mirror of https://github.com/dirtbags/moth.git
class info emails
This commit is contained in:
parent
ced9dccff0
commit
25b1ed5af2
|
@ -1,165 +0,0 @@
|
||||||
From: Neale Pickett <neale@lanl.gov>
|
|
||||||
To: RCPT
|
|
||||||
Subject: Tracer FIRE: Network Archaeology Information
|
|
||||||
|
|
||||||
Welcome to the Network Archaeology course!
|
|
||||||
|
|
||||||
Your token is: TOKEN. Please write this down, but protect it as
|
|
||||||
though it were a password.
|
|
||||||
|
|
||||||
|
|
||||||
Summary
|
|
||||||
--------
|
|
||||||
|
|
||||||
* 8-11 AM and 1-4 PM (US/Mountain), Mon Feb 4 - Tue Feb 5
|
|
||||||
* Get started at http://tf5.lanl.gov/netarch.html
|
|
||||||
* Work at your own pace, using tutorial videos on YouTube
|
|
||||||
* Connect to irc://irc.oftc.net/netarch for Q/A
|
|
||||||
* Use you token (TOKEN) to ask questions and check lab answers
|
|
||||||
|
|
||||||
IRC is going to be the biggest challenge for some participants. We urge
|
|
||||||
you to connect to IRC and test the channel moderation bot before Monday,
|
|
||||||
since we won't be able to help you get connected during the course.
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
What to Expect
|
|
||||||
------------
|
|
||||||
|
|
||||||
Network Archaeology is a self-paced course, consisting of tutorial
|
|
||||||
labs and video tutorials on YouTube. Instructors are available on IRC
|
|
||||||
(Internet Relay Chat) to answer questions and provide help as you work
|
|
||||||
through the labs at your own speed.
|
|
||||||
|
|
||||||
When the course begins Monday morning at 8:00AM US/Mountain, log on to
|
|
||||||
IRC, then check the web page at http://tf5.lanl.gov/netarch.html for links
|
|
||||||
to the lab server, an introductory video, and tutorial videos on YouTube.
|
|
||||||
|
|
||||||
After the first 8 labs, we expect you to figure out on your own
|
|
||||||
how to approach and solve problems. We will update the page at
|
|
||||||
http://tf5.lanl.gov/netarch.html with links to more tutorial videos to
|
|
||||||
keep you from getting stuck, though.
|
|
||||||
|
|
||||||
You will see questions and answers in the IRC channel. When you have
|
|
||||||
a question of your own, message the moderator from your IRC client:
|
|
||||||
|
|
||||||
/msg netarch-moderator TOKEN What does = mean in base64?
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
Course requirements
|
|
||||||
----------------
|
|
||||||
|
|
||||||
You need:
|
|
||||||
|
|
||||||
* A laptop with Linux or MacOS (Linux preferred, inside a VM is fine)
|
|
||||||
* Wireshark
|
|
||||||
* tcpdump
|
|
||||||
* tcpflow
|
|
||||||
* gcc and make
|
|
||||||
* python3
|
|
||||||
* A plain text or code editor, such as gedit
|
|
||||||
* An IRC client such as xchat or pidgin
|
|
||||||
|
|
||||||
Please have all your software installed and ready to go when the course
|
|
||||||
begins. We will not be available to help with software installation.
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
Connecting to IRC
|
|
||||||
--------------
|
|
||||||
|
|
||||||
IRC is the technology used by NNSA's Tracer group for collaborative
|
|
||||||
incident response, and it will soon be used by DOE's NSM group as well.
|
|
||||||
If you have never used IRC before, we urge you to test it out before
|
|
||||||
Monday. Neither Patrick nor Neale will be available to provide assistance
|
|
||||||
connecting to IRC after the course begins: please familiarize yourself
|
|
||||||
with IRC before Monday.
|
|
||||||
|
|
||||||
If you are on LANL's collab IRC server, you may join channel #tf5 right
|
|
||||||
now; I am in the channel and would be happy to chat with you. The collab
|
|
||||||
channel is unmoderated, you may ask questions right in the channel.
|
|
||||||
You can skip the rest of the IRC sections.
|
|
||||||
|
|
||||||
If you are not on LANL's collab IRC server, or don't know what that means,
|
|
||||||
you need to connect to the moderated channel on OFTC. You may install
|
|
||||||
any IRC client you like--I use xchat--and tell it to connect to the OFTC
|
|
||||||
network (irc.oftc.net).
|
|
||||||
|
|
||||||
If you can't connect to IRC with an installed client, you may have better
|
|
||||||
luck with the web-based Mibbit (http://www.mibbit.com/). Remember to
|
|
||||||
select the OFTC network, and to put # in front of channel names.
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
IRC Channels
|
|
||||||
----------
|
|
||||||
|
|
||||||
There are two OFTC channel for the course: #tf5 and #netarch.
|
|
||||||
|
|
||||||
#tf5 is an unmoderated channel for all Tracer FIRE 5 participants.
|
|
||||||
You may be able to get help from other people (not the instructors)
|
|
||||||
in #tf5. You don't have to join #tf5, though: it's optional.
|
|
||||||
|
|
||||||
#netarch is the course channel, and is moderated. Questions must be
|
|
||||||
sent to netarch-moderator, with your token. For example:
|
|
||||||
|
|
||||||
/msg netarch-moderator TOKEN How do I start a Python shell?
|
|
||||||
|
|
||||||
netarch-moderator will reply saying it has put your question in the queue,
|
|
||||||
and it will send your question to #netarch when the instructors are ready.
|
|
||||||
|
|
||||||
If you provide an invalid token, or don't provide a token at all, the
|
|
||||||
moderator will not respond.
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
Testing your IRC connection
|
|
||||||
----------------------
|
|
||||||
|
|
||||||
I implore you to connect to IRC right now, join #netarch, and make sure
|
|
||||||
you understand how to send messages to the moderator. You can verify
|
|
||||||
that the moderator sees your token by typing:
|
|
||||||
|
|
||||||
/msg netarch-moderator TOKEN test
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
Where to go for technical support
|
|
||||||
--------------------------
|
|
||||||
|
|
||||||
Due to the number of participants we have this year, we will not be able
|
|
||||||
to provide any technical support outside of helping you work through labs.
|
|
||||||
There will be people in the #tf5 IRC channel who may be willing to assist
|
|
||||||
you if you ask nicely.
|
|
||||||
|
|
||||||
For this reason, it is very important that you have figured out how to
|
|
||||||
connect to IRC before Monday. There are many resources on the Internet
|
|
||||||
to help you with this.
|
|
||||||
|
|
||||||
A few of you will be unable to connect to IRC, even after going over
|
|
||||||
the instructions in this email carefully. I apologize in advance for
|
|
||||||
being unable to help you get connected during the course.
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
About your Instructors
|
|
||||||
------------------
|
|
||||||
|
|
||||||
Neale Pickett, Los Alamos National Laboratory
|
|
||||||
Neale created the network archaeology toolkit for python, and is
|
|
||||||
the principal organizer of Tracer FIRE. He has been involved in
|
|
||||||
several high-profile incident response efforts across DOE/NNSA
|
|
||||||
since 2005, and has been teaching this course since 2010.
|
|
||||||
|
|
||||||
Patrick Avery, Pantex Plant
|
|
||||||
Patrick, a former and current student of Neale, is one of the
|
|
||||||
biggest advertisers of the network archaology toolkit -- singing
|
|
||||||
its glory from the mountaintops. He has been involved in several
|
|
||||||
high-profile incident response efforts across DOE/NNSA since
|
|
||||||
2009 and has been assisting with this course since 2011.
|
|
||||||
|
|
||||||
The Tracer FIRE Registration and Moderation Fairies
|
|
||||||
The Tracer FIRE Fairies are new in 2013. The Registration Fairy
|
|
||||||
is sorry for sending so many emails, and the Moderation Fairy is
|
|
||||||
sorry you lost your token (which is TOKEN).
|
|
Loading…
Reference in New Issue