Practical Wireshark Troubleshooting is a two-day, hands-on course designed to strengthen your packet analysis and troubleshooting skills. On Day 1, Ross Bagurdes guides you through Wireshark’s key features, capture methods, filtering techniques, and foundational protocols at the Data Link and Network layers. On Day 2, Chris Greer takes you deeper into Transport and Application layer analysis, focusing on TCP, UDP, and the tools that uncover real-world performance problems. By the end, you’ll know how to approach network issues with confidence — and be better prepared for the Wireshark Certified Analyst exam.

Practical Wireshark Troubleshooting is a two-day, hands-on course designed to strengthen your packet analysis and troubleshooting skills. On Day 1, Ross Bagurdes guides you through Wireshark’s key features, capture methods, filtering techniques, and foundational protocols at the Data Link and Network layers. On Day 2, Chris Greer takes you deeper into Transport and Application layer analysis, focusing on TCP, UDP, and the tools that uncover real-world performance problems. By the end, you’ll know how to approach network issues with confidence — and be better prepared for the Wireshark Certified Analyst exam.

Stratoshark brings Wireshark-style visibility to the Linux system, letting you see what's happening inside the OS alongside the network traffic it generates. In this hands-on workshop, you'll learn to use sysdig and Stratoshark to trace system calls, correlate them with packet data, and answer questions that packets alone can't — like which process handled a connection or how a service behaved under load. Designed for network engineers ready to go one level deeper, the session blends short lectures with guided exercises using cloud-based lab systems. You'll leave with a working understanding of Stratoshark and the confidence to begin using it in your own analysis.

Let's kick-off the conference in style!

Gerald Combs & Friends talk about the new developments over the past year

When systems have problems often times engineers say it is a network problem… and they’ll say this without any actual data pointing the finger at the network. Sometimes it is a blamestorming session – database group is blaming the network, network is blaming the software, software is blaming the hardware speed, and hardware is blaming the database.

When this happens, the best thing to do is kick everyone out of the room, sniff the data, and see where/what the bottleneck is. More often than not it isn’t one particular thing but the interactions between two endpoints that just don’t completely like each other. Identifying that is the first step in getting the right groups talking to each other and resolving the root of the issue.

In this talk I’ll setup N real world scenarios, describe the problem, show the captured data and how if you ask the capture in the right way how the problem will reveal itself.

Lessons learned in troubleshooting Westpac Bank application issues using Wireshark

Westpac bank in Australia has a vast number of applications that traverse our network and interact with multiple network components. It is not uncommon to have intermittent failures that involve interactions with F5 load balancers and firewalls, subtle TLS handshake failures, unsuitable TCP configuration settings, VOIP application dropouts, international (MQSeries based) messaging performance issues and communication channel drops, poorly performing & failed file transfer failures etc. We will show how Wireshark helped locate root cause or prove "it's not the network".

Finding and counting packet losts in each layer

Learn how to quickly diagnose and troubleshoot issues related to the medical imaging DICOM protocol. Stop the finger-pointing between multiple vendors. Determine where is the bottleneck in slow connections. Resolve incompatibility issues by looking at raw communication. Evaluate impact of network quality in DICOM communications. Discuss the challenging and ever growing issue of larger images and study sizes.

Sponsor Showcase and dinner

Want to test network scenarios, learn protocols, or debug configurations without expensive hardware? This hands-on session shows how to build realistic network environments using modern containerization and virtualization tools. We'll explore different approaches to spin up multi-vendor topologies on your laptop, capture traffic between simulated devices, and understand what works (and what doesn't) in virtual environments.

Sponsor showcase and dinner

SharkBytes consist of “little crunchy bits of wisdom.” Like popular TED talks, SharkBytes aim to inform, inspire, surprise, and delight by delivering a speech on a personal topic in under 5 minutes.

Information and a review of past SharkByte presentations can be found https://sharkfest.wireshark.org/sharkbytes

Email us your SharkByte session idea: [email protected]

The experts on this panel have been asked to look at a trace file and help find a reason for certain behaviors by attendees at many SharkFests. Based on this, they’ve decided to create a public forum for examining individual trace files with a broader audience for a collective learning experience. Trace files will be gathered from attendees prior to SharkFest and only given to the panel members during the session so that the “not-
knowing what to expect and whether it can be solved” experience of working through an unknown trace file can be preserved.
Come to this session and learn to ask the right questions and look at packets in different ways.
PLEASE SEND PERPLEXING TRACE FILES FOR ANALYSIS BY THE PANEL TO [email protected] PRIOR TO SHARKFEST!