Archive for the ‘Network-and-equipment’ Category
Posted by jpluimers on 2017/08/14
Just in case you see UDP port 5678 in the firewall log of your MikroTik device: it’s usage of the MikroTik Neighbor Discovery Protocol (MNDP) [WayBack] protocol.
You can either block Neighbour Discovery [WayBack] in the firewall or turn it off on the MikroTik Services [WayBack] or inspect any of these protocols:
| Proto/Port |
Description |
| 20/tcp |
FTP data connection |
| 21/tcp |
FTP control connection |
| 22/tcp |
Secure Shell (SSH) remote Login protocol |
| 23/tcp |
Telnet protocol |
53/tcp
53/udp |
DNS |
| 67/udp |
Bootstrap protocol or DHCP Server |
| 68/udp |
Bootstrap protocol or DHCP Client |
| 80/tcp |
World Wide Web HTTP |
| 123/udp |
Network Time Protocol ( NTP) |
| 161/udp |
Simple Network Management Protocol (SNMP) |
| 179/tcp |
Border Gateway Protocol ( BGP) |
| 443/tcp |
Secure Socket Layer (SSL) encrypted HTTP |
| 500/udp |
Internet Key Exchange (IKE) protocol |
520/udp
521/udp |
RIP routing protocol |
| 646/tcp |
LDP transport session |
| 646/udp |
LDP hello protocol |
| 1080/tcp |
SOCKS proxy protocol |
| 1698/udp 1699/udp |
RSVP TE Tunnels |
| 1701/udp |
Layer 2 Tunnel Protocol ( L2TP) |
| 1723/tcp |
Point-To-Point Tunneling Protocol ( PPTP) |
1900/udp
2828/tcp |
Universal Plug and Play ( uPnP) |
| 1966/udp |
MME originator message traffic |
| 1966/tcp |
MME gateway protocol |
| 2000/tcp |
Bandwidth test server |
| 5246,5247/udp |
CAPsMan |
| 5678/udp |
Mikrotik Neighbor Discovery Protocol |
| 6343/tcp |
Default OpenFlow port |
| 8080/tcp |
HTTP Web Proxy |
| 8291/tcp |
Winbox |
| 8728/tcp |
API |
| 8729/tcp |
API-SSL |
| 20561/udp |
MAC winbox |
| /1 |
ICMP |
| /2 |
Multicast | IGMP |
| /4 |
IPIP encapsulation |
| /41 |
IPv6 (encapsulation) |
| /46 |
RSVP TE tunnels |
| /47 |
General Routing Encapsulation (GRE) – used for PPTP and EoIP tunnels |
| /50 |
Encapsulating Security Payload for IPv4 (ESP) |
| /51 |
Authentication Header for IPv4 (AH) |
| /89 |
OSPF routing protocol |
| /103 |
Multicast | PIM |
| /112 |
VRRP |
–jeroen
Posted in Internet, MikroTik, Power User, routers | Leave a Comment »
Posted by jpluimers on 2017/08/07
sslh accepts connections on specified ports, and forwards them further based on tests performed on the first data packet sent by the remote client.
Probes for HTTP, SSL, SSH, OpenVPN, tinc, XMPP are implemented, and any other protocol that can be tested using a regular expression, can be recognised. A typical use case is to allow serving several services on port 443 (e.g. to connect to ssh from inside a corporate firewall, which almost never block port 443) while still serving HTTPS on that port.
Hence sslh acts as a protocol demultiplexer, or a switchboard. Its name comes from its original function to serve SSH and HTTPS on the same port.
sslh supports IPv6, privilege dropping, transparent proxying, and more.
Interesting…
–jeroen
Posted in *nix, https, Linux, OpenSSL, OpenVPN, Power User, Security | Leave a Comment »
Posted by jpluimers on 2017/08/04
Edit 20260424: Cisco images via Wayback Machine as some of the links had died. Added some extra notes.
Note to self: looking at the various patch cables, it looks like most manufacturers prefer T568B over T568A. Not sure why. I adopted T568B to avoid any confusion.
As I always forget the images on FTP/STP/UTP wiring in both connectors and outlets and forget which standard is T568A and T568B: T568A and T568B termination – TIA/EIA-568 – Wikipedia:
Read the rest of this entry »
Posted in Ethernet, Hardware, Network-and-equipment, Power User | Leave a Comment »
Posted by jpluimers on 2017/07/27
Some links that were useful getting the SMS sending stuff to work.
The documentation is clear on what to do to send/receive SMS:
But it is unclear what USB hardware does work, so here are some links:
You can also do it the other way around:
–jeroen
Posted in Development, Internet, MikroTik, Power User, RouterOS, routers, Scripting, Software Development | Leave a Comment »
Posted by jpluimers on 2017/07/26
Though the Mikrotik people seem reluctant to make the font size in Winbox configurable, if you run it through WineBottler on OS X, you can scale the individual app. It’s not very pretty but makes it easier to use.
The trick is based on the Windows DPI font settings explained for instance at DPI Display Size Settings – Change – Windows 7 Help Forums and Large Fonts in Registry: Where Exactly? | PC Review but then in Wine.
For Windows, this is a system wide setting, but on a WineBottler application there is one “Windows environment” per application, so it’s application specific and should work for other applications than WinBox as well.
It makes it much easier to do script editing now.
Steps I performed:
- Quit all WinBox instances
- Open a Terminal
- Open this file
/Applications/Winbox4Mac.app/Contents/Resources/system.reg
- Find this key and name=value:
- key
[System\\CurrentControlSet\\Hardware Profiles\\Current\\Software\\Fonts] 1460991918
- name=value
"LogPixels"=dword:00000060
- Change the name=value to be like this (scales to 133.3333333%)
"LogPixels"=dword:00000080
- Save the file
- Start WinBox
The value increases the DPI from 0x60 (96 DPI) to 0x80 (128 DPI) , but the WinBox software isn’t smart enough to scale a lot of other UI properties based on it (like controls dialogs, grid cell sizes and script editors).
So it takes a bit of experimenting what works well (on my system, dword:00000090 – or 144 DPI) which scales to 150% cuts off too much of the descenders).
Values I tried:
- dword:00000060
- dword:00000078
- dword:00000080
- dword:00000084
- dword:00000090
I got at this trick through [Wine] Screen font size then wading my way to find where system.reg was stored on my system.
TODO: dive into Fixing Windows font scaling without restarting | Marc Durdin’s Blog and see if other registry settings need to be applied as well.
–jeroen
Posted in Development, Internet, MikroTik, Power User, RouterOS, routers, Scripting, Software Development | Leave a Comment »
Posted by jpluimers on 2017/07/19
I’ve not tracked down the cause yet, but these seem to be related:
- The Mac OS X build of Atom IO
- WinBox v 3.4 WineBottle version from Winbox for Mac in an embedded Wine environment – Joshaven.com
- pbcopy / pbpaste that allow command-line copy/pasting
- none of these being able to copy/paste any more and return error level 1 like terminal – pbcopy exits code 1, no error message – Ask Different but not even running tmux or screen which means this solution does not apply: ChrisJohnsen/tmux-MacOSX-pasteboard: Notes and workarounds for accessing the Mac OS X pasteboard in tmux sessions.
- I didn’t have Mouse Keys turned on
- Other applications (Chrome, FireFox, TextEdit, Finder, etc) still being able to copy/paste between each other
I’ve “fixed” 4. by doing this as recommended at osx – Copy and Cut sometimes don’t work – Ask Different:
launchctl list | grep com.apple.pboard
If the pboard daemon is running, then stop and start it. If it’s not running, start it:
launchctl stop com.apple.pboard
launchctl start com.apple.pboard
Now 4. works again if I restart each application, 6. still works, but these applications still cannot copy/paste to 1. 2. and 3.
What does work is a full reboot, but that takes a while (especially Chrome re-loading lots of Windows: I need to get more organised here).
It might be that I need to restart each application in 6.
Grrr…..
–jeroen
Posted in *nix, *nix-tools, Apple, atom editor, Hardware, iMac, Internet, Mac, Mac OS X / OS X / MacOS, MacBook, MacBook Retina, MacBook-Air, MacBook-Pro, MikroTik, Network-and-equipment, OS X 10.10 Yosemite, OS X 10.11 El Capitan, OS X 10.9 Mavericks, Power User, routers, Text Editors, tmux | 4 Comments »
Posted by jpluimers on 2017/07/18
Earlier, I wrote “:for loops are a strange beast so I will elaborate on those in a separate post.” so now is the time to do that.
The :for loop documentation is very dense:
| Command |
Syntax |
Description |
| for |
:for <var> from=<int> to=<int> step=<int> do={ <commands> } |
execute commands over a given number of iterations |
So a for loop has these elements:
Luckily, the old RouterOS 2.7 documentation on loops (which they’ve revamped after Router OS 2.7 removing many useful examples) has this:
:for – It has one unnamed argument, the name of the loop variable. from argument is the starting value for the loop counter, tovalue is the final value. This command counts loop variable up or down starting at from and ending with to, inclusive, and for each value it executes the do statement. It is possible to change the increment from the default 1 (or -1), by specifying the stepargument.
[admin@MikroTik] > :for i from=1 to=100 step=37 do={:put ($i . " - " . 1000/$i)}
1 - 1000
38 - 26
75 - 13
[admin@MikroTik] >
You might think that from= the start value, to= the finish value and the loop won’t execute when step= a positive value and from= larger than to=. Or that without a step= the loop will always iterate in ascending order.
Wrong! And wrong!
So it’s time for some…
:for loop examples
Read the rest of this entry »
Posted in Development, Internet, MikroTik, Power User, RouterOS, routers, Scripting, Software Development | Leave a Comment »
Posted by jpluimers on 2017/07/14
TomatoUSB recommends a NVRAM reset (or 30/30/30 reset) before and after upgrades.
This means you loose all your settings which causes a lot of people to not upgrade at all.
The steps to export/import are a bit vague as they depend on what you want to save.
It basically comes down to do this on the old configuration
nvram export --set
Save that output to a local file and then use a search tool searching for specific sections you want to restore.
After you restored the sections ensure you persist them:
nvram commit
This is what the TomatoUSB author usually searches for:
Read the rest of this entry »
Posted in Internet, Power User, routers, TomatoUSB | Leave a Comment »
Posted by jpluimers on 2017/07/10
Don’t abuse: 3.6 GIG – Public-Mikrotik-Bandwidth-Test-Server – MikroTik RouterOS [WayBack]
Primary btest server (for short high speed bursts):
- IP address: 207.32.195.2
- User: btest
- Passowrd: btest
- Max connection time: 10 minutes
- No winbox access, only bandwidth test
Secondary btest server (for longer less high speed traffic) [WayBack]:
- IP address: 207.32.195.10
- User: btest
- Passowrd: btest
- Local Tx Speed: 25k
- Remote Tx Speed: 25k
- No winbox access, only bandwidth test
–jeroen
Posted in Internet, MikroTik, Power User, routers | 6 Comments »
Posted by jpluimers on 2017/07/05
Thanks to ZeroByte answering at [Answered] Where are ip firewall address-list timeout values documented – MikroTik RouterOS [WayBack] which I edited a bit here:
I haven’t seen anything specific to the format of these time tokens, but the firewall add-to-address-list timeout is documented here:
http://wiki.mikrotik.com/wiki/Manual:IP … Properties…It seems to take the same format as any other similar duration-related input I’ve encountered:
- a raw number is interpreted as seconds
You can specify a number as another duration with tokens:
- s = seconds (default)
- m = minutes
- h = hours
- d = days
- w = weeks
A few aspects:
- Tokens can combine be in any order
- Whitespace is ignored
So these are all valid:
2s 2h 2w
1w2d3h4m5s
5s4m3h2d1w
- Days and weeks just get added together. If you specify 1w8d, this is the same as 2w1d
- The last value specified may be in h:m:s format or in h:m (omit seconds)
- Interestingly, if you mix and match, they just get added:
- “1d 2h 12:30” -> “1d 14:30:00”
- Values larger than 536870911 seconds are stored and tracked but when displayed show as 0sec.
(248 days, 13:13:55)
- The maximum value is 4294967295 seconds (which is the maximum 32-bit value)
This decodes to: 7101w3d6h28m15s as the largest value….
(7101 weeks is ~136 years counting for leap years, by the way)
–jeroen
Posted in Development, Internet, MikroTik, Power User, RouterOS, routers, Scripting, Software Development | Leave a Comment »
The Wiert Corner - irregular stream of stuff 