0.7 sf26eu 2026-11-02 2026-11-06 5 00:05 https://conference.wireshark.org Europe/Brussels Room 1 Pre Conference Class 2026-11-02T09:00:00+01:00 09:00 08:00 **Hands on Wireshark Lab and Wireshark Certified Analyst Prep** Practical Wireshark Troubleshooting is a two-day, hands-on course designed to strengthen your packet analysis and troubleshooting skills. On Day 1, Ross Bagurdes guides you through Wireshark’s key features, capture methods, filtering techniques, and foundational protocols at the Data Link and Network layers. On Day 2, Chris Greer takes you deeper into Transport and Application layer analysis, focusing on TCP, UDP, and the tools that uncover real-world performance problems. By the end, you’ll know how to approach network issues with confidence — and be better prepared for the Wireshark Certified Analyst exam. sf26eu-212-0-pre-conference-class-i-practical-wireshark-skills-for-it-professionals Pre-conference class Ross Bagurdes en Level up your Wireshark skills and get ready for Sharkfest! This hands-on course will provide core Wireshark skills for IT pros of all experience levels. Participants will gain a solid understanding of how to use Wireshark to capture, analyze, and troubleshoot network traffic. The course is designed with beginners in mind, but even seasoned packet people will pick up new tips and tricks. false https://conference.wireshark.org/sf26eu/talk/7JUZMZ/ https://conference.wireshark.org/sf26eu/talk/7JUZMZ/feedback/ Room 2 Pre Conference Class 2026-11-02T09:00:00+01:00 09:00 08:00 If you have users complaining about audio issues in their Teams/Meet/Zoom calls and need to find out the reason. - If you need to configure your network perimeter to optimally support WebRTC traffic under specific regulations -> this class is for you. **Goal** After this class you will be able to take a capture of a WebRTC Web Conferencing call, analyze the salient call components for potential problems and implement the required measures in your network perimeters to overcome such problems. After a general introduction of WebRTC we will show the use of AI tools for a quick start, and then dive into the packets. There will be prepared captures, and a live capture sessions - but you can also bring our own captures or capture with your specific Web conferencing tool (as long as it uses WebRTC) sf26eu-209-pre-conference-class-ii-webrtc-network-analysis-masterclass Intermediate Robert Hess en ## Agenda Which products use WebRTC and how are they different **Call setup in a nutshell** (explained with a capture - we use one very typical capture throughout the course) - What happens before WebRTC kicks in (Signaling, SDP) - Connectivity detection ICE/STUN/TURN - What can I optimize on client side (restrict candidates) **Analyzing the capture** - What AI can tell us about the capture - Go through the setup packet by packet and check the media flows **Media Performance** - UDP vs TCP - Packet loss & delay in a worldwide network **Doing a live capture** - Decrypt signaling - Check a few selected captures **The nasty stuff (and how to deal with it)** - Packet filters - Proxies & Zscaler - VPN & SDWAN - Reconnect times - TURN servers **What's the difference in how the various products use WebRTC** Teams Zoom Webex GotoMeeting Google Meet false https://conference.wireshark.org/sf26eu/talk/7TVPHQ/ https://conference.wireshark.org/sf26eu/talk/7TVPHQ/feedback/ Room 1 Pre Conference Class 2026-11-03T09:00:00+01:00 09:00 08:00 **Hands on Wireshark Lab and Wireshark Certified Analyst Prep** Practical Wireshark Troubleshooting is a two-day, hands-on course designed to strengthen your packet analysis and troubleshooting skills. On Day 1, Ross Bagurdes guides you through Wireshark’s key features, capture methods, filtering techniques, and foundational protocols at the Data Link and Network layers. On Day 2, Chris Greer takes you deeper into Transport and Application layer analysis, focusing on TCP, UDP, and the tools that uncover real-world performance problems. By the end, you’ll know how to approach network issues with confidence — and be better prepared for the Wireshark Certified Analyst exam. sf26eu-212-1-pre-conference-class-i-practical-wireshark-skills-for-it-professionals Pre-conference class Ross Bagurdes en Level up your Wireshark skills and get ready for Sharkfest! This hands-on course will provide core Wireshark skills for IT pros of all experience levels. Participants will gain a solid understanding of how to use Wireshark to capture, analyze, and troubleshoot network traffic. The course is designed with beginners in mind, but even seasoned packet people will pick up new tips and tricks. false https://conference.wireshark.org/sf26eu/talk/7JUZMZ/ https://conference.wireshark.org/sf26eu/talk/7JUZMZ/feedback/ Room 1 Dinner 2026-11-03T17:30:00+01:00 17:30 03:00 Let's kick-off the conference in style! sf26eu-213-sharkfest-26-europe-welcome-dinner-sponsor-showcase Organization en false https://conference.wireshark.org/sf26eu/talk/XBMHVL/ https://conference.wireshark.org/sf26eu/talk/XBMHVL/feedback/ Room 2 Pre Conference Class 2026-11-03T09:00:00+01:00 09:00 08:00 In a world of encrypted traffic and sophisticated evasion, the network remains the ultimate source of truth. Security tools may alert you that something is wrong, but the packets tell you exactly what happened on the wire. This intensive one-day training transforms Wireshark from a simple troubleshooting tool into a powerful forensic engine. We move beyond basic protocol analysis to focus on the indicators of compromise (IoCs) and threat actor behavior hidden in plain sight. Participants will learn how to identify the subtle "heartbeats" of malware, recognize command and control (C2) patterns, and dissect behavior at various stages of an attack. Through hands-on labs using real-world pcap datasets, we will cover: Expert Filtering: Crafting security-focused display filters to cut through the noise. Behavioral Analysis: Identifying anomalies in TCP/IP handshakes and DNS queries. Actionable Reporting: Extracting evidence to build an irrefutable "proof of packet" case. sf26eu-211-pre-conference-class-iii-the-proof-is-in-the-packets-network-threat-detection-using-wireshark Security Marcelle Lee en false https://conference.wireshark.org/sf26eu/talk/3PDG9V/ https://conference.wireshark.org/sf26eu/talk/3PDG9V/feedback/ Room 1 Organization 2026-11-04T09:00:00+01:00 09:00 01:00 Gerald Combs & Friends talk about the new developments over the past year sf26eu-216-keynote-things-i-love-about-wireshark-and-maybe-a-couple-of-things-i-don-t Organization en false https://conference.wireshark.org/sf26eu/talk/FH9DSQ/ https://conference.wireshark.org/sf26eu/talk/FH9DSQ/feedback/ Room 1 Presentation 2026-11-04T10:15:00+01:00 10:15 01:00 Wireshark is now the world's most powerful packet analysis tool, and we can get more features and visualisation with your daily web browser!! sf26eu-233-wireshark-with-webbrowser Intermediate Megumi Takeshita en You may take the longest time with the Web Browser in your computer, how about using your web browser with Wireshark? The modern web browser have many useful functions to extend Wireshark without any additional cost. In this session you can learn Wireshark enhancement with Web Browser. For example, we can use browser extensions for Wireshark, we can enrich our Wireshark visualization to make use of the web browser, and so on. false https://conference.wireshark.org/sf26eu/talk/GW9JQG/ https://conference.wireshark.org/sf26eu/talk/GW9JQG/feedback/ Room 1 Presentation 2026-11-04T11:30:00+01:00 11:30 01:00 With this session we intend to analyse and troubleshoot unobstrusive but essential protocols like ARP, DHCP, Spanning Tree, ICMP v4 and ICMPv6, ... sf26eu-227-analysis-of-low-level-protocols Intermediate Jean-Paul ARCHIER en In this session we will focus on some protocols not always well-known but very useful and even indispensable. We will mainly cover ARP, ICMP, DHCP, Spanning Tree. We will see how Wireshark can help us to analyze and troubleshoot such protocols. It can also be useful to detect some hostile actions like spoofing and poisoning with some examples involving ARP, Neighbor discovery, DHCP. false https://conference.wireshark.org/sf26eu/talk/NYHFS7/ https://conference.wireshark.org/sf26eu/talk/NYHFS7/feedback/ Room 1 Presentation 2026-11-04T13:30:00+01:00 13:30 01:00 At SharkFest '24, we introduced the fundamentals of open-source deep packet inspection (DPI) using nDPI. Since then, network adversaries and stealth VPN providers have significantly evolved, rendering traditional methods like JA4 insufficient against heavily obfuscated traffic. This 1-hour follow-up session is split into two core sections.First, we explore advanced traffic fingerprinting techniques that surpass current state-of-the-art standards. - We will demonstrate how to leverage Wireshark to capture, dissect, and label complex traffic streams to drive these new nDPI capabilities. - We address what happens when fingerprinting fails against highly evasive protocols. - We will show how Wireshark data feeds into a data pipeline to train Transformer-based AI models to unmask stealth VPN traffic. - The session concludes with a live demonstration showcasing both advanced DPI extensions and the AI model detecting disguised traffic in real time. sf26eu-238-transformers-in-the-wire-advanced-dpi-fingerprinting-and-ai-for-stealth-vpn-detection Intermediate Luca DeriDaniele Sartiano en false https://conference.wireshark.org/sf26eu/talk/R9PZDM/ https://conference.wireshark.org/sf26eu/talk/R9PZDM/feedback/ Room 1 Presentation 2026-11-04T14:45:00+01:00 14:45 01:00 A packet-level tour of the TLS family. What stays visible when everything's encrypted? TLS is everywhere, and most people assume that means "encrypted, end of story." But TLS is a family of protocols, and each member leaves a different footprint on the wire. This talk is a tour of that family through Wireshark, built around a single idea: encryption hides content, not behaviour. sf26eu-242-tls-and-friends-the-protocol-family Intermediate Katherine Leese en TLS is everywhere, and most people assume that means "encrypted, end of story." But TLS isn't one protocol. It's a family, and each member leaves a different footprint on the wire. This talk is a tour of that family through Wireshark, built around a single idea: encryption hides content, not behaviour. We'll meet the relatives one capture at a time. TLS 1.2 and 1.3, mutual TLS, STARTTLS, EAP-TLS tucked inside your WiFi login, DTLS over UDP, and QUIC reinventing the stack. Each one handles the same trade-off a little differently, and each leaves a different story on the wire. Some give away more than their designers intended. Some look completely opaque until you know where to point Wireshark. One or two may change how comfortable you feel about traffic you'd assumed was private. The thread running through all of it is what you can still read without any keys at all, and how, as the plaintext shrinks version by version, the things that remain become more diagnostic, not less. We'll finish where the family is heading next: the post-quantum handshake you can already capture in today's browsers, and what it's quietly doing to the very first packet you send. false https://conference.wireshark.org/sf26eu/talk/R8R98B/ https://conference.wireshark.org/sf26eu/talk/R8R98B/feedback/ Room 1 Dinner 2026-11-04T18:00:00+01:00 18:00 03:00 Sponsor Showcase and Dinner sf26eu-214-0-sponsor-technology-showcase-reception-and-dinner Organization en false https://conference.wireshark.org/sf26eu/talk/PDW7AX/ https://conference.wireshark.org/sf26eu/talk/PDW7AX/feedback/ Room 2 Presentation 2026-11-04T10:15:00+01:00 10:15 01:00 Your company has a policy that all traffic over public internet should be Post Quantum Cryptography (PQC) ready. Or that for B2B communication Mutual-TLS (mTLS) is mandatory. How do you validate that the policy is correctly implemented? And check for performance improvements: wat is the ratio of resumed TLS sessions, is the TLS handshake unnecessarily large, is ‘Hello Request’ or is ‘Early Data’ used? In this session we will cover the methods of analyzing using Wireshark. Even if decryption is not allowed or hard to do. sf26eu-236-corporate-encryption-challenges Expert / Developer André Luyer en false https://conference.wireshark.org/sf26eu/talk/AX3RJX/ https://conference.wireshark.org/sf26eu/talk/AX3RJX/feedback/ Room 1 Presentation 2026-11-05T10:15:00+01:00 10:15 01:00 What is the most effective approach to rapidly gaining a deep understanding of a new network protocol? In this 1-hour session, the speaker will share practical experiences and lessons learned from studying the Matter protocol. In addition to an introduction to the protocol itself, the talk will focus on a structured and broadly applicable methodology for analyzing and understanding complex network protocols. sf26eu-230-does-it-matter Beginner Tom Cordemans en false https://conference.wireshark.org/sf26eu/talk/QFMVBK/ https://conference.wireshark.org/sf26eu/talk/QFMVBK/feedback/ Room 1 Packetdoctors Session 2026-11-05T13:00:00+01:00 13:00 01:30 The experts on this panel have been asked to look at a trace file and help find a reason for certain behaviors by attendees at many SharkFests. Based on this, they’ve decided to create a public forum for examining individual trace files with a broader audience for a collective learning experience. Trace files will be gathered from attendees prior to SharkFest and only given to the panel members during the session so that the “not- knowing what to expect and whether it can be solved” experience of working through an unknown trace file can be preserved. Come to this session and learn to ask the right questions and look at packets in different ways. PLEASE SEND PERPLEXING TRACE FILES FOR ANALYSIS BY THE PANEL TO jasper@packet-foo.com PRIOR TO SHARKFEST! sf26eu-217-the-packet-doctors-are-in-packet-trace-examinations-with-the-experts en false https://conference.wireshark.org/sf26eu/talk/7N8Q9Q/ https://conference.wireshark.org/sf26eu/talk/7N8Q9Q/feedback/ Room 1 Dinner 2026-11-05T18:00:00+01:00 18:00 03:00 Sponsor Showcase and Dinner sf26eu-214-1-sponsor-technology-showcase-reception-and-dinner Organization en false https://conference.wireshark.org/sf26eu/talk/PDW7AX/ https://conference.wireshark.org/sf26eu/talk/PDW7AX/feedback/ Room 1 Organization 2026-11-06T09:00:00+01:00 09:00 01:00 SharkBytes consist of “little crunchy bits of wisdom.” Like popular TED talks, SharkBytes aim to inform, inspire, surprise, and delight by delivering a speech on a personal topic in under 5 minutes. Information and a review of past SharkByte presentations can be found https://sharkfest.wireshark.org/sharkbytes Email us your SharkByte session idea: sharkfest@wireshark.org sf26eu-215-sharkbytes Organization en false https://conference.wireshark.org/sf26eu/talk/8ZV9GX/ https://conference.wireshark.org/sf26eu/talk/8ZV9GX/feedback/