Another problem from the 5th annual Army Cyber Skills Challenge. The problem is called slow_mover and can be found here.
Your boss just handed you this PCAP that one of your network sensors captured. He’s positive that there is something fishy going on here but has no clue what it is.
Today Signal-Chief.com is joining the likes of Github, Google, Amazon and host of countless others who are protesting the FCC’s proposal to end its current policy of Net Neutrality.
One thing that I first noticed occasionally as a Net Tech, and then more as an OC/T at NTC and finally a ton now that I have moved into the cyber side of the world is the just how important logs can be. The problem….we suck at actually saving the stupid things.
By and large I personally think that most of us are much more comfortable with layer three than any other layer in the OSI model. We deal with it each and every day. We have a number of tools at our disposal which make it very easy for us to see if/when it’s working and just how the data is traveling. To start with though, we have to know just how things are supposed to work.
When I entered the Army in July 1999, I came in as 31F (switch operator). Anyone who worked with MSE will remember that it had almost absolutely no data capabilities, but also that it was extremely easy to troubleshoot. Signal flow for MSE was pretty darn easy to understand. If you understood the idea of how the system worked, the signal flow was easy to follow. With the introduction of JNN and IP data networks to tactical communications, logical and physical said “It’s been fun” and headed their separate ways leaving our operators and even ourselves busy scratching our heads wondering how the hell it all worked.
When there is a problem with the network, time matters. We need to be able to quickly move from device to device in order to identify and rectify the problem. In order for this to occur, we have to know where to go to next, and how to get there.
Let me give you a scenario. You are having some problems on the network that are spread across several devices. You go into the log file of each device and see a bunch of messages with a mix-match of various times that mean absolutely nothing to you. In short, you have no idea what is going on with your network.
We have all learned an important lesson in life the hard way. When it comes to working on the router or switch, there is often a couple of commands that you discovered after beating your head against the wall for a while that if you had known about them earlier, would have made your life so much easier. These are those commands for me.
There are a few things that are in WIN-T that are not explained in school. You either find yourself figuring it out or being told by another Warrant. How many of you have noticed that there are configurations available for all your equipment in TXT format? How many of you use them to blow in configurations when replacing gear from your spares? How many of you have read all the comments?
A couple of weeks ago we talked about what affect changes to our network can have when we add HCLOS and other links between nodes. In that article, we talked exclusively about NIPR traffic going across the network and didn’t mention anything about SIPR. So what happens with our SIPR traffic if we install a HCLOS link?