Category: Uncategorized

SouthEast Linux Fest 2023 by the numbers

DNS

I am using this to analyze the logs https://github.com/Matty9191/bind-query-log-statistics
Top domain names(note I have removed some internal hostnames to only show public hostname) The numbers next to hostname is number of dns requests found. Please note that the logs was only part of Saturday and all day Sunday. The logs rolled over faster than I thought they would. There was a few internal host names that was from other peoples networks that over 10k requests in 2 days covered in the logs.

studio.youtube.com : 75924
youtube-ui.l.google.com : 61760
www.google.com : 17262
ssl.gstatic.com : 6835
signaler-pa.clients6.google.com : 6768
beacons.gcp.gvt2.com : 5725
gateway.icloud.com : 4997
connectivitycheck.gstatic.com : 4948
play.google.com : 4879
safebrowsing.googleapis.com : 4584
ping.archlinux.org : 4369
www.youtube.com : 3997
ipv4only.arpa : 3693
www.gstatic.com : 3299
detectportal.firefox.com : 3282
accounts.google.com : 3228
fonts.gstatic.com : 3136
clients4.google.com : 3066
wifiprotectcheck.mcafee.com : 3053
somafm.com : 2920
optimizationguide-pa.googleapis.com : 2815
www.googleapis.com : 2619
example.org : 2347
play.googleapis.com : 2271
googleads.g.doubleclick.net : 2135
api.steampowered.com : 2131
fedoraproject.org : 2102
mail.google.com : 2093
baideal.buadh-brath.com : 2063
location.services.mozilla.com : 2012
i.ytimg.com : 2005
connectivitycheck.grapheneos.network : 1981
gs-loc.apple.com : 1972
clients6.google.com : 1911
conncheck.opensuse.org : 1872
content-autofill.googleapis.com : 1862
graph.facebook.com : 1822
clubhouse.pubnubapi.com : 1795
adservice.google.com : 1764
_dns.resolver.arpa : 1760
www.google-analytics.com : 1737
raw.githubusercontent.com : 1719
encrypted-tbn0.gstatic.com : 1709
incoming.telemetry.mozilla.org : 1704
bag.itunes.apple.com : 1699
fonts.googleapis.com : 1690
chat.signal.org : 1667
dns.google : 1661
pagead2.googlesyndication.com : 1635
push.services.mozilla.com : 1608
youtubei.googleapis.com : 1595
ocsp.digicert.com : 1594
chat.google.com : 1568
google.com : 1558
lh3.googleusercontent.com : 1524
connectivity-check.ubuntu.com : 1508
ping.manjaro.org : 1498
grafana.com : 1482
gateway.fe.apple-dns.net : 1481
ha.thejohnweb.com : 1471
discovery-v6.syncthing.net : 1469
ocsp.pki.goog : 1467
beacons.gvt2.com : 1394
epdg.epc.mnc260.mcc310.pub.3gppnetwork.org : 1378
arcus-uswest.amazon.com : 1369
contile.services.mozilla.com : 1359
www.facebook.com : 1352
ib.adnxs.com : 1339
app-measurement.com : 1337
trace.svc.ui.com : 1334
mtalk.google.com : 1319
outlook.office365.com : 1292
gitlab.corp.redhat.com : 1270
addons-pa.clients6.google.com : 1267
fw.bme1.me : 1255
v10.events.data.microsoft.com : 1241
jnn-pa.googleapis.com : 1197

Queries per hour:
00: 19052
01: 10107
02: 10661
03: 11774
04: 10447
05: 8977
06:10114
07: 10805
08: 22667
09: 34093
10: 32292
11: 45774
12: 31282
13: 91411
14: 110778
15: 69533
16: 44638
17: 40701
18: 40361
19: 42923
20: 37136
21: 46039
22: 33685
23: 24407

Wifi

Below is total known clients for each category that connected to the one of the SELF SSIDs.
6ghz (note this year we only had 1 ap that supported this band) = 2
wifi3(802.11g) = 0
wifi4(802.11n) = 37
wifi5(802.11ac) = 178
wifi6(802.11ax) = 44
1×1 = 65
2×2 = 192
3×3 = 3
4×4 = 0
Total client 260

WAN


ATnT(1000m down, 1000m up)
peak down = 721
peak up = 148
95% rate down 194
95% rate up 38
Total down 1.27tb
Total up 420gb

Lancache

Cache added during the event 409.3
cache served during the event 572.5
Hit/miss ratio 71% miss 28% hit
total clients 136
Amount served to top client 151gb
Total downloaded for Steam 470gb
Total downloaded for Wsus 6.3gb
Total downloaded for linux mirrors 21.7
Top 3 games downloaded in steam by total gb
1. Shetland Pony
2. TF2
3. Quarters

Wired traffic

Below is total up and down
Total traffic from firewall to core sw 6.41TB
Total traffic from core sw to balllroomA/C 1.26TB
Total traffic from core sw to balllroomD 1.75Tb
Total traffic from core sw to balllroomJR 617GB
Total traffic on wired public vlan 1.22TB
Total traffic on WPA SSID vlan 534GB
Total traffic on open SSID vlan 198GB

DWCC stats from SouthEast Linux Fest

I deployed DWCC(https://github.com/zunder1990/Distributed-Wifi-Capability-Collector) for the first time at a large event. I was only able to get one node running, and was only able to capture packets on the following channels: 1,6,11,36,52,56,100,116. With one node running for two days and only capturing the management and control part of the wireless packets, I got 17gb of PCAPs.

Here are the results (only counting when client was talking with AP and not when client was probing broadcast):

2.4ghz clients204
5ghz clients90Note: I was only able capture a few of the 5ghz channels
802.11k clients110 Provides information to discover the best available access point
BSS Transition/802.11r/FT231Allows for faster roaming between APs
QOS map53RFC 8325 tells you if the client is able to set DSCP value on packets it sends
receive frames from mu-mimo AP31Says if client is able to receive packets send from AP while doing mu-mimo
receive frames from single user beamforming AP51Says if the client is able to understand an AP trying to beamform
Transmission of STBC-coded frames28Space-Time Block Coding (STBC) can be used when the number of radio chains exceeds the number of spatial streams.
Extended Channel Switching80Provides a mechanism for an access point to notify the stations connected to it of its intention to change channels or to change channel bandwidth.
Orthogonal Frequency-Division Multiplexing OFDM126
WNM-Sleep Mode45Power save mode
Multiple BSSID13Client can understand when one than one BSSID is in a beacon packet from an AP
802.11w40 Protected Management Frames 

interworking/802.11u		43Related to hotspot2.0

wnm notification		59Related to 802.11v

receive LDPC-encoded frames		51Clients able to understand frame encoded in low-density parity-check, related to Transmission of STBC-coded frames

Timing Measurement		9802.11mc, allows the client to tell how far it is from the AP,  3.3 nanoseconds per meter

SSID List		45

About Zach Underwood

I have worked in both a commercial data centers, local government and ISPs. I have experience includes setup of VMware stack using ESX and Vcenter to reduce the number of servers, setup internal WI-FI systems, designed GPO for windows desktop, and deployed Linux thin clients for public kiosks. I have also provided server administration and support, desktop user support, and computer equipment troubleshooting.

  • Red Hat Certified System Administrator Ver. 7 License number:100-206-556 January 2015
  • Red Hat Certified Engineer Ver.6 License number:100-206-556 June 2011
  • Red Hat Certified System Administrator Ver. 6 License number:100-206-556 July 2011
  • Red Hat Certified System Administrator Ver. 5 License number 100-206-556 August 2010
  • Red Hat Certified Technician Ver. 5 License number:100-206-556 August 2010
  • Ubiquiti airMAX-Certified Admin September 2013
  • Commtrain/NATE Certified tower climber March 2014

Videos that I have done

Greenville Tech ad that aired on TV

Linux user group talk about BGP and Net Neutrality

Interview I did with Jupiter Bradcasting about Wireless ISP and tower climbing

This is a talk that I gave at the South East Linux Fest 2015

This is a talk that I gave at the South East Linux Fest 2015

This is a talk that I gave at the South East Linux Fest 2014

Interview I did with Jupiter Bradcasting