Network Connection Flags

December 18th, 2025

TCPDUMP

S = SYN: The synchronization flag is used when a connection is being established.
F = FIN: The finish flag is used to gracefully close a TCP connection.
R = RST: The reset flag is used to forcibly close a TCP connection.
P = PUSH: The push flag is used to ask the receiving end to pass this data to the application as soon as possible, rather than buffering it.
A = ACK: The acknowledgment flag is used to acknowledge receipt of packets.
U = URG: The urgent flag is used when certain data within a packet must be processed immediately.
E = ECE: The explicit congestion notification echo flag is used to signal network congestion.
C = CWR: The congestion window reduced flag is used to acknowledge the receipt of an ECE flag.

CISCO ASA

Quick Reference:
UIO = Outbound Connection
UIOB = Inbound Connection

Flags:
A – awaiting inside ACK to SYN,
a – awaiting outside ACK to SYN,
B – initial SYN from outside,
b – TCP state-bypass or nailed,
C – CTIQBE media,
D – DNS, d – dump,
E – outside back connection,
F – outside FIN,
f – inside FIN,
G – group,
g – MGCP,
H – H.323,
h – H.225.0,
I – inbound data,
i – incomplete,
J – GTP,
j – GTP data,
K – GTP t3-response
k – Skinny media,
M – SMTP data,
m – SIP media,
n – GUP
O – outbound data,
P – inside back connection,
p – Phone-proxy TFTP connection,
q – SQL*Net data,
R – outside acknowledged FIN,
R – UDP SUNRPC,
r – inside acknowledged FIN,
S – awaiting inside SYN,
s – awaiting outside SYN,
T – SIP,
t – SIP transient,
U – up,
V – VPN orphan,
W – WAAS,
X – inspected by service module

Posted in Networking | No Comments »

Setting up TailScale on a Promox LXC

January 27th, 2025

Create a Ubuntu LXC on Ubuntu 24.04

Configure PVE for access the /dev/tun

/etc/pve/lxc/106.conf
lxc.cgroup2.devices.allow: c 10:200 rwm
lxc.mount.entry: /dev/net/tun dev/net/tun none bind,create=file

Install tail Scale
apt-get update

apt-get install -y curl

curl -fsSL https://pkgs.tailscale.com/stable/ubuntu/noble.noarmor.gpg | tee /usr/share/keyrings/tailscale-archive-keyring.gpg >/dev/null

curl -fsSL https://pkgs.tailscale.com/stable/ubuntu/noble.tailscale-keyring.list | tee /etc/apt/sources.list.d/tailscale.list

apt-get update

apt-get install -y tailscale

tailscale up –auth-key=tskey-auth-xxxxxxxxxxxxxxx –advertise-exit-node –advertise-routes=192.168.3.0/24

tailscale ip -4

Advertise Subnet Routes
echo ‘net.ipv4.ip_forward = 1’ | sudo tee -a /etc/sysctl.d/99-tailscale.conf
echo ‘net.ipv6.conf.all.forwarding = 1’ | sudo tee -a /etc/sysctl.d/99-tailscale.conf
sudo sysctl -p /etc/sysctl.d/99-tailscale.conf

Posted in Proxmox, Uncategorized | No Comments »

Upgrading Promox

January 26th, 2025

https://pve.proxmox.com/pve-docs/pve-admin-guide.html#system_software_updates
??https://pve.proxmox.com/pve-docs/pve-admin-guide.html#sysadmin_package_repositories

apt-get update

apt-get dist-upgrade

Posted in Proxmox | No Comments »

Setting up Docker Client to connect to remote daemon using CLI

October 29th, 2023

On Docker Daemon

IP: 192.168.100.100

user@docker:~$ sudo systemctl edit docker.service

ExecStart=/usr/bin/dockerd -H fd:// -H tcp://127.0.0.1:2375

user@docker:~$ sudo systemctl restart docker.service

user@docker:~$ sudo netstat -lntp | grep dockerd
tcp 0 0 127.0.0.1:2375 0.0.0.0:* LISTEN 170/dockerd

On Docker Client

user@client:~$ ssh-keygen

user@client:~$ ssh-copy-id 192.168.100.100

user@client:~$ docker context create node2
–description “Node 2” \
–docker “host=ssh: //$TARGET _HOST”

user@client:~$ docker context use node2

user@client:~$ docker ps

CONTAINER ID   IMAGE                        COMMAND                  CREATED          STATUS         PORTS                                       NAMES

0cf710e9fdbf   hello:2          “/docker-entrypoint.???”   12 minutes ago   Up 7 minutes   1883/tcp                                    container-1

Posted in Docker | No Comments »

Allowing AWS console access from another AWS account

October 25th, 2022

In a scenario where you want to allow third party to access your AWS account, we can use Assume Role to facilitate the access.

Step 1. Create Role

Login to your AWS account. Create Role – under IAM > Roles

Defined Trusted Entity. Input the 3rd party AWS account number. Always require MFA for security best practise.

Select Permission Policy. AdministratorAccess will grant full access to the 3rd party. Use it with caution.

Assign a name and description of the policy, review and then create the Role.

Viola. You can copy the “Link to switch roles in console” to the third party.

Step 2. Third Party Access

First, Third Party login to their own AWS account and open the switch role link from the previous step. The Account and Role field will be pre-populated. Give it a name, so you can easily remember what this is for.

AWS Console keeps track of roles you have been used in the Role history menu.

Posted in AWS | No Comments »

Login to the container as root

October 7th, 2022 
docker exec -it --privileged --user root container_id bash

Posted in Docker | No Comments »

Useful S3 CLI commands

September 14th, 2022

Create Bucket

aws s3api create-bucket --acl public-read \
--bucket bucket-20220914-s3-6 \
--region ap-east-1  \
--create-bucket-configuration LocationConstraint=ap-east-1

https://awscli.amazonaws.com/v2/documentation/api/latest/reference/s3api/create-bucket.html

Remarks – how to enable versioning, encryption

Delete Bucket

aws s3 rb s3://bucket-20220914-s3-6 --force

Prepare S3 bucket to serve Website

aws s3 website \
s3://bucket-20220914-s3-6 \
--index-document index.html

Posted in AWS | No Comments »

Running a BusyBox container

March 1st, 2022

Running a temporary Linux Shell 

docker run -it --rm busybox

Posted in Docker | No Comments »

MacOS 12 failed to SSH – no matching key exchange method found

January 19th, 2022

Unable to negotiate with 192.168.1.1 port 22: no matching key exchange method found. Their offer: diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1

Add to the bottom of /etc/ssh/ssh_config


KexAlgorithms +diffie-hellman-group1-sha1

Posted in MacOS | No Comments »

Accessing AWS Member Account

December 22nd, 2021
  1. Open the AWS Management Console using IAM user credentials.
  2. Choose your account name at the top of the page, and then select Switch Role.
    Important: If you are signed in with root user credentials, you can’t switch roles. You must be signed in as an IAM user or role. For more information, see Switching to a role (AWS Management Console).
  3. Enter the account number for the member account.
  4. Enter role name: OrganizationAccountAccessRole
  5. (Optional) You can also enter a custom display name (maximum 64 characters) and a display color for the member account.
  6. Choose Switch Role.

Posted in AWS | No Comments »

« Older Entries