2.0 -//Pentabarf//Schedule//EN PUBLISH BSA8P7@@conference.wireshark.org -BSA8P7 Pre-Conference Class I: Practical Wireshark Skills for IT professionals en en 20260718T090000 20260718T170000 8.00000

Pre-Conference Class I: Practical Wireshark Skills for IT professionals

Level up your Wireshark skills and get ready for Sharkfest! This hands-on course will provide core Wireshark skills for IT pros of all experience levels. Participants will gain a solid understanding of how to use Wireshark to capture, analyze, and troubleshoot network traffic. The course is designed with beginners in mind, but even seasoned packet people will pick up new tips and tricks. PUBLIC CONFIRMED Pre Conference Class https://conference.wireshark.org/sf26us/talk/BSA8P7/ Room 1 Ross Bagurdes Chris Greer PUBLISH BSA8P7@@conference.wireshark.org -BSA8P7 Pre-Conference Class I: Practical Wireshark Skills for IT professionals en en 20260719T090000 20260719T170000 8.00000

Pre-Conference Class I: Practical Wireshark Skills for IT professionals

Level up your Wireshark skills and get ready for Sharkfest! This hands-on course will provide core Wireshark skills for IT pros of all experience levels. Participants will gain a solid understanding of how to use Wireshark to capture, analyze, and troubleshoot network traffic. The course is designed with beginners in mind, but even seasoned packet people will pick up new tips and tricks. PUBLIC CONFIRMED Pre Conference Class https://conference.wireshark.org/sf26us/talk/BSA8P7/ Room 1 Ross Bagurdes Chris Greer PUBLISH A3PJVZ@@conference.wireshark.org -A3PJVZ Pre-Conference Class II: Introduction to Stratoshark for Network Engineers en en 20260720T090000 20260720T170000 8.00000

Pre-Conference Class II: Introduction to Stratoshark for Network Engineers

PUBLIC CONFIRMED Pre Conference Class https://conference.wireshark.org/sf26us/talk/A3PJVZ/ Room 1 Josh Clark PUBLISH X73HTY@@conference.wireshark.org -X73HTY SharkFest'26 US Welcome Dinner & Sponsor Showcase en en 20260720T173000 20260720T203000 3.00000

SharkFest'26 US Welcome Dinner & Sponsor Showcase

SharkFest'26 US Welcome Dinner & Sponsor Showcase PUBLIC CONFIRMED Dinner https://conference.wireshark.org/sf26us/talk/X73HTY/ Room 1 PUBLISH H89ETP@@conference.wireshark.org -H89ETP Things I Love About Wireshark (and maybe a couple of things I don't) en en 20260721T090000 20260721T100000 1.00000

Things I Love About Wireshark (and maybe a couple of things I don't)

PUBLIC CONFIRMED Organization https://conference.wireshark.org/sf26us/talk/H89ETP/ Room 1 PUBLISH M8KMKW@@conference.wireshark.org -M8KMKW Don’t blame the network – ask the network! en en 20260721T101500 20260721T111500 1.00000

Don’t blame the network – ask the network!

PUBLIC CONFIRMED Presentation https://conference.wireshark.org/sf26us/talk/M8KMKW/ Room 1 David Soussan PUBLISH PKFXEY@@conference.wireshark.org -PKFXEY Lessons learned in troubleshooting en en 20260721T113000 20260721T123000 1.00000

Lessons learned in troubleshooting

PUBLIC CONFIRMED Presentation https://conference.wireshark.org/sf26us/talk/PKFXEY/ Room 1 Kevin Tobin PUBLISH SAY8D9@@conference.wireshark.org -SAY8D9 Lost In Transmission en en 20260721T133000 20260721T143000 1.00000

Lost In Transmission

Packets lost occur in many situations, showing the shape in various layers. Differences in the number of packets between the passive start tap. (layer1,2) The same IPID and a different offset as disappearance in the packet buffer in the router processing Retransmission of TCP segments as a result of a traffic jam. UDP application works with packet loss. In this session, you can learn the major case of packet loss and you can find the way to find and count packet loss and retransmissions. Megumi shares the best way to understand invisible packet losses with Wireshark! PUBLIC CONFIRMED Presentation https://conference.wireshark.org/sf26us/talk/SAY8D9/ Room 1 Megumi Takeshita PUBLISH XPYXAB@@conference.wireshark.org -XPYXAB Wireshark: The Prequel - What to do BEFORE you look at a capture en en 20260721T144500 20260721T154500 1.00000

Wireshark: The Prequel - What to do BEFORE you look at a capture

This presentation is inspired by a series of articles I wrote on LinkedIn focused on practical, real world troubleshooting of application network performance issues. Instead of deep diving in to packet captures, this presentation will highlight the various tools and metrics available on Linux systems that help engineers and administrators pinpoint the true source(s) of application performance problems when "the network" is blamed. We will focus on how packets are processed in a Linux system from the NIC, through the OS, up to the application. We will then take a closer look at TCP itself, utilizing native Linux tooling to introspect on individual TCP socket performance. This TCP socket introspection will dive in to each socket's calculated network latency (RTT), packet sizing (MTU and MSS), and packet loss (retransmissions, SACK, duplicate ACKs PUBLIC CONFIRMED Presentation https://conference.wireshark.org/sf26us/talk/XPYXAB/ Room 1 Rob MacDonald PUBLISH FYWGV9@@conference.wireshark.org -FYWGV9 Feeding Frenzy of Wild Ideas: When Sharks Brainstorm en en 20260721T160000 20260721T170000 1.00000

Feeding Frenzy of Wild Ideas: When Sharks Brainstorm

*Goal:* Generate offbeat, humorous, impossible or “why would anyone even…” suggestions that just might reveal a surprisingly valuable insight for Wireshark’s future capabilities. *Format:* * Why absurd ideas matter. * Warm Up * Open SharkTank * The ‘Maybe…’ scan *Ground Rules:* * All ideas are welcome. * No shooting down concepts—only building on them. * Humor encouraged; feasibility optional. * The wilder, the better. *Who Should Attend:* Anyone who uses Wireshark, contributes to it, builds tooling around it, or likes thinking sideways. No technical depth required—just curiosity and a willingness to have fun. PUBLIC CONFIRMED Organization https://conference.wireshark.org/sf26us/talk/FYWGV9/ Room 1 PUBLISH LRBBM8@@conference.wireshark.org -LRBBM8 Packets in the Power Grid: A Journey Inside the Substation en en 20260721T171500 20260721T181500 1.00000

Packets in the Power Grid: A Journey Inside the Substation

PUBLIC CONFIRMED Presentation https://conference.wireshark.org/sf26us/talk/LRBBM8/ Room 1 Daniel Lopez PUBLISH WNWRRU@@conference.wireshark.org -WNWRRU Sponsor Technology Showcase Reception and Dinner en en 20260721T183000 20260721T213000 3.00000

Sponsor Technology Showcase Reception and Dinner

PUBLIC CONFIRMED Dinner https://conference.wireshark.org/sf26us/talk/WNWRRU/ Room 1 PUBLISH PDJYJ9@@conference.wireshark.org -PDJYJ9 MAC Privacy Protocol Wireshark Plugin en en 20260721T133000 20260721T143000 1.00000

MAC Privacy Protocol Wireshark Plugin

PUBLIC CONFIRMED Presentation https://conference.wireshark.org/sf26us/talk/PDJYJ9/ Room 2 Cameron Smith PUBLISH RKVN3B@@conference.wireshark.org -RKVN3B Understanding LTE & 5G: 3GPP Packet Flow and Network Analysis en en 20260721T144500 20260721T154500 1.00000

Understanding LTE & 5G: 3GPP Packet Flow and Network Analysis

PUBLIC CONFIRMED Presentation https://conference.wireshark.org/sf26us/talk/RKVN3B/ Room 2 Mark Stout PUBLISH 3BTBPN@@conference.wireshark.org -3BTBPN Keynote: Packets through the ages – A personal story en en 20260722T090000 20260722T100000 1.00000

Keynote: Packets through the ages – A personal story

PUBLIC CONFIRMED Presentation https://conference.wireshark.org/sf26us/talk/3BTBPN/ Room 1 Peter Jones PUBLISH 3YYFJM@@conference.wireshark.org -3YYFJM From Zero to Captures: Setting Up Your Own Network Simulation Lab en en 20260722T101500 20260722T111500 1.00000

From Zero to Captures: Setting Up Your Own Network Simulation Lab

Ever wanted to test a complex routing scenario, understand how a specific protocol behaves under certain conditions, or simply learn networking concepts without investing in expensive hardware? Network simulation offers a powerful alternative - your laptop becomes a complete network lab. In this practical, hands-on session, you'll discover how to create your own virtual network environments where you can safely experiment, break things, and learn. We'll start from scratch and build up to capturing real traffic between simulated network devices, showing you exactly what's possible with modern tools and where the boundaries lie. **What You'll Experience:** The session begins with the fundamentals: why simulate networks, what scenarios benefit most from simulation, and what the realistic expectations are. You'll see live demonstrations of creating network topologies - routers, switches, and hosts - all running on a single machine. We'll capture traffic between these virtual devices using Wireshark, examining how packets flow through simulated networks. A key focus will be understanding the difference between simulated and physical networks. What traffic patterns look like in virtual environments vs. real hardware, which protocols behave identically and which don't, and when timing and performance characteristics matter. You'll learn to recognize these differences in your captures. We'll explore practical integration scenarios: connecting your physical monitoring tools to virtual networks, setting up capture points in containerized environments, and understanding device-in-the-loop testing where virtual and physical components work together. This is especially relevant for anyone working with network TAPs, packet brokers, or monitoring solutions who want to test configurations before deploying to production. PUBLIC CONFIRMED Presentation https://conference.wireshark.org/sf26us/talk/3YYFJM/ Room 1 Roland Knall PUBLISH VAHVRB@@conference.wireshark.org -VAHVRB Media Casting Protocols: Everything AirPlay, AirDrop and Wi-Fi Aware en en 20260722T113000 20260722T123000 1.00000

Media Casting Protocols: Everything AirPlay, AirDrop and Wi-Fi Aware

We will walk through: -AirPlay vs AirDrop -The five phases of AirPlay -How to troubleshoot the phases over packet capture (802.11, BLE) and MacBook console -The changes to AirPlay above iOS 26 and Android support -Alternatives to AirPlay such as Wi-Fi Aware and Miracast, differences over in packet captures PUBLIC CONFIRMED Presentation https://conference.wireshark.org/sf26us/talk/VAHVRB/ Room 1 Eva Santos PUBLISH A7BFDV@@conference.wireshark.org -A7BFDV The Packet Doctors are in! Packet trace examinations with the experts en en 20260722T133000 20260722T150000 1.03000

The Packet Doctors are in! Packet trace examinations with the experts

PUBLIC CONFIRMED Packetdoctors Session https://conference.wireshark.org/sf26us/talk/A7BFDV/ Room 1 PUBLISH FTMZDH@@conference.wireshark.org -FTMZDH From Specs to Packets: Generating Binary Exchange Dissectors at Scale en en 20260722T151500 20260722T161500 1.00000

From Specs to Packets: Generating Binary Exchange Dissectors at Scale

This talk presents the Open Markets Initiative (OMI) as a research platform built around a protocol-driven approach to dissector generation. OMI has produced over four million lines of Lua dissectors for real-world binary exchange protocols. The core idea is that the protocol binary data model itself, not the dissector, is the primary artifact. Once the protocol is captured in a structured, reusable form, multiple classes of tooling can be generated from it, with Wireshark dissectors as a key output. We will examine several classes of exchange protocols and show how OMI’s generator differs from earlier iterations of code generation tools, “generations of generators.” Instead of emitting code from message templates, flat schemas or other domain specific languages, our binary data models encode protocol semantics, constraints, and structural variation explicitly. This allows families of related protocols to share definitions, makes version evolution tractable, and produces dissectors that are both predictable and auditable. Using real examples, we’ll show how generator design choices directly affect correctness, maintainability, and crowd contribution. The entire electronic trading industry benefits from the open-source Wireshark and dissector ecosystem. Many exchange protocols are underspecified, implicitly defined, or guarded by information barriers. OMI turns reverse-engineering knowledge into shared specifications that can be reviewed, improved, and extended collaboratively. That process has led to a rapid expansion of accurate, production-grade dissectors, many of which are now relied on as primary analysis tools in the electronic-trading ecosystem. The session is aimed at attendees interested in protocol modeling, code generation, advanced dissector design, and the ways open tooling can transform opaque binary systems into observable, debuggable infrastructure. PUBLIC CONFIRMED Presentation https://conference.wireshark.org/sf26us/talk/FTMZDH/ Room 1 William Tegel PUBLISH SJTHY9@@conference.wireshark.org -SJTHY9 Examining NAT behavior with Wireshark - WCA Core Topic en en 20260722T163000 20260722T173000 1.00000

Examining NAT behavior with Wireshark - WCA Core Topic

PUBLIC CONFIRMED Presentation https://conference.wireshark.org/sf26us/talk/SJTHY9/ Room 1 Ross Bagurdes PUBLISH WVUP7Q@@conference.wireshark.org -WVUP7Q Sponsor Technology Showcase Reception and Dinner en en 20260722T183000 20260722T213000 3.00000

Sponsor Technology Showcase Reception and Dinner

PUBLIC CONFIRMED Dinner https://conference.wireshark.org/sf26us/talk/WVUP7Q/ Room 1 PUBLISH 8BDMAY@@conference.wireshark.org -8BDMAY Topology-Based PCAP Analysis: Faster Insight Beyond Packet Lists en en 20260722T151500 20260722T161500 1.00000

Topology-Based PCAP Analysis: Faster Insight Beyond Packet Lists

Traditional packet analysis relies on sequential inspection of frames, which can obscure higher-level structure and slow down diagnosis, particularly for less experienced analysts. However, network behaviour is inherently relational, involving hosts, conversations, and protocol groupings. This session presents a practical approach to PCAP analysis using real-time topology visualisation. Instead of focusing on individual packets, traffic is represented as a graph of nodes (hosts) and edges (conversations), allowing analysts to immediately identify communication patterns, dependencies, and anomalies. A core case study will demonstrate a DNS resolution failure caused by a misconfigured gateway. In a standard packet list, this requires careful inspection of ARP requests, repeated DNS queries, and missing responses. In a topology view, the same issue is visible at a glance: a central host attempting external communication, combined with a misleading local dependency and no successful continuation. The session will show how topology-based analysis: Reduces cognitive load by externalising relationships Accelerates identification of failure patterns Supports both novice learning and expert triage workflows Complements, rather than replaces, traditional packet inspection Attendees will leave with a new mental model for analysing network traffic, and practical techniques for integrating structural reasoning into their existing workflows. PUBLIC CONFIRMED Presentation https://conference.wireshark.org/sf26us/talk/8BDMAY/ Room 2 Ryan Younger PUBLISH EUUK7H@@conference.wireshark.org -EUUK7H SharkBytes en en 20260723T090000 20260723T100000 1.00000

SharkBytes

PUBLIC CONFIRMED Organization https://conference.wireshark.org/sf26us/talk/EUUK7H/ Room 1