spent like 3 hours wondering why nothing resolved. turns out I fat fingered the forwarder IP. always double check your configs lol for anyone else stuck - just run nslookup and check what server its ...
👁 253
❤ 37
Tips, tutorials, and discussions about networking, security, and IT
spent like 3 hours wondering why nothing resolved. turns out I fat fingered the forwarder IP. always double check your configs lol for anyone else stuck - just run nslookup and check what server its ...
if you remember /24 = 256, just keep halving. /25 is 128, /26 is 64, etc. saved me so much time once i memorized that seriously this one trick made subnetting so much easier for me
renewing SSL certs is the worst part of my job tbh. anyone got tips for automating this? using lets encrypt but still annoying
client said their site was down but everything looked fine on my end. turns out their ISP was blocking 443 outbound for some reason?? took forever to figure out always check the obvious stuff first i...
was troubleshooting slow connections and traceroute showed a hop taking 200ms. turned out to be a bad switch in the path. easy fix once we found it
i know we need to learn it eventually but man those addresses are ugly. still running dual stack everywhere and honestly ipv4 just works maybe im just old school idk
stop using passwords for ssh. seriously. ssh-keygen -t ed25519 and youre done. faster and way more secure if your server still needs password auth in 2024 thats a red flag
added rate limiting on our login endpoint after seeing weird traffic patterns. next day we got hit with a brute force attempt and it just bounced off. felt good man
just because ping works doesnt mean your app will. learned this the hard way when ICMP was allowed but TCP 8080 was blocked. always test the actual ports
finally replaced my ISP router with pfsense. night and day difference. actual logs, proper firewall rules, no more random reboots took a weekend to set up but worth it
captured some traffic today and found a device making weird DNS requests every 30 seconds. turned out to be smart TV phoning home. blocked it lol
had a client running out of IPs on their /24. turns out lease time was set to 30 days and nobody ever cleaned up old devices. changed to 8 hours, problem solved
wireguard is so much faster than openvpn its not even funny. if youre still on openvpn give wireguard a try. setup is simpler too
boss wanted a list of all open ports on our network. nmap -sV -p- took a while but found 3 services nobody knew were running. cleaned those up real quick
spent 2 days on a vpn issue that turned out to be MTU. packets were getting fragmented and dropped. lowered MTU to 1400 and everything worked always forget to check this
speedtest-cli is great for quick tests without opening a browser. pip install speedtest-cli and youre good. use it all the time on servers
emails going to spam? check your reverse DNS. a lot of mail servers check if PTR matches and reject if it doesnt. quick fix that makes a big difference
ss is way faster than netstat on busy servers. ss -tuln gives you listening ports almost instantly. netstat can take forever with lots of connections
weird network issue today - device couldnt reach gateway. arp -a showed wrong MAC for gateway IP. cleared arp cache and it fixed itself. probably a conflict somewhere
been using iftop for live bandwidth monitoring. way easier than trying to read tcpdump output. shows you exactly whos using bandwidth in real time
curl -I for headers, curl -v for verbose, curl -o for download. this one command does so much. use it literally every day
changed nameservers 48 hours ago and some places still show old records. TTL was set to 300 but doesnt matter when upstream caches ignore it patience i guess
sticky sessions were off and users kept getting logged out. requests going to different backends with different session stores. enabled sticky sessions, happy users
tcpdump -i any port 80 -A | grep -i host quick way to see what HTTP requests are happening. not for production obviously but great for debugging
got an alert that someone tried logging into admin panel from russia. password was right (probably from a breach) but 2FA stopped them. please enable 2FA everywhere
dig gives way more info than nslookup. dig +trace shows the whole resolution path. nslookup is fine for quick checks but dig is the real deal
gigabit wasnt working on a port. tried everything software side. turned out to be a bad cable that only had 4 wires connected instead of 8. physical layer problems are real
server ran out of disk space at 3am. wouldve been nice to know before it happened. set up basic monitoring with alerts. sleep better now
accidentally announced wrong prefix and took down a customers site for 10 minutes. BGP mistakes propagate fast. triple check everything before hitting enter
app worked with 127.0.0.1 but not localhost. turned out localhost was resolving to ::1 (ipv6) and app only listened on ipv4. little things like this drive me crazy