats gonna happen in my first few months of working there

gonna lol when the world burns

no reason for 1000 people to be constantly pinging me

i wonder if 1.1.1.1 was on purpose just to get traffic floods

make their peering agreement in their favor

"you keep sending me shitloads of spam so i can send you more traffic than i normally would for free"

@peak cloak sorry for not responding earlier

I saw your wall of text

but I was in middle of meeting

wait

argh

@waxen scroll

wrong person

derp

it was a high quality post too

I'm about to read

@waxen scroll what kind of jankware are they even using?

bugs in switching silicon sounds like jank

other than the job with the ASA, its extreme gear

eXtreme Gear

Emphasis on the X

this sums up my current isp

When people think if its not 5 9s then is basically never working

This is pretty nuts for the cheapest plan here

Yeah

うん、こんばんは

Why tho

420

No

I'm just saying

https://i.imgur.com/r26yhhe.png

fwouhhr tweeeenty

This is pretty nuts for the cheapest plan here
@knotty thistle put a decimal there and that's my speed

250/250 here

Also, this rule, in the top

is so stupid

in regular chat, all these gamers constantly show off their RGB

I mean it's to stop just constant spam speedtest. Some speed test posts are fine

Search in:networking oldest

it's just speedtests basically

yeah well

thats how we introdroduce ourself

immediately establish peck order

https://i.imgur.com/5aGEh8A.png

had a reboot recently

counters reset

except webserver lol

https://i.imgur.com/npZM01X.png

When is rtx bytes coming? Finna get me some raytraced packets ☺️☺️☺️

Raytraced packets are probably faster than my 6 megabits per second downloads and 0.96 megabit uploads.

Jumbo packets exists

I know its just a joke.

yeah ik

Path traced packets obviously trace the fastest path for other packets

@strange path that line is faulty

what?

you have bunch of CRC errors

that shouldnt ever happen on a dsl line

yes I get them when it rains

does your ping spike to 800ms ?

because I had that for many years

surprisingly the speed does not drop when it rains.

yeah its just ATM retransmits

causes high latency/jitter

and packet loss

my ping is ussually around 30 to 40 when nothing is using it

yeah but it will spike up and down when there's linefaults

shitty ISPs not maintaining their cables is what that is

also whenever the electric jitters the crc goes up.

that should also not happen

because the cable should be shielded

You can thank the old Bluebell lines that are realabled as ATT.

I know that my side of the demarc is done nicely.

because there is a cat5e cable running from the box to my dsl modem and the phone wires come out of the modem so the modem acts as a filter so I should not be getting any interferance from the phone wires that are spread out like an octopus around my house.

my home network ^

my bad, Michigan bell then ATT took over

tiny patch cabinet in the attic

that server is a Ryzen 2600

my home network consists of a crappy motorola dsl modem and then a 1 gigabit switch because the modem only has an integrated 100 megabit switch for ethernet.

That spool of fiber goes to a switch elsewhere in the building

from there, there's 2nd fiber , going to the server

core router, switch and server are on 10G

https://mikrotik.com/product/rb4011igs_rm

If you ever need proper gear for routing

mikrotik is it

great, I only use 1 gigabit because my old hard drives will never achive over 100 megabytes in speeds.

mh

I have a raid 1 config

drives do about 250MB/s read

but can serve multiple clients and run virtual machines on that

well modern drives can go faster than stuff from 2008

btrfs reads are quite fast

raid1 it can paralellize reading

Ok, I have a question about something on my home network that I'm quite puzzled about. I never configured anything on the 192.168.100.x subnet, however I can access the modem web status by going to 192.168.100.1. I want to change my home private range to 10.x.x.x eventually so I want to know how I would replicate this eventually.

modem & router combo? or separate @peak cloak

modem is seperate

Most modems use 192.168.100.1 as their management IP

Can't you just change the DHCP server settings on your router/modem?

And since your router is connected to them, they can show a web page on 192.168.100.1

but they are behind the router, wouldn't the router perform NAT? How does it know to not NAT the modem?

routing

I don't have my modem hooked up anymore, but it's routed through your default gateway then sent over your router's WAN interface

then the modem is doing some routing for 192.168.100.1

so I would just configure a static route for lets say 10.10.10.10 which would point to 192.168.100.1 ?

iirc modems are just a fancy bridge? Not entirely sure but they're just converting DOCSIS to Ethernet

Idk maybe

but you should be able to access the modem's web gui anyways

hmm, still confused

@rocky badge rouing?

You guys know Untangle? How's the WiFi situation on it vs PFSense, also not recommended? I keep having to restart my TP-Link Archer C7 v2 more and more often, thinking I should probably just replace it but wondering if I can just buy a WiFi card for my PFSense box or maybe try Untangle if it plays better with WiFi cards.

@peak cloak Yeah, tracerouting to 192.168.100.1 should go through your router and to the modem

the default route should be a WAN with that connected to it

So the traffic is going through the modem

yeah ik that, but how does the router know not to NAT it. Is there some sort of DHCP but for routes. Is that BGP?

it's not in the nat table

the router doesn't just nat every private ip range

https://blob.rocks/8zHLBnUnRP.png

pfSense is NATing those because they're configured for NAT

https://blob.rocks/VjA0E2I8d4.png

I could be wrong about any of this, idk, but this seems logical to me 😂

I only really use static routes for stuff behind another NAT

but I'm learning

yeah me too, still don't fully understand, but thanks for explaining

it does nat it

*slaps @rocky badge

Oops yeah it does NAT it

But it doesn't have a dedicated route for it

It falls under the default route iirc?

most devices are configured to nat once it tries to leave the wan interface

Yeah

dedicated route will nat too

Yeah

But it doesn't create one

It just uses the default route

right

I wasn't saying the route doesn't nat it

It just uses the default route

Wireguard is so fucking fast

Even on my phone it's so fast

I need to get wireguard set up

With 500Mbps up my vpn doesn't suck

that's faster than my internet speed

200/30

can someone help me find out why my router isn't letting me log in

I'm putting the right password in

its not saying wrong password its just saying access denied

i mean its my family router

lmao

im just trying to port forward fallout 76 so I can just play it

What's the make and model of router, and has the default admin password ever been changed before?

CGN3ACSMR

its provided by rogers

try the default password

oh thanks

it worked?

now the password as listed on the modem is incorrect

tf

Uhh, are you using the wif password to login to the router page

Hopefully not

no, the password on the back lol

bruh

the whole time

password was the password

umm, have you ever logged into the router?

xfinity's business routers are cusadmin/highspeed 😂 😂

if it's not highspeed then it's CantTouchThis on their routers 😂 lmao

(not your router, but xfinity's provided business one)

yes ive logged into the router before

so the password changed?

looks like someone factory reset it?

doesn't happen to me

time for you to sleep

Dutch Minister of Justice & Security has released a list of webhosters that don't fully cooperate with removing cp

that list, has only one hoster on it

NFOrce

europes largest bulletproof and bunkerbased hoster xD

"list"

NFOrce doesn't answer to anyone

they also helped keep TBP online during the interpol raids

I think I know where to host next

they also helped keep TBP online during the interpol raids
keep internet OPEN

@unborn sluice their solution:

which was proposed in the public parliament letter

Require ID verification.

Fighting the government with IDs

never saw it coming

@unborn sluice I don't get this whole crackdown though

All these physical servers are encrypted

and their network is tunnelled elsewhere

so even if you manage to get a warrant to get into the underground datacenter

you still end up empty handed

I think in the US the gov can request for the data

Yeah they can try, but they cannot comply

so it's better that the encryption keys are not within the data center

it should be in the customer

@unborn sluice I'm against CP

but this whole "Clean feed" and "Clean internet" they speak of

I want none of that.

because it sounds like censorship

as if it has to be my right to a "Clean internet"

Anything that is controlled can be censored

I don't go on shady sites, so why.

They use the word "protection" to censor

I don't want that

protect me from "myself" lol

but this whole "Clean feed" and "Clean internet" they speak of
clean is subjective

i just want internet without anyone controlling it

the sickkest part of this whole bs

is the fact that the government only interests itself in the distribution of illegal imagery and photography

instead of preventing this material from being made in the first place

this means, protecting immigrant children

because there's quite a handful that drop off the radar, and get abused. THIS is what needs to be prevented

this is just naming and shaming, what they are doing

call out two hosters, and expect them to solve it

but this weakness is nothing new, judiciary in the netherlands has been a shitshow for few years now

This is why it's hard to support some law enforcement

imho, they are kinda attack the wrong segment in these whole puzzle of crimes

"video games cause violence" except worse

videogames cause violence is just a bad meme

for a while it wasnt, and i wished this censorship idea would blow away too but no

I’d love to see the “video games cause violence” 80’s meme try to get pushed into the spotlight again, especially after Covid and the fact that basically the working population right now have grown up with video games as a legitimate hobby

They should really called it”home entertainment”

videogames cause violence is just a bad meme
they dont?

@unborn sluice https://youtu.be/dmEvPZUdAVI?t=25

Have you seen this before?

not yet

i'll check later

Its got that 90s VHS cheese xD

with crude greenscreen effects

I legit thought that was colonel sanders from kfc

Yikes, this video older than me

its so cringe lol

there are some awkward moments lol

definitely marketing was different back then

they still have these shenanigans

imagine using linux, and then seeing this

xD

back in 90s

sudo kill -p me

About the whole video games cause violence thing, they probably don't but they defiantly do cause some sort of behavioral change, whether it be temporary or long term

It's actually hard to put some merit

when they are aggressively saying videogames are to blame for the mass shooting

I ain't a parent yet, so my opinion isn't firsthand or very comprehensive

Anyone familiar with packet sniffing or Wireshark itself?

i wonder if anyone in networking is

I'll just shoot my question then, can firewall affect packet sniffing? I'm trying to do sniff RTP packets using Wireshark on a Cisco switch where my laptop is connected via a destination span port(mirrored port) but failing to do so. It works just fine when I'm on a home network tho.

Edit: Typo

If the firewall is the gateway it can possibly be dropping the packets, yes
But if you're doing local span then I don't see how a firewall would stop that though since the span session would be port x to port y and not use the firewall

If you were doing ERSPAN or something where it passed through the firewall, I could see that causing issues but if you're spanning locally on the switch the firewall should play no role in that

laptop is connected via a source span port(mirrored port)
@opal yew Are you connected to the source port or destination port?

Is it possible that the switch can restrict or allow like certain mac addresses to like get the traffic?

I'm connected to the destination port. Was on a typo there my bad.

I mean I am getting traffic but not the ones I am looking for. All I get is a bunch of ARP traffics, no TCP UDP or RTP.

But when I do tcpdump on the other device that is connected on the destination port, I can see the RTP.

You mind posting your config for the SPAN config and run show monitor session and the config for the interfaces. Also if you are trying to capture VLAN, which I assume be cause you are trying to capture RTP, make sure your NIC is in monitoring mode else some NICs will drop VLAN traffic. Some are odd like mine and when monitoring mode is not enable just strip the header but process the traffic anyway

mikrotik switches can run router software

so they can do anything you feel like putting up with

Is the RTP traffic sent over Multicast? I ran in to an issue where if Virtualbox was installed, multicast packets would not be received by the Windows host OS. Uninstalling Virtualbox or setting the Virtualbox adapter administrative distance to something like 8000 fixes the issue. Vbox developers have no idea why this occurs.

@clear igloo if using laptop sometimes anyconnect installs can screw you over

i forget the details. i had issues and dont remember what I had to do to get around it

🤔

Do the thing with the whatnot and then it fixes the issue

i havent even tried at new job yet. i know thats gonna be HELL

with that laptop its anyconnect or nothing

@waxen saddle what kind of tap are you using for your virtual network controller?

multicast probably wont work properly with macvtap

Tap for Virtual network controller? I'm afraid I'm not familiar with the terminology.

Can anyone make a recommendation on what to buy if I wanted to deploy a large scale Unify network as a public hotspot?

Need to cover quite a large area, with at least 4-5 APs, backbone will be done using mikrotik p2p antennas

The goal is offer two networks on the unify devices, one private with a regular passcode, and the other a public SSID with a captive portal

I know that unify has some way to generate "wifi access" codes, for one time use (wifi vouchers)

Do I need some kind of extra device to manage that?

Don't use the *-LR.

I'm not at all familair with unify

never used it before

So with Unifi, especially on a larger scale, you'll want a dedicated Unifi Cloud Key (It's a hardware device you'd physically buy - you maintain complete control over it. Don't want it integrated with cloud? Don't have to!) This device will manage all of your unifi devices and network. It also has a built-in Guest portal with lots of customization and ability to create vouchers. All built in to the cloud key.

More info: https://help.ui.com/hc/en-us/articles/115000166827-UniFi-Guest-Network-Guest-Portal-and-Hotspot-System#4

I forgot to mention, the cloud-key is a flat-fee one-time payment.

@waxen saddle I will probably still end up using mikrotik as core routing gear

I just need an easy way to manage the APs, but thanks for the tip on the cloud key

Does anyone know if UnRaid ever goes on sale?

Why would it ?

The margins for it are so low

FreeNAS or Proxmox ftw

why unraid? anything specific you want from it?

why are margins low on unraid?

isnt unraid just ZFS with a fancy GUI ?

it's not even ZFS

it's another parity based system

@tame carbon that's freenas

I would guess the margin depends on how many employees they have :)

the margins are low because of no support fees, one time payments

profit with unraid isnt so much the software, and more the support they offer for business customers

now they've been doing slightly better thanks to rona

FreeNAS and Proxmox make their money from SLAs and support contracts

well FreeNAS just directly benefits from TrueNAS contracts

meanwhile

I have btrfs in raid 1

with luks

btrfs with RAID 1 isn't terrible

i just wouldn't trust it with 5/6

@topaz quarry 5/6 is experimental

i've been thinking of making a ZFS based storage machine, just I never relized how expensive drives are

I chose btrfs raid over a raid controller, mostly because btrfs is able to check for data corruption on faulty drives

SMART does not always report bad data, btrfs checksums can help identify

ZFS is great

SMR drives are relatively ok for archival storage

lacks in speed, but reads are ok

why unraid? anything specific you want from it?
@peak cloak It's easy to use, friends use it and we're able to help eachother when stuck. It just suites my needs. I mainly run Pi hole from it, VPN host, Plex, storage server itself etc...

unraid to run pihole, plex and whatnot

docker on unraid is so complicated

http://debian.org/

like running jitsi on unraid demmanded it's own set of tutorials

in normal docker installs

unraid to run pihole, plex and whatnot
@tame carbon It's because it's there. I've used CLI's to run stuff such as that, and it bores me.

it's just a single docker-compose line

if you really want to, you can do everything with free software

portainer is amazing

doesn't proxmox have docker support now?

yes

idk, I just use a debaian VM

each LXC instance supports nested docker

@peak cloak debian host, ubuntu guests xD

i do ubuntu VMs for nvidia-gpu based dockers

just because it's less annoying

oh lol hardware accelerated dockers on unraid are impossible

like cmon

I just need something that works, with good parity backup, and can run the things I need it too well; without being too complicated

every ubuntu user who uses vanilla debian for the first time: -bash: sudo: command not found

FreeNAS has ZFS which has better data protection than the parity system from unraid

@tame carbon that was me with alpine

like UnRAID is great until you deviate from their intended purpose and original UI

@sage flame proxmox is as easy as it gets to manage VMs

with docker support, easy to set up software on the fly

also using terraform with unraid is actually impossible

https://www.proxmox.com/images/proxmox/screenshots/pbs/Proxmox-Backup-Server-Dashboard.png

@sage flame proxmox is as easy as it gets to manage VMs
@tame carbon I'll look into it

Any downside to it?

it uses kvm

so, not really

its just linux virtual machines

I personally moved from Proxmox to XCP-NG. But that was more personal taste. No Docker support or management though.

citrix is dying though

I use QEMU/KVM personally

Tell that to Enterprise

and they'll take xcp-ng with them

https://virt-manager.org/

i was on an interview call with citrix for engineering opp

This is great ^ if you were previously used to something like VMware

they tried to tell me docker is a fad

^

their management is so out of focus

I tried installing docker on centos, what a pain

they ship podman instead

podman is awesome

yea rootless containers are easier on redhat based distros

because of security hardening

I should probobly learn it

kuburnetes too

it's just docker

like it's literally the same commands

really?

just a different installation

yes

that was the point

you can use docker-compose?

they have podman-compose

oh ok

it works 99% of the time

except when it doesnt

don't use crazy features

like me with every attempt @ docker

it'll work

I flunked that test.

can you use docker image's or do you need to build one's for podman

I just run virtual machines, no docker here xD

you can use docker images

you can pull directly from dockerhub

cool, I'll look into it

yeah

I'll check out virt-manager as soon as I finish several rounds of updating my BIOS. I discovered WakeOnLAN isn't working on my computer and hoping BIOS updating will fix it.

I like centos / fedora

but on my game server network, we have docker

but that also means

we have two MySQL and two Postgresql instances

which is waste of resources.

you can install podman and just use it as a different runtime

like i have podman, the docker runtime, and the nvidia-runtime

i just specify the runtime in the compose file

@waxen saddle virt-manager is a frontend for QEMU/KVM

uses libvirt for the virtual machines

virt-manager itself is a GUI program, if you want to open that over SSH, you'll need X11 forwarding

if your client is linux, this is dead simple: ssh -X enables X11 forwarding

on windows its bit more tricky

You will need xming and PuTTY

you can also always use cockpit

sincie it has KVM and docker extensions

I primarily use Windows. I'm familiar with X-11 forwarding. Had to learn when setting up a Halo 1 PC server on a headless Ubuntu server. 🙂

fun fax

windows is slowly becoming huge linux wine distro

hahaha

yeah

if Microsoft wants to benefit from CDI

they have to comply

CDI => Container Desktop Infastructure

microsoft has to begin by tossing out NT

or they have make serious contributions to the microVM projects

and swap to linux

they've already started

and failed

parts of the kernel got moved around

WSL and WSL2 are terrible.

windows is slowly dying

heaps upon heaps of legacy code

bandaids

on bandaids

on more bandaids

yeah, that's what windows feels like

bandaids to bandaid incompetence

linux also needs some improvements, primary in the desktop enviroment

see it'll get that

by embracing windows as a wine distro

Linux has made lot of progress last few years

you should check hard links on windows 10. i don't know how ntfs is keeping up with the current shit show

most of the desktop issues on linux still comes down to graphics having sub-par support

the problem is a lot of people are just used to the windows UI

and are adverse to change

^

that too

and terminals are scary

people think you need to be some kind of super nerd to use it

there was a distro that replaced office with onlyoffice

and HR people didn't notice

but these are the same kind of people who click "OK OK OK OK" through an install wizard ,without reading

can i haz all your resources for nefarious compute purposes

yus

You want Ask Toolbar?

Ok

I really want to switch to linux, my last attempt was terrible since I installed it accidentally via BIOS not UEFI so I couldn't boot into windows and needed to disconnect all my other drives to force it to boot there

can i use your indentitiez for world domination

yus

oh no always install all operating systems via UEFI

you can't even install macOS on BIOS systems anymore

because Apple is like no

I couldnt get the keys enrolled with ubuntu 16 at the tiem

my brother used popOS for a while since his computer was so bad

so my laptop uses legacy boot

there's always nice watermark during too

pop os is great

"BOOTING INSECURE"

popos is a mess

and insecure

ubuntu in general is a mess

I mean, it works

pop os is a less messy ubuntu

pop doesn't ask for password verification by default

clearly debian itself is the best

anyone can just change root pw

pop_os forgot how to do dual boot

It's either Fedora or Debian for me

Debian or ubuntu for me

i tried fedora

i'm a centos/debian person

first distro I used was centos

centos is good for servers

I generally find it easier to find support online for debian systems

centos is also good for drivers

@topaz quarry wat

drivers are in the kernel

for out of tree drivers

like for SR-IOV for new NICs

DKMS has been part of Debian for a long time now

or prop GPU stuff

I want to use Davinci Resolve, and it officially has support for centos and fedora is close to centos

it is true, that fedora is usually the first to adopt the shiny new stuff

like immutable installs

It's a testing platform for Redhat

🙂

that was a neat pick-up

@topaz quarry I have my nvidia drivers on ubuntu with dkms

previously, had to reinstall them each time I did kernel patch

which... was stupid

rtx 3090 ok for call of duty 1? or is it too bad?

wut

wat

wait wrong channel

call of wire

don't troll other channels either

sorry wrong channel

part two: the disconnect

@topaz quarry so when I asked in #public-chat why there isnt a #linux

I found out, all the linux doods hang out here

xD

roflmao

general-chat didnt take my suggestion for #linux kindly

"linux is crap"

well ok. pc gamer

this channel reminds me of a more laid-back r/homelab discord

but I like laid back

same

laid back chat is chill

Just tell them "Your game servers all run on Linux"

#public-chat is all stimmed up redbull kids

whenever a game server can't run on linux, I find it so stupid

^

like stormworks

@peak cloak even worse

and when it requires steam as well

is games, whose dedicated server only is installable through steam

steam on commandline is a bit of a pain

minecraft server is what is should be like

because i386 binaries

java -jar minecraft_server.jar --nogui

ezgame

@peak cloak I run mine with -XX:EnableCommericalFeatures and -XX:FlightRecorder

for passive profiling

can just connect with JMX, and download event data from last 30 minutes

find out what code is using most of CPU and memory

There is a post of a bunch of java flags to optimize mc, I use those

We really need a Linux channel.

@waxen saddle yeah but this PC GAMING

xD

@ Anthony

people flip their shite when they find out their RGB doesn't work on linux

even though

its in /sys

it can

it's just no one who runs linux

really cares about it

xD

Exactly.

It's LTT. The PC Gamers opinions don't matter in this.

I found out that my keyboard led can be turned on using the command line

if you have programmable keyboards

some of them support uploading yaml files

@waxen saddle yeah but they promote linux gaming themselves, then don't offer a place where it can be celebrated

in windows, it is simply pressing a button

for rgb schemes

being able to games on linux reliably now, is a liberation

no more windows alt tab

taking 10 seconds

you can just spam looking glass project

we just need more AC software on linux

or the geforce nvidia stream

AC Software?

wat

anti cheat

we need to air condition linux

I'm fine with anti cheat. in userspace.

AC software in 2020 requires kernel level access from crazy game devs

anti cheat should stay tf out of kernelspace

which is hard no for most linux people

AC with RING 0. and people use VPN for security smh

it's all the funnies

kinda makes me laugh tbh

It makes me angry.

honestly when people ask for help with valorant

my only response is to remove it

Its same BS with my phone & Microsoft Exchange

all the VPN security stuff makes me laugh

I just want my school email on my phone, not sell my soul.

But you have to "Allow this organization to manage my device"

yeah, that. I just use the web app

@peak cloak work and school both use exchange

:(

can't log in to both at same time

fun stuff

school also uses microsoft SSO for all their insite pages

so I have to log out from work email

to read school pages

or use incognito

sounds like people spam microsoft auth to hard

yeah outlook is annoying about having two accounts

but then I have no adblock :(

@topaz quarry oh its f*cking fantastic!

sounds like people spam microsoft auth to hard
More SSO = Better

am I winning

Cus that one afternoon, when deadlines came

Microsoft services were down.

And I couldn't login.

thankfully the college switched to gsuite while the HS uses exchange

my Uni uses gmail

Yea, also gmail for me

I have my private mail with gmail

"People only marry 1 exchange setup, so of course it should have spouse privleges and it should be difficult to use another exchange spouse" - Microsoft probably

and my uni is just less bad about it

Google Apps for biz

it was free at one time

up to 10 accounts

if you signed up back then, you still get free service today.

:D

I need to get my Boy Scout Troop gsuite for non-profit

everything is a mess rn

"Join the cloud" - it'll be reliable they said

it's only reliable if dumb people don't run it

We've had more O365 downtime in the 6 months we've been using it than the past 5 years combined.

Rona

Microsoft

"Join the cloud" - it'll be reliable they said
When they go down, we all go down together

federated cloud(s)

say it with me

cough cough cloudflare

centralized compute is bad

centralization of resources is bad

it goes against the ethos of the internet

cough cough cloudflare
cough cough cloudflare downtime took a percentage of the internet down

even though the internet is more centralized than we'd like

cloudflare went down in SF for 6 hours

cough AWS cough google

i couldn't use 80% of the internet

for 6 hours

my family was like why is everything else working

i was like because i self-host it

for this reason

hehe.

I tried helping someone recently set up next cloud

but setting up Letsencrypt from commandline was too complicated for them

so they decided against my advice, to use cloudflare

I helped them through setting up nameservers and such

you don't need to do that

and then he ended up still needing letsencrypt -.-

you just download a free cert from cloudflare

use proxy

@topaz quarry yes but thats not full encryption

only between Client -> CF

CF -> Server still needs SSL

if you buy a hostname

they'll give you a free full cert

I use cloudflare for my DNS nameserver's, any other ideas

not that weirdoness

i know what you're talking about

I just have certbot & nginx here

one public webserver

nginx, traefik

and that does all the SSL stuff

but i'm crazy i automate docker with C++

oof

python too high level?

xD

it's actually easier for me to write C++ than python

i maintain my own standard C++ library

@topaz quarry thats me with java

I've built up a lib of utils over the years

I can quickly turnaround applications with that

i can magik harder with C++ then those python hiipsters ever can

C++20 is broken af

i love it

I taught myself JNI for the parts where java doesnt cut it

like for the one course I had on algos

just JNI everything

or use jython

had to incorporate bunch of low level code with high level software

i'm almost done with my HTML5/Javascript generator from C++

getting boost beast to compile

was fun

due to conflicting documentation

cough

CGI

c++ for webdev

CGI is terribad

I will show you all nodejs hipsters

its how you develop C++ apps "the right way"

create your own mod_cpp for apache smh

apache?

gtfo

who needs apache

httpd is so difficult with video and audio

fast_cgi you can just pass your request to a unix pipe

ezgame

but

i need stuff like cuda acceleration

works for RubyOnRails

and granuilar control

_>

ruby gets a -3 score

works for RubyOnRails
don't you ever say ror

Knew it.

i'd rather people use node

judged for using rails :( sadlyfe

aren't you a nodejs

like no one wants to do it

@unborn sluice I'm new to node

i get calls to program ruby

for like 200k

and i'm like

bro no

I'm a die hard java dev by heart

mostly APIs

compile time reflection will be a game changer

serving up C++ applications to a web browser via WASM

from a C++ web server backend

@topaz quarry I once wrote an MVC microframework in java, loosely designed after JAX-RS APIs

sooooo

let me get you a controller, show you how small it is :)

i made an applet and a servlet

and i was like

bro why java

servlets suck

that portion of JavaEE is overcomplicated

that's what i was taught :/

You aren't wrong.

You can run tiny servlet engines in java standalone

I prefferably use Jetty for this

    @GET
    @Path("minecraft")
    @RequiresLogin
    public ModelAndView getMinecraftServerStatus(Request request, Response response) {
        Map<String, Object> models = new HashMap<>();
        ServiceAPIClient client = session(request).getClient();
        ServerInfo info = client.getServerInfo(request.queryParams("server"));
        models.put("server", info);
        models.put("page", "Server Information");
        models.put("page_desc", info.getName());
        return new ModelAndView(models, "status/minecraft");
    }

This is the best of webdesign I can do

I hate frontend

not terrible

it's actually serviceable

the session() is a static import to a helper function

i'm literally making object to automate CSS prettifying of UI

it uses request context to store session data

because i just don't want to be bothered in the future

The controller logic is all auto-wire

aka: I wrote bunch of reflective code

https://i.imgur.com/VDeBqCL.png

barf

reflection in java will cause nighmares

to the uninitiated

Its only one off

does this during startup

it creates lambdas

that can be used for execution

also, I was hella lazy

it goes only GET and POST

@topaz quarry I've done bytecode manipulation before in java

oh noes

but all this reflective access in java

is kinda..

"forbidden"

in the newer versions

awesome

the jvm will spam your console with bunch of stderr messages

    @Override
    public void configure(Binder binder) {
        binder.bind(ServicePanel.class).toInstance(this);
        binder.bind(PanelProperties.class).toProvider(this::getProperties);
        binder.bind(RoutingProvider.class).toProvider(this::getRoutingProvider);
        binder.bind(TemplateEngine.class).toProvider(this::getTemplateEngine);
        binder.bind(String.class).annotatedWith(Names.named("endpoint")).toProvider(properties::getEndpoint);
    }

Learning dependency injection, enlarged my brain

makes building large applications so much easier.

How hot can my intel 10900k if I overclock it with no cooler in my pc at all since I am too broke to buy a case fan4

wrong channel

@boreal thistle what's the packet loss of your 10900k

120

@rocky badge how many VRFs do you have'

yeah broke people only buy AMD

@unborn sluice i'm team blue/green

I'm red/green

guess I'm broke now

im on a 5-6 year lifecycle now so my wallet doesnt hurt

my X79 build or whatever it was lasted so long and had good performance

no reason to jump every other year now

my last pc was 4th gen intel

non-k

I'm not really into good pc specs

I have the 3950x in my cart waiting for prices to drop to finally replace my EVE-NG server for some larger labs. Sick of how heavy Juniper images are to run. 5950x would be nice but I am not going to play the guinea pig as they took months to get just the 3900/3950x to work

well this is interesting