Difference between pages "Tutorials/Tutorial: Packets don't lie: how can you use tcpdump/tshark (wireshark) to prove your point." and "Birds of a Feather sessions (BoFs)"

From LCA2016 Delegate wiki
(Difference between pages)
Jump to: navigation, search
 
(Keep Talking added for Thursday afternoon)
 
Line 1: Line 1:
===PREREQUISITES===
+
== Birds of a Feather (BoF) Sessions ==
Please note that this is a tutorial, not a talk.
+
You should have tcpdump and  wireshark INSTALLED and do some captures BEFORE you come to the tutorial.
+
To find wireshark packages do something like this:
+
<pre>
+
#archlinux
+
pacman -Ss wireshark tcpdump
+
#debian
+
apt-cache search wireshark tcpdump
+
#fedora
+
yum search wireshark tcpdump
+
</pre>
+
Please install both GUI and CLI packages.
+
  
Please add the user you are going to run wireshark/tshark as to the 'wireshark' user group.  
+
Although not an official social event of the Conference, Birds of a Feather - or BoFs as they are known - allow Delegates to meet around a particular topic or interest. BoFs usually occur during lunchtime, or after the main Conference presentations for the day.  
<pre>
+
gpasswd -a james wireshark
+
</pre>
+
After this user 'james' will need to log out and log in again!
+
  
 +
==== Instructions ====
 +
Edit the table below to claim a BoF, and provide a way for people to contact you.
 +
''Rooms will be added later.'' See also: [[mw:Help:Tables|Tables Help]].
  
If that still DOESN'T work,  you might want to add a capability. Do it ONLY if you are still unable to do capture.
+
{| class="wikitable" style="text-align:center"
<pre>
+
<!-- Table Headers -->
setcap cap_net_raw,cap_net_admin=eip /usr/bin/dumpcap
+
|+Birds of a Feather (BoF) Sessions
</pre>
+
!
 +
!Monday 1st Feb
 +
!Tuesday 2nd Feb
 +
!Wednesday 3rd Feb
 +
!Thursday 4th Feb
 +
!Friday 5th Feb
  
When finished, have a look around at what files came with the package:
+
|-
<pre>
+
! Early birds
tcpdump --version
+
06:00
tshark --version
+
<!-- Mon -->
</pre>
+
| [[Running BoF]]
List binaries that came with the packge (example is for archlinux, for rmp-like do 'rpm -ql wireshark', for debian 'dpkg -L wireshark')
+
<!-- Tue -->
<pre>
+
| [[Running BoF]]
pacman -Ql wireshark-cli|grep bin
+
<!-- Wed -->
wireshark-cli /usr/bin/androiddump
+
| [[Running BoF]]
wireshark-cli /usr/bin/capinfos
+
<!-- Thu -->
wireshark-cli /usr/bin/captype        #same as 'capinfos -t'
+
| [[Running BoF]]
wireshark-cli /usr/bin/dftest        #display filter byte-code for debugging
+
<!-- Fri -->
wireshark-cli /usr/bin/dumpcap        #can write files
+
| [[Running BoF]]
wireshark-cli /usr/bin/editcap        #snaplenth, or split into multiple based on time, number of packets, adjust time
+
|-
wireshark-cli /usr/bin/idl2wrs
+
! Not-as-Early birds
wireshark-cli /usr/bin/mergecap
+
07:00
wireshark-cli /usr/bin/randpkt        #creates a legitimate EthernetII packet with the given Type field set
+
<!-- Mon -->
wireshark-cli /usr/bin/rawshark      #cannot write files, only to standard output
+
| [[Interval Training BoF]]
wireshark-cli /usr/bin/reordercap    #part of the functionality of the editcap
+
<!-- Tue -->
wireshark-cli /usr/bin/text2pcap      #hexdump -> pcap
+
| [[Interval Training BoF]]
wireshark-cli /usr/bin/tshark
+
<!-- Wed -->
wireshark-cli /usr/include/wireshark/epan/dissectors/packet-ypbind.h
+
| [[Interval Training BoF]]
wireshark-cli /usr/share/wireshark/radius/dictionary.bintec
+
<!-- Thu -->
 +
| [[Interval Training BoF]]
 +
<!-- Fri -->
 +
| [[Interval Training BoF]]
  
</pre>
+
<!-- Keynote Speakers -->
 +
|- style="background-color: #f2f2f2;text-align:center;"
 +
! 09:00
 +
| Opening
 +
| scope="row" colspan="4" |Keynote Speakers
  
=Capturing=
+
|-
====browsing exercise ====
+
! Morning Tea
# start capturing
+
10:00—10:40
# navigate your browser to linux.conf.au
+
<!--Mon-->
# navigate your browser to google.com
+
|Session
# navigate your browser to xxxxxxx (your choice)
+
<!--Tue-->
 +
|Session
 +
<!--Wed-->
 +
|Session
 +
<!--Thu-->
 +
|Session
 +
<!--Fri-->
 +
|Session
  
====have a look at the capture files that you generated====
+
<!-- Regular Schedule -->
<pre>
+
|- style="background-color: #f2f2f2;text-align:center;"
capinfos -T *.pcap{,ng}
+
|scope="row" colspan="6" | Regular Schedule
</pre>
+
==capture interfaces==
+
<pre>
+
tcpdump -D
+
tshark -D
+
# try with no interface
+
tshark
+
</pre>
+
  
=expert info=
+
|-
==GUI==
+
!Lunch Break
        capinfo
+
12:20—13:20
        lower bottom corner
+
<!--Mon-->
                expert info
+
|[[Queer BoF]]
                file name
+
<!--Tue-->
                packets, etc
+
|[[Perl BoF]] D2.193 <p> [[Autonomous Robots BoF]] D.211
        statistics -> protocol hierarchy
+
<!--Wed-->
        statistics -> HTTP -> packet counter
+
|[[Emacs BoF]] D2.193 <br/> [[Safer Payments BoF]] D.211
        statistics -> HTTP -> requests
+
Exploding kittens bof- student lounge
        extract objects
+
<br/>Cards Against Humanity BoF D.211
        follow TCP stream
+
<!--Thu-->supoort
        coloring rules
+
|[[Ladies' Lunch]]
        Statistics -> IPv4 Statistics -> Destinations and  Ports
+
[[Debian Lunch]] @ Dennys?
==CLI==
+
<br/>Cards Against Humanity BoF - D.211
<pre>
+
<!--Fri-->
! tshark -q -z ptype,tree
+
|[[Conservancy supporters|Software Freedom Conservancy supporters lunch]] - meet near rego
! tshark -q -z io,stat,20,eth -q
+
[[Hackerspace BoF]] - D2. 193 How to run one and support.
! tshark -q -z io,stat,20,http -q
+
 
! tshark -q -z io,stat,20,,"BYTES()http" -q
+
[[Home Automation BoF]] (D2.211 - incl. Sensors & Open Hardware)
! tshark -q -z http,tree
+
 
! tshark -q -z http_req,tree
+
<!-- Regular Schedule -->
! tshark -q -z http_srv,tree
+
|- style="background-color: #f2f2f2;text-align:center;"
create a capture file for icmp
+
|scope="row" colspan="6"|Regular Schedule
! tshark -q -z icmp,srt
+
 
! tshark -q -z io,phs
+
|-
! tshark -q -z io,stat
+
!Afternoon Tea
! tshark -q -z ip_hosts,tree
+
15:00—15:40
! tshark -q -z plen,tree
+
<!--Mon-->
! tshark -q -z endpoints,eth
+
|Session
! tshark -q -z endpoints,eth,
+
<!--Tue-->
! tshark -q -z endpoints,ip
+
|Session
! tshark -q -z conv,eth
+
<!--Wed-->
! tshark -q -z conv,udp
+
|[[BlueHackers BoF]] D2.193
! tshark -q -z conv,tcp
+
<!--Thu-->
! tshark -q -z conv
+
|[[Jobs Page|Jobs BoF]] D.211
! tshark -q -z expert,error -q
+
Keep Talking and Nobody Explodes (Unallocated)
! tshark -q -z expert,note -q
+
<!--Fri-->
</pre>
+
|[https://www.rust-lang.org/ Rust Language] BoF (D2.193?)
 +
 
 +
<!-- Regular Schedule -->
 +
|- style="background-color: #f2f2f2;text-align:center;"
 +
|scope="row" colspan="5" |Regular Schedule
 +
|[[Lightning_talks|LightningTalks]] & Closing
 +
 
 +
|-
 +
!Evening
 +
17:20—
 +
<!--Mon-->
 +
|[[Ingress BoF]] D.192
 +
[[Libre Instant Messaging and Social Media BoF|Libre IM & Social BoF]] D2.211
 +
<!--Tue-->
 +
|[[Keysigning bof|Keysigning BoF]] D2.211
 +
<!--Wed-->
 +
|[[Kerbal BoF]] D2.193
 +
<!--Thu-->
 +
|[[Parallelism and Concurrency BoF]] D2.193
 +
[[Factorio BoF|Factorio BoF]]
 +
<!--Fri-->
 +
|Session
 +
 
 +
<!-- Regular Schedule -->
 +
|- style="background-color: #f2f2f2;text-align:center;"
 +
!18:00—
 +
<!--Mon-->
 +
|[[LA AGM]] D.193
 +
<!--Tue-->
 +
|[[Professional Delegates Networking Session (PDNS)|PDNS]]
 +
<!--Wed-->
 +
|[[Penguin Dinner]]
 +
<!--Thu-->
 +
|[[Speakers' Dinner]]
 +
<!--Fri-->
 +
|[[EFA Drinks]]
 +
|}
 +
 
 +
 
 +
Unscheduled sessions:
 +
{{Template:Navigation}}
 +
 
 +
{{BoF}}
 +
 
 +
[[Category:Events]]

Revision as of 09:40, 4 February 2016

Birds of a Feather (BoF) Sessions

Although not an official social event of the Conference, Birds of a Feather - or BoFs as they are known - allow Delegates to meet around a particular topic or interest. BoFs usually occur during lunchtime, or after the main Conference presentations for the day.

Instructions

Edit the table below to claim a BoF, and provide a way for people to contact you. Rooms will be added later. See also: Tables Help.

Birds of a Feather (BoF) Sessions
Monday 1st Feb Tuesday 2nd Feb Wednesday 3rd Feb Thursday 4th Feb Friday 5th Feb
Early birds

06:00

Running BoF Running BoF Running BoF Running BoF Running BoF
Not-as-Early birds

07:00

Interval Training BoF Interval Training BoF Interval Training BoF Interval Training BoF Interval Training BoF
09:00 Opening Keynote Speakers
Morning Tea

10:00—10:40

Session Session Session Session Session
Regular Schedule
Lunch Break

12:20—13:20

Queer BoF Perl BoF D2.193

Autonomous Robots BoF D.211

Emacs BoF D2.193
Safer Payments BoF D.211

Exploding kittens bof- student lounge
Cards Against Humanity BoF D.211 supoort

Ladies' Lunch

Debian Lunch @ Dennys?
Cards Against Humanity BoF - D.211

Software Freedom Conservancy supporters lunch - meet near rego

Hackerspace BoF - D2. 193 How to run one and support.

Home Automation BoF (D2.211 - incl. Sensors & Open Hardware)

Regular Schedule
Afternoon Tea

15:00—15:40

Session Session BlueHackers BoF D2.193 Jobs BoF D.211

Keep Talking and Nobody Explodes (Unallocated)

Rust Language BoF (D2.193?)
Regular Schedule LightningTalks & Closing
Evening

17:20—

Ingress BoF D.192

Libre IM & Social BoF D2.211

Keysigning BoF D2.211 Kerbal BoF D2.193 Parallelism and Concurrency BoF D2.193

Factorio BoF

Session
18:00— LA AGM D.193 PDNS Penguin Dinner Speakers' Dinner EFA Drinks


Unscheduled sessions:


ATTENDEE TYPE:

Information for Speakers | Information for Delegates | Information for Volunteers | Information for Partners and family

CONFERENCE LIFECYCLE:

Registering for linux.conf.au | Getting to linux.conf.au | Where to stay at linux.conf.au | What to expect at linux.conf.au | What to do at linux.conf.au | What happens after linux.conf.au

HANDY LINKS:

Conference Home | Miniconf_Info | Lightning_talks | Wiki Home | Register | Schedule | OpenStreetMap of Geelong


Birds of a Feather sessions (BoFs)
Autonomous Robots Emacs Ingress Interval Training Kerbal Keysigning Libre Social Media Parallelism Perl Queer Running Taswegian Bibleopoly