The Wiert Corner – irregular stream of stuff

Jeroen W. Pluimers on .NET, C#, Delphi, databases, and personal interests

  • My badges

    Mastodon

  • Twitter Updates

  • My Flickr Stream

    20140508-Delphi-2007--Project-Options--Cannot-Edit-Application-Title-HelpFile-Icon-Theming20140430-Fiddler-Filter-Actions-Button-Run-Filterset-now20140424-VMware-Fusion-6.0.3.-no-reclaimable
    More Photos

  • Pages

  • All categories

  • Enter your email address to subscribe to this blog and receive notifications of new posts by email.

    Join 1,860 other subscribers

Archive for the ‘routers’ Category

« Previous Entries
Next Entries »

Sniffers, Packet Capture – PFSenseDocs – cool, as it uses tcpdump/Wireshark format!

Posted by jpluimers on 2017/03/13

I hadn’t done a lot with pfSense in the past, which I regret a bit since I discovered this really cool feature: Sniffers, Packet Capture – PFSenseDocs.

The coolness isn’t so much that you can capture packets, but that it’s compatible with tcpdump and Wireshark (which has become available natively for Mac like 2 years ago).

Which means that you can download captures and open them in Wireshark.

So it’s as easy as 1,2,3:

  1. Set-up the capture on your router https://a.b.c.d/diag_packet_capture.php and start it
  2. Stop the capture and download the file
  3. Open the file in Wireshark or convert it to text using tshark

–jeroen

Posted in *nix, *nix-tools, Internet, Monitoring, pfSense, Power User, routers, tcpdump, Wireshark | Leave a Comment »

linux port forwarding to external ip – Google Search

Posted by jpluimers on 2017/01/20

For my Link Archive via linux port forwarding to external ip – Google Search:

Need to look at this more closely, but it looks like you need PREROUTING, FORWARD and POSTROUTING and two NATs (DNAT and SNAT), as this graph from Port Forwarding Using iptables – SysTutorials shows:

PACKET IN
    |
PREROUTING--[routing]-->--FORWARD-->--POSTROUTING-->--OUT
 - nat (dst)   |           - filter      - nat (src)
               |                            |
               |                            |
              INPUT                       OUTPUT
              - filter                    - nat (dst)
               |                          - filter
               |                            |
               `----->-----[app]----->------'

–jeroen

Posted in *nix, *nix-tools, Internet, Internet protocol suite, iptables, Linux, openSuSE, Power User, routers, SuSE Linux, TCP | Leave a Comment »

In this tutorial you will learn how to configure pfSense to load balance and…

Posted by jpluimers on 2017/01/13

In this tutorial you will learn how to configure pfSense to load balance and fail over traffic from a LAN to multiple Internet connections (WANs) i.e.… – Joe C. Hecht – Google+

Source: In this tutorial you will learn how to configure pfSense to load balance and…

Posted in Internet, pfSense, Power User, routers | Leave a Comment »

nanog: Forwarding issues related to MACs starting with a 4 or a 6 (Was: [c-nsp] Wierd MPLS/VPLS issue)

Posted by jpluimers on 2016/12/05

Time after time issues pop up related to MAC addresses that start with a4 or a 6.

[WayBacknanog: Forwarding issues related to MACs starting with a 4 or a 6 (Was: [c-nsp] Wierd MPLS/VPLS issue)

The underlying issue has to do with switches interpreting too much information of (un)encrypted traffic and dropping them because they wrongly think it’s plain ethernet traffic they need to handle.

MAC addresses starting with a 4 or 6 have have a common bit pattern (likekly that fails with 12 and 14 as well) that cause failure in certain network equipment that’s hard to trace as there is limited.

[WayBackChristian Vogel – Google+ (Physics, Electronics, Software) explains this way better at [WayBack] When your MAC address starts with 4 or 6, weird things can happen and it’s not always fixable… – Kristian Köhntopp – Google+:

Read the rest of this entry »

Posted in Internet, Network-and-equipment, Power User, routers, VPN | Leave a Comment »

Another +ESP8266 gizmo, this time to automatically reboot your router…

Posted by jpluimers on 2016/10/28

Another +ESP8266 gizmo, this time to automatically reboot your router if connection is lost in order to get 24/7 connectivity. – Jean-Luc Aufranc – Google+

Source: Another +ESP8266 gizmo, this time to automatically reboot your router if…

Posted in Internet, Power User, routers | Leave a Comment »

Olive – Juniper Clue

Posted by jpluimers on 2016/08/19

The original http://juniper.cluepon.net/index.php/Olive is gone, but the WayBack machine sitll has it: Olive – Juniper Clue

It describes how to install JUNOS on x86/x64 (or emulated) hardware.

–jeroen

via: Can I learn Juniper? : networking

Read the rest of this entry »

Posted in Internet, Juniper, Olive - JUNOS, Power User, routers | Leave a Comment »

Multi-WAN routers compared

Posted by jpluimers on 2016/05/20

Mikrotik have statistics and way more features. Of the not so good features on the TP-LINK ER-5120 multi-WAN router (none of which are mentioned in their documentation), the worst 2 are:

  • Virtual-Server table can only handle 32 incoming port redirects
  • no IPv6 support
  • both incoming WAN and outgoing NAT isn’t very stable (my guess it’s a NAT table filling up)

Source: Gigabit Load Balance Broadband Router TL-ER5120 – Welcome to TP-LINK

Source: MikroTik – Forum – Tweakers

RouterBoard RB3011UiAS-RM description. The RB3011 is a new multi port device, our first to be running an ARM architecture CPU for higher performance than ever before. The RB3011 has ten Gigabit ports divided in two switch groups, an SFP cage and for the first time a SuperSpeed full size USB 3.

Source: RouterBoard.com : RB3011UiAS-RM (link has high res images)

Mikrotik RB3011 product page is finally up!
byu/matthaios637 inhomelab

Source: RB3011UiAS-RM – MikroTik RouterOS

The CCR1009 will always be faster, even passively cooled: Source: RB3011 Fan Notice compared to CCR 1009 – MikroTik RouterOS. The passively cooled versions run at a lower clock-speed which you can even make lower yourself:Source: CCR1009-8G-1S-1S+PC lower clock – MikroTik RouterOS. On the active cooled CCR1009, you can replace the fans to make them more quiet: Source: CCR1009-8G-1S-1S+ General info & Questions – Page 2 – MikroTik RouterOS

Note the ports in/out the switch groups on the CCR1009: Source: CCR 1009 switch chip menu – MikroTik RouterOS

RouterBoard CCR1009-8G-1S-1S+PC description. Our popular 9-core Cloud Core Router is now available in a new passive cooling enclosure. This CCR1009 unit is equipped with two heat-pipes and a specially designed heat-sink, so its completely silent.

Source: RouterBoard.com : CCR1009-8G-1S-1S+PC

RouterBoard CCR1009-8G-1S-PC description. Our popular 9-core Cloud Core Router is now available in a new passive cooling enclosure. This CCR1009 unit is equipped with two heat-pipes and a specially designed heat-sink, so its completely silent.

Source: RouterBoard.com : CCR1009-8G-1S-PC

Source: Advise: CCR1009-1S-PC – MikroTik RouterOS

Source: CCR1009-8G-1S-1S+ is a BEST ROUTER !!! – MikroTik RouterOS

When the power supply breaks: Source: CCR1009-8G question about part number – MikroTik RouterOS

The actively cooled CCR1009 with lots of pictures and screenshots: Source: CCR1009-8G-1S-1S+ General info & Questions – MikroTik RouterOS

Mikrotik with xs4all

Source: Eigen router achter een XS4ALL-VDSL-aansluiting (2) | Harold Schoemaker

Source: xs4all ftth en Mikrotik router – Google Groups

Heeft iemand van jullie ook ervaring met IPv6 van XS4all met een fritzbox? Ik wil namelijk achter deze fritzbox een mikrotik plaaten en IPv6 door routeert.

Source: IPv6 mikrotik router achter een fritzbox.

Source: [Ervaringen/discussie] MikroTik-apparatuur – Netwerken – GoT

–jeroen

Posted in Internet, MikroTik, Power User, routers | Leave a Comment »

Buffalo WLAE-AG300N DHCP client is buggy and adds a NULL character to the host name.

Posted by jpluimers on 2016/05/13

Buffalo WLAE-AG300N is one of those buggy DHCP clients… Even running firmware Ver.1.85 (R1.05/B1.00)), it gets the length of the DHCP host name wrong so adds a bogus NULL byte to that name.

@Buffalo: please fix this.

The DHCP client options are of structure Type/Length/Value so a client is supposed to set the length of the hostname to exactly the number of characters.
However there exist buggy clients that either send a length of 1 more and a \00 at the end of the name, or send a fixed length and pad it with \00 as necessary.

Source: DHCP server: Odd active hostname behaviour: some views have null character at the end, some don’t. – MikroTik RouterOS

Fromt a packet capture:

Buffalo WLAE-AG300N gets the length of the DHCP name wrong and inserts an extra NULL character.

Buffalo WLAE-AG300N gets the length of the DHCP name wrong and inserts an extra NULL character.

This besides these devices also not automatically powering up when power goes out and comes back up

Mikrotik packet capture and viewing it in Wireshark

Anyway: getting and displaying the packet capture was quite easy:

  1. In Winbox (or from the console):
    1. Tools ->
    2. Packet Sniffer ->
    3.  General tab: set filename and file limit, then click Apply
    4. Filter tab: choose the interface, protocol (UDP) and port (67), then click Apply
    5. Click Start
    6. Wait for the DHCP refresh to happen
    7. Click Stop
  2. In Winbox (or from the console):
    1. Files -> Choose the captured file -> Download
  3. In your file manager, ensure the downloaded file gets the .pcap extension
  4. In Wireshark: load the .pcap file and inspect it

 

–jeroen

Posted in Access Points, Buffalo, Internet, MikroTik, Power User, routers | Leave a Comment »

MikroTik CHANGELOG_6 link

Posted by jpluimers on 2016/05/06

In the absence of http://www.mikrotik.com/download/CHANGELOG_6 (somehow it’s unreachable where I live) here links that do work:

–jeroen

Posted in Internet, MikroTik, Power User, routers | Leave a Comment »

“Comprehensive Guide to pfSense 2.3” and “pFsense Firewall setup and Features in depth March 2016”

Posted by jpluimers on 2016/04/25

Now that pfSense 2.3 is out some videos:

–jeroen

Read the rest of this entry »

Posted in Internet, pfSense, Power User, routers | Leave a Comment »

« Previous Entries
Next Entries »