moth/doc/2013-02-TF5/netre-email.txt

166 lines
5.8 KiB
Plaintext

From: Neale Pickett <neale@lanl.gov>
To: RCPT
Subject: Tracer FIRE: Network Archaeology Information
Welcome to the Network Archaeology course!
Your token is: TOKEN. Please write this down, but protect it as
though it were a password.
Summary
--------
* 8-11 AM and 1-4 PM (US/Mountain), Mon Feb 4 - Tue Feb 5
* Get started at http://tf5.lanl.gov/netarch.html
* Work at your own pace, using tutorial videos on YouTube
* Connect to irc://irc.oftc.net/netarch for Q/A
* Use you token (TOKEN) to ask questions and check lab answers
IRC is going to be the biggest challenge for some participants. We urge
you to connect to IRC and test the channel moderation bot before Monday,
since we won't be able to help you get connected during the course.
What to Expect
------------
Network Archaeology is a self-paced course, consisting of tutorial
labs and video tutorials on YouTube. Instructors are available on IRC
(Internet Relay Chat) to answer questions and provide help as you work
through the labs at your own speed.
When the course begins Monday morning at 8:00AM US/Mountain, log on to
IRC, then check the web page at http://tf5.lanl.gov/netarch.html for links
to the lab server, an introductory video, and tutorial videos on YouTube.
After the first 8 labs, we expect you to figure out on your own
how to approach and solve problems. We will update the page at
http://tf5.lanl.gov/netarch.html with links to more tutorial videos to
keep you from getting stuck, though.
You will see questions and answers in the IRC channel. When you have
a question of your own, message the moderator from your IRC client:
/msg netarch-moderator TOKEN What does = mean in base64?
Course requirements
----------------
You need:
* A laptop with Linux or MacOS (Linux preferred, inside a VM is fine)
* Wireshark
* tcpdump
* tcpflow
* gcc and make
* python3
* A plain text or code editor, such as gedit
* An IRC client such as xchat or pidgin
Please have all your software installed and ready to go when the course
begins. We will not be available to help with software installation.
Connecting to IRC
--------------
IRC is the technology used by NNSA's Tracer group for collaborative
incident response, and it will soon be used by DOE's NSM group as well.
If you have never used IRC before, we urge you to test it out before
Monday. Neither Patrick nor Neale will be available to provide assistance
connecting to IRC after the course begins: please familiarize yourself
with IRC before Monday.
If you are on LANL's collab IRC server, you may join channel #tf5 right
now; I am in the channel and would be happy to chat with you. The collab
channel is unmoderated, you may ask questions right in the channel.
You can skip the rest of the IRC sections.
If you are not on LANL's collab IRC server, or don't know what that means,
you need to connect to the moderated channel on OFTC. You may install
any IRC client you like--I use xchat--and tell it to connect to the OFTC
network (irc.oftc.net).
If you can't connect to IRC with an installed client, you may have better
luck with the web-based Mibbit (http://www.mibbit.com/). Remember to
select the OFTC network, and to put # in front of channel names.
IRC Channels
----------
There are two OFTC channel for the course: #tf5 and #netarch.
#tf5 is an unmoderated channel for all Tracer FIRE 5 participants.
You may be able to get help from other people (not the instructors)
in #tf5. You don't have to join #tf5, though: it's optional.
#netarch is the course channel, and is moderated. Questions must be
sent to netarch-moderator, with your token. For example:
/msg netarch-moderator TOKEN How do I start a Python shell?
netarch-moderator will reply saying it has put your question in the queue,
and it will send your question to #netarch when the instructors are ready.
If you provide an invalid token, or don't provide a token at all, the
moderator will not respond.
Testing your IRC connection
----------------------
I implore you to connect to IRC right now, join #netarch, and make sure
you understand how to send messages to the moderator. You can verify
that the moderator sees your token by typing:
/msg netarch-moderator TOKEN test
Where to go for technical support
--------------------------
Due to the number of participants we have this year, we will not be able
to provide any technical support outside of helping you work through labs.
There will be people in the #tf5 IRC channel who may be willing to assist
you if you ask nicely.
For this reason, it is very important that you have figured out how to
connect to IRC before Monday. There are many resources on the Internet
to help you with this.
A few of you will be unable to connect to IRC, even after going over
the instructions in this email carefully. I apologize in advance for
being unable to help you get connected during the course.
About your Instructors
------------------
Neale Pickett, Los Alamos National Laboratory
Neale created the network archaeology toolkit for python, and is
the principal organizer of Tracer FIRE. He has been involved in
several high-profile incident response efforts across DOE/NNSA
since 2005, and has been teaching this course since 2010.
Patrick Avery, Pantex Plant
Patrick, a former and current student of Neale, is one of the
biggest advertisers of the network archaology toolkit -- singing
its glory from the mountaintops. He has been involved in several
high-profile incident response efforts across DOE/NNSA since
2009 and has been assisting with this course since 2011.
The Tracer FIRE Registration and Moderation Fairies
The Tracer FIRE Fairies are new in 2013. The Registration Fairy
is sorry for sending so many emails, and the Moderation Fairy is
sorry you lost your token (which is TOKEN).