I’ll look at lxc snapshots after the hardware upgrade I got lined up, thanks!
- 2 Posts
- 46 Comments
Joined 2 years ago
You are not logged in. If you use a Fediverse account that is able to follow users, you can follow this user.
link Englishfedilink 1 year ago1·arrow-up
link Englishfedilink 1 year ago2·arrow-up It’d be a pain in the rear to rebuild everything. This proxmox machine is the center of everything, even housing the disk all the config backups are on. I should probably not be doing that…
link Englishfedilink 1 year ago3·arrow-up I’m going to experiment with this! I would love to get rid of Proxmox, it has so many problems and I only run containers anyway.
Is there an easy way to migrate containers? I’m not well versed in LXC despite using it for years.
link Englishfedilink 1 year ago1·arrow-up I did switch and had way more problems… And still no IPv6, either.
link Englishfedilink 1 year ago4·arrow-up I honestly thought only paid users could use the official forums…
I’ll post it there, too! Thank you
link Englishfedilink 2 years ago3·arrow-up What’s that CPU cooler? I’ve been looking for super low profile coolers.
link Englishfedilink 2 years ago3·arrow-up That’s exactly the same reason I dropped certbot, haha
link Englishfedilink 2 years ago24·arrow-up I highly recommend https://github.com/acmesh-official/acme.sh
What do you mean up keeps changing the prefix?
How are you tracking their ips on ipv6?
Are you able to type the ip off the top of your head?
I write them down, just as I do v4. I don’t type v4 off the top of my head any more than I do v6- but even if I did, I’d only have to really memorize the prefix because that’s all universal across my whole network. For example, look at this that I ripped from my documentation:
== PROXMOX CONTAINERS & VIRTUAL MACHINES ====================== C:TorRelay - 192.168.78.160 / 2a05:f6c7:8039::12ad C:Gonic - 192.168.78.161 / 2a05:f6c7:8039::1255 C:Wireguard - 192.168.78.162 / 2a05:f6c7:8039::1666 V:ADS-B - 192.168.78.163 / NA C:Apache - 192.168.78.164 / 2a05:f6c7:8039::1337 C:Backups - 192.168.78.165 / 2a05:f6c7:8039::0107 C:PiHole - 192.168.78.166 / 2a05:f6c7:8039::1811 C:NetworkFun - 192.168.78.167 / 2a05:f6c7:8039::1192 C:MovieSync - 192.168.78.168 / 2a05:f6c7:8039::2356 C:Owncast - 192.168.78.170 / 2a05:f6c7:8039::1368Do you see the pattern? I could have made it even simpler. I could’ve made the last quartet of the v6 address the same as the last octet of the v4 address, but I didn’t think of it at the time. I’ve memorized more credit cards than I have IP addresses in total, which you will surely agree are more complex, so I’m not worried about when the time comes to drop v4 and its time to memorize v6. It will come naturally with use, as the credit cards have
In practice, I’ve found, that it is simply not a problem. If I don’t know the last quartet off the top of my head, I won’t know the last octet either so I have to look it up anyway. All my network documentation is available with a simple curl command. If I do know the last quartet but not the prefix, I could type ‘ip a’ and find the prefix right there.
I’m sorry you’ve had a poor experience, but I’ve had nothing but smooth sailing since my ISP gave me a /64. I had to re-learn most of what I knew and unlearn a few bad v4 habits, but v6 has solved issues that I was tired of dealing with. I can’t imagine what you’re doing to think it’s more complicated and easier to screw up than v4.
Why?
This project has hit a bit of a dead end but I appreciate your input a lot. I may get an opportunity to run tcpdump from within their network soon- which is what I was waiting for and why I didn’t reply yet, but things aren’t really happening.
My ISP gave me an rDNS and I was off several of those dumb blocklists within the hour. One person who could not previously connect to me now can, so that was the issue for that user at least. They were using Mullvad VPN, so Mullvad blocks based on uceprotect or a similar blocklist.
link Englishfedilink 2 years ago20·arrow-up In theory also possible to just be a nuisance by filling out the instances available space? That sounds like it’s gonna get fixed one way or another.
link Englishfedilink 2 years ago1·arrow-up I made my jump from Ubuntu Server to Debian when I containerized everything onto a single proxmox machine.
Replying to both of your comments:
These are captured on both my gateway and the Apache LXC container. The captured packets are identical as far as tcpdump is aware on both of these systems. As far as I can tell, unless there are shenanigans at the firewall WAN NIC, this is how the packets arrive to my firewall.
And I don’t think this is asymmetrical routing if I understand it correctly, as I only have one firewall. My interfaces are configured correctly according to that netgate article.
He’s running Windows 10, unfortunately- but wouldn’t SSL errors show up in Apache logs? His IP appears 0 times in all apache error and access logs dating back 8 months (the beginning of recorded logs).
Here’s another example of a working request to https://drkt.eu, and his non-working request respectively.
21:06:10.038213 IP 185.21.217.51.34034 > 192.168.78.164.443: Flags [S], seq 383581601, win 65535, options [mss 1460,nop,nop,sackOK,nop,wscale 11], length 0 21:06:10.038225 IP 192.168.78.164.443 > 185.21.217.51.34034: Flags [S.], seq 1228608203, ack 383581602, win 64240, options [mss 1460,nop,nop,sackOK,nop,wscale 7], length 0 21:06:10.062959 IP 185.21.217.51.34034 > 192.168.78.164.443: Flags [.], ack 1228608204, win 32, length 0 21:06:10.068861 IP 185.21.217.51.34034 > 192.168.78.164.443: Flags [P.], seq 383581602:383582119, ack 1228608204, win 32, length 517 21:06:10.068878 IP 192.168.78.164.443 > 185.21.217.51.34034: Flags [.], ack 383582119, win 501, length 0 21:06:10.069190 IP 192.168.78.164.443 > 185.21.217.51.34034: Flags [P.], seq 1228608204:1228611124, ack 383582119, win 501, length 2920 21:06:10.069272 IP 192.168.78.164.443 > 185.21.217.51.34034: Flags [P.], seq 1228611124:1228612300, ack 383582119, win 501, length 1176 21:06:10.069905 IP 192.168.78.164.443 > 185.21.217.51.34034: Flags [P.], seq 1228612300:1228613496, ack 383582119, win 501, length 1196 21:06:10.093915 IP 185.21.217.51.34034 > 192.168.78.164.443: Flags [.], ack 1228611124, win 35, length 0 21:06:10.094156 IP 185.21.217.51.34034 > 192.168.78.164.443: Flags [.], ack 1228612300, win 37, length 0 21:06:10.095161 IP 185.21.217.51.34034 > 192.168.78.164.443: Flags [.], ack 1228613496, win 38, length 0 21:06:10.096357 IP 185.21.217.51.34034 > 192.168.78.164.443: Flags [P.], seq 383582119:383582245, ack 1228613496, win 38, length 126 21:06:10.096588 IP 192.168.78.164.443 > 185.21.217.51.34034: Flags [P.], seq 1228613496:1228613547, ack 383582245, win 501, length 51 21:06:10.121482 IP 185.21.217.51.34034 > 192.168.78.164.443: Flags [P.], seq 383582245:383582345, ack 1228613547, win 38, length 100 21:06:10.121749 IP 192.168.78.164.443 > 185.21.217.51.34034: Flags [P.], seq 1228613547:1228614978, ack 383582345, win 501, length 1431 21:06:10.146792 IP 185.21.217.51.34034 > 192.168.78.164.443: Flags [P.], seq 383582345:383582376, ack 1228614978, win 40, length 31 21:06:10.146907 IP 192.168.78.164.443 > 185.21.217.51.34034: Flags [P.], seq 1228614978:1228615009, ack 383582376, win 501, length 31 21:06:10.146931 IP 192.168.78.164.443 > 185.21.217.51.34034: Flags [F.], seq 1228615009, ack 383582376, win 501, length 0 21:06:10.147568 IP 185.21.217.51.34034 > 192.168.78.164.443: Flags [F.], seq 383582376, ack 1228614978, win 40, length 0 21:06:10.147573 IP 192.168.78.164.443 > 185.21.217.51.34034: Flags [.], ack 383582377, win 501, length 0 21:06:10.171696 IP 185.21.217.51.34034 > 192.168.78.164.443: Flags [R], seq 383582376, win 0, length 0 21:06:10.171722 IP 185.21.217.51.34034 > 192.168.78.164.443: Flags [R], seq 383582376, win 0, length 0 21:06:10.172482 IP 185.21.217.51.34034 > 192.168.78.164.443: Flags [R], seq 383582377, win 0, length 0 21:49:09.999249 IP 5.186.33.87.51592 > 192.168.78.164.443: Flags [S], seq 2577736519, win 64240, options [mss 1460,nop,wscale 8,nop,nop,sackOK], length 0 21:49:09.999412 IP 192.168.78.164.443 > 5.186.33.87.51592: Flags [S.], seq 3425825559, ack 2577736520, win 64240, options [mss 1460,nop,nop,sackOK,nop,wscale 7], length 0 21:49:10.254112 IP 5.186.33.87.51594 > 192.168.78.164.443: Flags [S], seq 2174498243, win 64240, options [mss 1460,nop,wscale 8,nop,nop,sackOK], length 0 21:49:10.254425 IP 192.168.78.164.443 > 5.186.33.87.51594: Flags [S.], seq 1029590757, ack 2174498244, win 64240, options [mss 1460,nop,nop,sackOK,nop,wscale 7], length 0 21:49:11.000511 IP 5.186.33.87.51592 > 192.168.78.164.443: Flags [S], seq 2577736519, win 64240, options [mss 1460,nop,wscale 8,nop,nop,sackOK], length 0 21:49:11.000624 IP 192.168.78.164.443 > 5.186.33.87.51592: Flags [S.], seq 3425825559, ack 2577736520, win 64240, options [mss 1460,nop,nop,sackOK,nop,wscale 7], length 0 21:49:11.262009 IP 5.186.33.87.51594 > 192.168.78.164.443: Flags [S], seq 2174498243, win 64240, options [mss 1460,nop,wscale 8,nop,nop,sackOK], length 0 21:49:11.262135 IP 192.168.78.164.443 > 5.186.33.87.51594: Flags [S.], seq 1029590757, ack 2174498244, win 64240, options [mss 1460,nop,nop,sackOK,nop,wscale 7], length 0 21:49:12.010686 IP 192.168.78.164.443 > 5.186.33.87.51592: Flags [S.], seq 3425825559, ack 2577736520, win 64240, options [mss 1460,nop,nop,sackOK,nop,wscale 7], length 0 21:49:12.266608 IP 192.168.78.164.443 > 5.186.33.87.51594: Flags [S.], seq 1029590757, ack 2174498244, win 64240, options [mss 1460,nop,nop,sackOK,nop,wscale 7], length 0 21:49:13.014793 IP 5.186.33.87.51592 > 192.168.78.164.443: Flags [S], seq 2577736519, win 64240, options [mss 1460,nop,wscale 8,nop,nop,sackOK], length 0 21:49:13.014920 IP 192.168.78.164.443 > 5.186.33.87.51592: Flags [S.], seq 3425825559, ack 2577736520, win 64240, options [mss 1460,nop,nop,sackOK,nop,wscale 7], length 0 21:49:13.265504 IP 5.186.33.87.51594 > 192.168.78.164.443: Flags [S], seq 2174498243, win 64240, options [mss 1460,nop,wscale 8,nop,nop,sackOK], length 0 21:49:13.265645 IP 192.168.78.164.443 > 5.186.33.87.51594: Flags [S.], seq 1029590757, ack 2174498244, win 64240, options [mss 1460,nop,nop,sackOK,nop,wscale 7], length 0 21:49:15.046677 IP 192.168.78.164.443 > 5.186.33.87.51592: Flags [S.], seq 3425825559, ack 2577736520, win 64240, options [mss 1460,nop,nop,sackOK,nop,wscale 7], length 0 21:49:15.274640 IP 192.168.78.164.443 > 5.186.33.87.51594: Flags [S.], seq 1029590757, ack 2174498244, win 64240, options [mss 1460,nop,nop,sackOK,nop,wscale 7], length 0 21:49:17.022305 IP 5.186.33.87.51592 > 192.168.78.164.443: Flags [S], seq 2577736519, win 64240, options [mss 1460,nop,wscale 8,nop,nop,sackOK], length 0 21:49:17.022424 IP 192.168.78.164.443 > 5.186.33.87.51592: Flags [S.], seq 3425825559, ack 2577736520, win 64240, options [mss 1460,nop,nop,sackOK,nop,wscale 7], length 0 21:49:17.277539 IP 5.186.33.87.51594 > 192.168.78.164.443: Flags [S], seq 2174498243, win 64240, options [mss 1460,nop,wscale 8,nop,nop,sackOK], length 0 21:49:17.277663 IP 192.168.78.164.443 > 5.186.33.87.51594: Flags [S.], seq 1029590757, ack 2174498244, win 64240, options [mss 1460,nop,nop,sackOK,nop,wscale 7], length 0 21:49:21.226692 IP 192.168.78.164.443 > 5.186.33.87.51592: Flags [S.], seq 3425825559, ack 2577736520, win 64240, options [mss 1460,nop,nop,sackOK,nop,wscale 7], length 0 21:49:21.482700 IP 192.168.78.164.443 > 5.186.33.87.51594: Flags [S.], seq 1029590757, ack 2174498244, win 64240, options [mss 1460,nop,nop,sackOK,nop,wscale 7], length 0 21:49:29.414663 IP 192.168.78.164.443 > 5.186.33.87.51592: Flags [S.], seq 3425825559, ack 2577736520, win 64240, options [mss 1460,nop,nop,sackOK,nop,wscale 7], length 0 21:49:29.670628 IP 192.168.78.164.443 > 5.186.33.87.51594: Flags [S.], seq 1029590757, ack 2174498244, win 64240, options [mss 1460,nop,nop,sackOK,nop,wscale 7], length 0
I’ve learned that the bad checksums are to to be ignored because it’s the NIC that’s responsible for it, so tcpdump sees the wrong checksums and it doesn’t matter. I have also learned that the Apache container actually does see the incoming connections. Here’s an example of my working connection and his connection.
root ~ -> tcpdump -n port 443 ## My machine to https://drkt.eu 15:44:50.985650 IP6 2a05:f6c7:8039:0:c859:8de4:257f:b4ff.53868 > 2a05:f6c7:8039::1337.443: Flags [S], seq 2232908482, win 64800, options [mss 1440,nop,wscale 8,nop,nop,sackOK], length 0 15:44:50.985656 IP6 2a05:f6c7:8039::1337.443 > 2a05:f6c7:8039:0:c859:8de4:257f:b4ff.53868: Flags [S.], seq 1276898910, ack 2232908483, win 64800, options [mss 1440,nop,nop,sackOK,nop,wscale 7], length 0 15:44:50.985780 IP6 2a05:f6c7:8039:0:c859:8de4:257f:b4ff.53868 > 2a05:f6c7:8039::1337.443: Flags [.], ack 1, win 8235, length 0 15:44:50.987032 IP6 2a05:f6c7:8039:0:c859:8de4:257f:b4ff.53868 > 2a05:f6c7:8039::1337.443: Flags [P.], seq 1:518, ack 1, win 8235, length 517 15:44:50.987040 IP6 2a05:f6c7:8039::1337.443 > 2a05:f6c7:8039:0:c859:8de4:257f:b4ff.53868: Flags [.], ack 518, win 503, length 0 15:44:50.987333 IP6 2a05:f6c7:8039::1337.443 > 2a05:f6c7:8039:0:c859:8de4:257f:b4ff.53868: Flags [P.], seq 1:4097, ack 518, win 503, length 4096 15:44:50.987566 IP6 2a05:f6c7:8039:0:c859:8de4:257f:b4ff.53868 > 2a05:f6c7:8039::1337.443: Flags [.], ack 4097, win 8235, length 0 15:44:50.988400 IP6 2a05:f6c7:8039::1337.443 > 2a05:f6c7:8039:0:c859:8de4:257f:b4ff.53868: Flags [P.], seq 4097:5381, ack 518, win 503, length 1284 15:44:50.988531 IP6 2a05:f6c7:8039:0:c859:8de4:257f:b4ff.53868 > 2a05:f6c7:8039::1337.443: Flags [.], ack 5381, win 8229, length 0 15:44:50.992091 IP6 2a05:f6c7:8039:0:c859:8de4:257f:b4ff.53868 > 2a05:f6c7:8039::1337.443: Flags [P.], seq 518:582, ack 5381, win 8229, length 64 15:44:50.992095 IP6 2a05:f6c7:8039:0:c859:8de4:257f:b4ff.53868 > 2a05:f6c7:8039::1337.443: Flags [P.], seq 582:1087, ack 5381, win 8229, length 505 15:44:50.992173 IP6 2a05:f6c7:8039::1337.443 > 2a05:f6c7:8039:0:c859:8de4:257f:b4ff.53868: Flags [.], ack 1087, win 501, length 0 15:44:50.992274 IP6 2a05:f6c7:8039::1337.443 > 2a05:f6c7:8039:0:c859:8de4:257f:b4ff.53868: Flags [P.], seq 5381:5668, ack 1087, win 501, length 287 15:44:50.992342 IP6 2a05:f6c7:8039::1337.443 > 2a05:f6c7:8039:0:c859:8de4:257f:b4ff.53868: Flags [P.], seq 5668:5955, ack 1087, win 501, length 287 15:44:50.992488 IP6 2a05:f6c7:8039:0:c859:8de4:257f:b4ff.53868 > 2a05:f6c7:8039::1337.443: Flags [.], ack 5955, win 8235, length 0 15:44:50.993404 IP6 2a05:f6c7:8039::1337.443 > 2a05:f6c7:8039:0:c859:8de4:257f:b4ff.53868: Flags [P.], seq 5955:10902, ack 1087, win 501, length 4947 15:44:50.993647 IP6 2a05:f6c7:8039:0:c859:8de4:257f:b4ff.53868 > 2a05:f6c7:8039::1337.443: Flags [.], ack 10902, win 8235, length 0 15:44:55.998521 IP6 2a05:f6c7:8039::1337.443 > 2a05:f6c7:8039:0:c859:8de4:257f:b4ff.53868: Flags [P.], seq 10902:10926, ack 1087, win 501, length 24 15:44:55.998547 IP6 2a05:f6c7:8039::1337.443 > 2a05:f6c7:8039:0:c859:8de4:257f:b4ff.53868: Flags [F.], seq 10926, ack 1087, win 501, length 0 15:44:55.998727 IP6 2a05:f6c7:8039:0:c859:8de4:257f:b4ff.53868 > 2a05:f6c7:8039::1337.443: Flags [P.], seq 1087:1111, ack 10926, win 8234, length 24 15:44:55.998733 IP6 2a05:f6c7:8039:0:c859:8de4:257f:b4ff.53868 > 2a05:f6c7:8039::1337.443: Flags [.], ack 10927, win 8234, length 0 15:44:55.998734 IP6 2a05:f6c7:8039:0:c859:8de4:257f:b4ff.53868 > 2a05:f6c7:8039::1337.443: Flags [F.], seq 1111, ack 10927, win 8234, length 0 15:44:55.998736 IP6 2a05:f6c7:8039::1337.443 > 2a05:f6c7:8039:0:c859:8de4:257f:b4ff.53868: Flags [.], ack 1112, win 501, length 0 ## Office dude to https://drkt.eu 15:45:06.759198 IP 5.186.33.87.59842 > 192.168.78.164.443: Flags [S], seq 3042763137, win 64240, options [mss 1460,nop,wscale 8,nop,nop,sackOK], length 0 15:45:06.759210 IP 192.168.78.164.443 > 5.186.33.87.59842: Flags [S.], seq 4039717320, ack 3042763138, win 64240, options [mss 1460,nop,nop,sackOK,nop,wscale 7], length 0 15:45:07.009444 IP 5.186.33.87.59843 > 192.168.78.164.443: Flags [S], seq 1050721154, win 64240, options [mss 1460,nop,wscale 8,nop,nop,sackOK], length 0 15:45:07.009455 IP 192.168.78.164.443 > 5.186.33.87.59843: Flags [S.], seq 1810250599, ack 1050721155, win 64240, options [mss 1460,nop,nop,sackOK,nop,wscale 7], length 0 15:45:07.761986 IP 5.186.33.87.59842 > 192.168.78.164.443: Flags [S], seq 3042763137, win 64240, options [mss 1460,nop,wscale 8,nop,nop,sackOK], length 0 15:45:07.761994 IP 192.168.78.164.443 > 5.186.33.87.59842: Flags [S.], seq 4039717320, ack 3042763138, win 64240, options [mss 1460,nop,nop,sackOK,nop,wscale 7], length 0 15:45:08.011014 IP 5.186.33.87.59843 > 192.168.78.164.443: Flags [S], seq 1050721154, win 64240, options [mss 1460,nop,wscale 8,nop,nop,sackOK], length 0 15:45:08.011023 IP 192.168.78.164.443 > 5.186.33.87.59843: Flags [S.], seq 1810250599, ack 1050721155, win 64240, options [mss 1460,nop,nop,sackOK,nop,wscale 7], length 0 15:45:08.774730 IP 192.168.78.164.443 > 5.186.33.87.59842: Flags [S.], seq 4039717320, ack 3042763138, win 64240, options [mss 1460,nop,nop,sackOK,nop,wscale 7], length 0 15:45:09.030829 IP 192.168.78.164.443 > 5.186.33.87.59843: Flags [S.], seq 1810250599, ack 1050721155, win 64240, options [mss 1460,nop,nop,sackOK,nop,wscale 7], length 0 15:45:09.772318 IP 5.186.33.87.59842 > 192.168.78.164.443: Flags [S], seq 3042763137, win 64240, options [mss 1460,nop,wscale 8,nop,nop,sackOK], length 0 15:45:09.772327 IP 192.168.78.164.443 > 5.186.33.87.59842: Flags [S.], seq 4039717320, ack 3042763138, win 64240, options [mss 1460,nop,nop,sackOK,nop,wscale 7], length 0 15:45:10.020444 IP 5.186.33.87.59843 > 192.168.78.164.443: Flags [S], seq 1050721154, win 64240, options [mss 1460,nop,wscale 8,nop,nop,sackOK], length 0 15:45:10.020452 IP 192.168.78.164.443 > 5.186.33.87.59843: Flags [S.], seq 1810250599, ack 1050721155, win 64240, options [mss 1460,nop,nop,sackOK,nop,wscale 7], length 0 15:45:11.782726 IP 192.168.78.164.443 > 5.186.33.87.59842: Flags [S.], seq 4039717320, ack 3042763138, win 64240, options [mss 1460,nop,nop,sackOK,nop,wscale 7], length 0 15:45:12.038818 IP 192.168.78.164.443 > 5.186.33.87.59843: Flags [S.], seq 1810250599, ack 1050721155, win 64240, options [mss 1460,nop,nop,sackOK,nop,wscale 7], length 0 15:45:13.778722 IP 5.186.33.87.59842 > 192.168.78.164.443: Flags [S], seq 3042763137, win 64240, options [mss 1460,nop,wscale 8,nop,nop,sackOK], length 0 15:45:13.778730 IP 192.168.78.164.443 > 5.186.33.87.59842: Flags [S.], seq 4039717320, ack 3042763138, win 64240, options [mss 1460,nop,nop,sackOK,nop,wscale 7], length 0 15:45:14.026072 IP 5.186.33.87.59843 > 192.168.78.164.443: Flags [S], seq 1050721154, win 64240, options [mss 1460,nop,wscale 8,nop,nop,sackOK], length 0 15:45:14.026082 IP 192.168.78.164.443 > 5.186.33.87.59843: Flags [S.], seq 1810250599, ack 1050721155, win 64240, options [mss 1460,nop,nop,sackOK,nop,wscale 7], length 0 15:45:18.026717 IP 192.168.78.164.443 > 5.186.33.87.59842: Flags [S.], seq 4039717320, ack 3042763138, win 64240, options [mss 1460,nop,nop,sackOK,nop,wscale 7], length 0 15:45:18.282740 IP 192.168.78.164.443 > 5.186.33.87.59843: Flags [S.], seq 1810250599, ack 1050721155, win 64240, options [mss 1460,nop,nop,sackOK,nop,wscale 7], length 0 15:45:26.214732 IP 192.168.78.164.443 > 5.186.33.87.59842: Flags [S.], seq 4039717320, ack 3042763138, win 64240, options [mss 1460,nop,nop,sackOK,nop,wscale 7], length 0 15:45:26.474741 IP 192.168.78.164.443 > 5.186.33.87.59843: Flags [S.], seq 1810250599, ack 1050721155, win 64240, options [mss 1460,nop,nop,sackOK,nop,wscale 7], length 0 15:45:42.342747 IP 192.168.78.164.443 > 5.186.33.87.59842: Flags [S.], seq 4039717320, ack 3042763138, win 64240, options [mss 1460,nop,nop,sackOK,nop,wscale 7], length 0 15:45:42.598745 IP 192.168.78.164.443 > 5.186.33.87.59843: Flags [S.], seq 1810250599, ack 1050721155, win 64240, options [mss 1460,nop,nop,sackOK,nop,wscale 7], length 0
Sometimes I just sit and stare at my apache access logs because I’m bored
GoAccess is pretty nice for a broad overview of Apache logs, also.
For other services I generally just look at them every now and then and if something looks off I investigate. I found a cryptominer on my network once because it was spamming DNS and that shows up in DNS logs.