{"$schema": "https://c3voc.de/schedule/schema.json", "generator": {"name": "pretalx", "version": "2026.1.2"}, "schedule": {"url": "https://conference.wireshark.org/sharkfest-24-eu/schedule/", "version": "1.8", "base_url": "https://conference.wireshark.org", "conference": {"acronym": "sharkfest-24-eu", "title": "SharkFest'24 EUROPE", "start": "2024-11-04", "end": "2024-11-08", "daysCount": 5, "timeslot_duration": "00:05", "time_zone_name": "Europe/Vienna", "colors": {"primary": "#003EEE"}, "rooms": [{"name": "Ballroom A+B+C", "slug": "5-ballroom-abc", "guid": "06852f1f-32d7-5c11-9bfd-5b214e7b2052", "description": null, "capacity": 250}, {"name": "Palais Sachsen Coburg I-III", "slug": "6-palais-sachsen-coburg-i-iii", "guid": "3e069877-dab2-577f-865c-f90071dbe9da", "description": null, "capacity": 50}], "tracks": [{"name": "Beginner", "slug": "9-beginner", "color": "#00AB9B"}, {"name": "Intermediate", "slug": "10-intermediate", "color": "#2B9ECF"}, {"name": "Expert / Developer", "slug": "11-expert-developer", "color": "#9D6DEC"}, {"name": "Security", "slug": "12-security", "color": "#72B406"}, {"name": "A.I.", "slug": "13-ai", "color": "#E60757"}, {"name": "Pre-conference class", "slug": "14-pre-conference-class", "color": "#0C590D"}, {"name": "Organization", "slug": "15-organization", "color": "#3C8BC4"}], "days": [{"index": 1, "date": "2024-11-04", "day_start": "2024-11-04T04:00:00+01:00", "day_end": "2024-11-05T03:59:00+01:00", "rooms": {"Ballroom A+B+C": [{"guid": "87b8e9d0-10bc-537c-950d-ae0740929b53", "code": "7GM8RQ", "id": 51, "logo": null, "date": "2024-11-04T09:00:00+01:00", "start": "09:00", "duration": "08:00", "room": "Ballroom A+B+C", "slug": "sharkfest-24-eu-51-pre-conference-class-i-core-wireshark-skills-for-network-engineers-and-security-pros-2-day-class-4-5-november", "url": "https://conference.wireshark.org/sharkfest-24-eu/talk/7GM8RQ/", "title": "Pre-Conference Class I: Core Wireshark Skills for Network Engineers and Security Pros - 2-day class (4-5 November)", "subtitle": "", "track": "Pre-conference class", "type": "Pre Conference Class", "language": "en", "abstract": "Throughout this course, we are going to look at real-world examples of how to practically use Wireshark to solve network problems and isolate cybersecurity incidents. This skill will help AllOps (NetOps, SecOps, DevOps) engineers to improve in their analysis and troubleshooting skills. Labs have been designed to give real-world, hands-on experience with protocols using Wireshark.", "description": "Wireshark can be intimidating. I remember how it felt when I first started looking at a trace file with Wireshark. Questions started flooding into my mind: What should I look for? Where do I start? How can I find the packets that matter? What filters should I use? What is 'normal' and what can I ignore in all this data? I froze under the weight of all the detail in the packets. If you have ever felt that way when looking at a pcap, this is the course for you!", "recording_license": "", "do_not_record": true, "persons": [{"code": "LVXUVN", "name": "Ross Bagurdes", "avatar": "https://conference.wireshark.org/media/avatars/Bagurdes_Headshot_SjVuW0O.jpeg", "biography": "Ross has had a diverse career in engineering, beginning as a structural engineer, then project engineer for a gas utility, Ross was always quickly assigned the de-facto network administrator, typically after no one else was brave enough to break, and later fix, the network. Ross eventually ended up working as a network engineer designing and implementing enterprise networks for a major university hospital. Here he worked with Extreme Networks, HP, Cisco, Tipping Point, among other network technology, as well as honed his Wireshark and protocol analysis skills. Ross spent 7 years teaching data networking at Madison College, and in 2017 started authoring and producing IT training videos in Wireshark/Protocol Analysis, Cisco, and general networking topics for www.Pluralsight.com. In his free time, you'll find Ross and his dog at the beach swimming and surfing, traveling, hiking, or snowboarding somewhere in the western US.", "public_name": "Ross Bagurdes", "guid": "0def5250-101e-527e-a22d-2ffc2ecf9ad9", "url": "https://conference.wireshark.org/sharkfest-24-eu/speaker/LVXUVN/"}], "links": [], "feedback_url": "https://conference.wireshark.org/sharkfest-24-eu/talk/7GM8RQ/feedback/", "origin_url": "https://conference.wireshark.org/sharkfest-24-eu/talk/7GM8RQ/", "attachments": []}], "Palais Sachsen Coburg I-III": [{"guid": "cf9bd726-cd1d-5f3c-b4a0-7654156282ca", "code": "KAVG3H", "id": 52, "logo": null, "date": "2024-11-04T09:00:00+01:00", "start": "09:00", "duration": "08:00", "room": "Palais Sachsen Coburg I-III", "slug": "sharkfest-24-eu-52-pre-conference-class-ii-cybersecurity-threat-hunting-go-deep-with-wireshark", "url": "https://conference.wireshark.org/sharkfest-24-eu/talk/KAVG3H/", "title": "Pre-Conference Class II: Cybersecurity Threat Hunting - Go Deep with Wireshark", "subtitle": "", "track": "Pre-conference class", "type": "Pre Conference Class", "language": "en", "abstract": "The field of Cybersecurity has grown tremendously in the past few years. With every new breach, we realize just how important analysis skills have become in identifying, mitigating, and protecting networks. Wireshark is one of the most important tools in the toolbox for identifying threats, spotting unusual behavior, and analyzing malware behavior, we just need to know how to use it. In this class, we will dive deep into traffic flows to learn how Wireshark can be used to analyze different steps in the Cyber Kill Chain.", "description": "Wireshark is an important skill for those entering the cybersecurity field, as well as seasoned pros who need to dig into the packets. This course is targeted toward Network Engineers with a working understanding of Wireshark who would like to use it for a cybersecurity focus, but don\u2019t have much experience with threat hunting. Those who want to learn to spot attack patterns, analyze malware, or respond to an incident will enjoy this content!", "recording_license": "", "do_not_record": false, "persons": [{"code": "PXMJ8G", "name": "Chris Greer", "avatar": "https://conference.wireshark.org/media/avatars/Chris_New_mug_K5fG1wf.png", "biography": "Chris Greer is a Network Analyst for Packet Pioneer. He has worked with companies around the world, helping them to solve pesky network\r\nproblems at the packet level, primarily with Wireshark and other open-source tools. Chris has a passion for helping others to learn about packet\r\nanalysis and teaches Wireshark Courses to private companies as well as public audiences. You can follow him on his YouTube channel at\r\n- https://www.youtube.com/user/packetpioner", "public_name": "Chris Greer", "guid": "0c68084e-3d29-5ef1-8b33-42e9bdef9f99", "url": "https://conference.wireshark.org/sharkfest-24-eu/speaker/PXMJ8G/"}], "links": [], "feedback_url": "https://conference.wireshark.org/sharkfest-24-eu/talk/KAVG3H/feedback/", "origin_url": "https://conference.wireshark.org/sharkfest-24-eu/talk/KAVG3H/", "attachments": []}]}}, {"index": 2, "date": "2024-11-05", "day_start": "2024-11-05T04:00:00+01:00", "day_end": "2024-11-06T03:59:00+01:00", "rooms": {"Ballroom A+B+C": [{"guid": "476a9920-7988-5801-87a3-656efdf9c809", "code": "C3VWMQ", "id": 94, "logo": null, "date": "2024-11-05T09:00:00+01:00", "start": "09:00", "duration": "08:00", "room": "Ballroom A+B+C", "slug": "sharkfest-24-eu-94-pre-conference-class-i-core-wireshark-skills-for-network-engineers-and-security-pros-2-day-class-4-5-november", "url": "https://conference.wireshark.org/sharkfest-24-eu/talk/C3VWMQ/", "title": "Pre-Conference Class I: Core Wireshark Skills for Network Engineers and Security Pros - 2-day class (4-5 November)", "subtitle": "", "track": "Pre-conference class", "type": "Pre Conference Class", "language": "en", "abstract": "Throughout this course, we are going to look at real-world examples of how to practically use Wireshark to solve network problems and isolate cybersecurity incidents. This skill will help AllOps (NetOps, SecOps, DevOps) engineers to improve in their analysis and troubleshooting skills. Labs have been designed to give real-world, hands-on experience with protocols using Wireshark.", "description": "Wireshark can be intimidating. I remember how it felt when I first started looking at a trace file with Wireshark. Questions started flooding into my mind: What should I look for? Where do I start? How can I find the packets that matter? What filters should I use? What is 'normal' and what can I ignore in all this data? I froze under the weight of all the detail in the packets. If you have ever felt that way when looking at a pcap, this is the course for you!", "recording_license": "", "do_not_record": true, "persons": [{"code": "PXMJ8G", "name": "Chris Greer", "avatar": "https://conference.wireshark.org/media/avatars/Chris_New_mug_K5fG1wf.png", "biography": "Chris Greer is a Network Analyst for Packet Pioneer. He has worked with companies around the world, helping them to solve pesky network\r\nproblems at the packet level, primarily with Wireshark and other open-source tools. Chris has a passion for helping others to learn about packet\r\nanalysis and teaches Wireshark Courses to private companies as well as public audiences. You can follow him on his YouTube channel at\r\n- https://www.youtube.com/user/packetpioner", "public_name": "Chris Greer", "guid": "0c68084e-3d29-5ef1-8b33-42e9bdef9f99", "url": "https://conference.wireshark.org/sharkfest-24-eu/speaker/PXMJ8G/"}], "links": [], "feedback_url": "https://conference.wireshark.org/sharkfest-24-eu/talk/C3VWMQ/feedback/", "origin_url": "https://conference.wireshark.org/sharkfest-24-eu/talk/C3VWMQ/", "attachments": []}, {"guid": "5a2d9749-ec4c-52d7-9faa-8588ab698165", "code": "YLULZM", "id": 48, "logo": null, "date": "2024-11-05T18:00:00+01:00", "start": "18:00", "duration": "02:30", "room": "Ballroom A+B+C", "slug": "sharkfest-24-eu-48-sharkfest-24-europe-welcome-dinner-and-sponsor-showcase", "url": "https://conference.wireshark.org/sharkfest-24-eu/talk/YLULZM/", "title": "SharkFest'24 EUROPE Welcome Dinner and Sponsor Showcase", "subtitle": "", "track": "Organization", "type": "Dinner", "language": "en", "abstract": "Let's kick off the conference in style", "description": "", "recording_license": "", "do_not_record": true, "persons": [{"code": "U7XQV9", "name": "Wireshark Foundation", "avatar": null, "biography": null, "public_name": "Wireshark Foundation", "guid": "9c6abd73-3a70-55b8-b8a6-5e61d165c661", "url": "https://conference.wireshark.org/sharkfest-24-eu/speaker/U7XQV9/"}], "links": [], "feedback_url": "https://conference.wireshark.org/sharkfest-24-eu/talk/YLULZM/feedback/", "origin_url": "https://conference.wireshark.org/sharkfest-24-eu/talk/YLULZM/", "attachments": []}], "Palais Sachsen Coburg I-III": [{"guid": "2caea908-e59a-5d59-99ca-dbb0d32094a5", "code": "HDZTV3", "id": 53, "logo": null, "date": "2024-11-05T09:00:00+01:00", "start": "09:00", "duration": "08:00", "room": "Palais Sachsen Coburg I-III", "slug": "sharkfest-24-eu-53-pre-conference-class-iii-webrtc-network-analysis-masterclass", "url": "https://conference.wireshark.org/sharkfest-24-eu/talk/HDZTV3/", "title": "Pre-Conference Class III: WebRTC Network Analysis Masterclass", "subtitle": "", "track": "Pre-conference class", "type": "Pre Conference Class", "language": "en", "abstract": "Web Real-Time Communication (WebRTC) describes a standards-based approach to initiating audio and video communication relationships via IP-based networks, in the simplest case using a browser. WebRTC has become the most significant solution for web-based conferencing in our time. It has been implemented by many conferencing solution manufacturers and providers worldwide. In this Pre Conference Class, Robert and Matthias will take you into the world of analyzing WebRTC traffic and WebRTC solutions with Wireshark. It will enable you capturing and analyzing WebRTC Web Conferencing calls, analyzing the salient call components for potential problems and implement the required measures in your network perimeters to overcome such problems.", "description": "Have you ever wondered why your favorite web conferencing tool sometimes had bad video or audio quality? Did you experience problems connecting, when your VPN is active? Are you responsible, supporting users with their communication needs in diverse network environments? Or did you just stumble across weird UDP traffic in your latest trace files? Then this course is for you. We will explain the insides of the WebRTC communication protocols used in most modern products and show our praxis-proven approach analyzing problems in this field. The course includes hands-on capturing and analyzing problem situations including firewall restrictions and proxy use. To the best of our abilities, we will also address your real live problems you bring to the table.", "recording_license": "", "do_not_record": false, "persons": [{"code": "B9FZJH", "name": "Matthias Kaiser", "avatar": "https://conference.wireshark.org/media/avatars/Kaiser_Matthias_01-2_RBRXRV8.jpg", "biography": "Matthias started working in network analysis in 1996 as a Sniffer University staff instructor at Network General, where he delivered Sniffer University training and coordinated the European instructor team. In 2004, as a freelance instructor and network consultant, he wrote his own courseware on troubleshooting networks with Wireshark. Since 2009, Matthias has been working for ExperTeach, a German training and consulting company, where he manages and teaches the ExperTeach packet analysis curriculum for business customers. He has trained many individuals on Wireshark and helped them identify network and application-related problems since.", "public_name": "Matthias Kaiser", "guid": "b5355950-5a72-5b09-95cb-b5ebc0239d8d", "url": "https://conference.wireshark.org/sharkfest-24-eu/speaker/B9FZJH/"}, {"code": "GEKGFS", "name": "Robert Hess", "avatar": "https://conference.wireshark.org/media/avatars/GEKGFS_717UcZg.jpg", "biography": "Starting with a small Web conferencing startup in Germany in 1999 and still with the same people after a long chain of acquisitions and mergers.\r\nThese days I help transitioning the venerable GoToMeeting to the modern WebRTC based GoTo.\r\nMy day job is helping our developers as well as our customers to analyse and understand intricate network problems in the context of various communication protocols and complex corporate networks. As such I'm proficient in network analysis tools like Wireshark as well as in log analysis tools like Splunk. In my spare time, I read, do the odd triathlon together with my colleagues and fancy ice bathing.", "public_name": "Robert Hess", "guid": "e7055e4e-1b55-5d30-8739-87b4b48fb4e9", "url": "https://conference.wireshark.org/sharkfest-24-eu/speaker/GEKGFS/"}], "links": [], "feedback_url": "https://conference.wireshark.org/sharkfest-24-eu/talk/HDZTV3/feedback/", "origin_url": "https://conference.wireshark.org/sharkfest-24-eu/talk/HDZTV3/", "attachments": []}]}}, {"index": 3, "date": "2024-11-06", "day_start": "2024-11-06T04:00:00+01:00", "day_end": "2024-11-07T03:59:00+01:00", "rooms": {"Ballroom A+B+C": [{"guid": "41d9a83e-71a9-587e-98b8-d88ddbb970de", "code": "RPQSCC", "id": 55, "logo": null, "date": "2024-11-06T09:00:00+01:00", "start": "09:00", "duration": "00:45", "room": "Ballroom A+B+C", "slug": "sharkfest-24-eu-55-keynote-ecosystem-expansion", "url": "https://conference.wireshark.org/sharkfest-24-eu/talk/RPQSCC/", "title": "Keynote: Ecosystem Expansion", "subtitle": "", "track": "Organization", "type": "Organization", "language": "en", "abstract": "Gerald Combs & Friends talk about the new developments over the past year", "description": "", "recording_license": "", "do_not_record": false, "persons": [], "links": [], "feedback_url": "https://conference.wireshark.org/sharkfest-24-eu/talk/RPQSCC/feedback/", "origin_url": "https://conference.wireshark.org/sharkfest-24-eu/talk/RPQSCC/", "attachments": []}, {"guid": "c89841a6-cf91-5391-a054-dba96343e417", "code": "TFGQAU", "id": 77, "logo": null, "date": "2024-11-06T09:45:00+01:00", "start": "09:45", "duration": "01:00", "room": "Ballroom A+B+C", "slug": "sharkfest-24-eu-77-3gpp-a-walk-through-the-lte-and-5g-networks", "url": "https://conference.wireshark.org/sharkfest-24-eu/talk/TFGQAU/", "title": "3GPP, a walk through the LTE, and 5G networks", "subtitle": "", "track": "Intermediate", "type": "Short Presentation", "language": "en", "abstract": "We'll review LTE, and 5G network structure, and some unique protocols that support mobility services.", "description": "Look through a few key 3GPP docs that describe mobility call flow. Along with a couple packet walks through mobility events, and VoLTE.", "recording_license": "", "do_not_record": false, "persons": [{"code": "LKKWAR", "name": "Mark Stout", "avatar": null, "biography": "24 years in wireless technologies CDMA, LTE, and 5G. Daily user of wireshark fort troubleshooting network, and design issues.", "public_name": "Mark Stout", "guid": "52f4461d-c166-5b72-91c6-ed3edd7dcbac", "url": "https://conference.wireshark.org/sharkfest-24-eu/speaker/LKKWAR/"}], "links": [], "feedback_url": "https://conference.wireshark.org/sharkfest-24-eu/talk/TFGQAU/feedback/", "origin_url": "https://conference.wireshark.org/sharkfest-24-eu/talk/TFGQAU/", "attachments": []}, {"guid": "05dab7fb-681c-5d23-a899-d7274e541abe", "code": "NTUTHL", "id": 73, "logo": null, "date": "2024-11-06T11:00:00+01:00", "start": "11:00", "duration": "01:00", "room": "Ballroom A+B+C", "slug": "sharkfest-24-eu-73-mastering-wireshark-filtering", "url": "https://conference.wireshark.org/sharkfest-24-eu/talk/NTUTHL/", "title": "Mastering Wireshark Filtering", "subtitle": "", "track": "Beginner", "type": "Short Presentation", "language": "en", "abstract": "Get to know how to filter properly in Wireshark", "description": "", "recording_license": "", "do_not_record": false, "persons": [{"code": "MZ9HCA", "name": "Sake Blok", "avatar": "https://conference.wireshark.org/media/avatars/profile-2025-400x400_hgdKmpu.png", "biography": "Sake has been analyzing packets for over 20 years. During his work, Sake started developing functionality for Wireshark while working with the analyzer in his day-to-day job. He also enhanced multiple protocol dissectors. In 2007, Sake joined the Wireshark Core Development team. In 2009, After working for a reseller of networking equipment for 8 years, he started the company SYN-bit to provide network analysis and training services to enterprises across Europe.", "public_name": "Sake Blok", "guid": "eeeda75a-cc6d-5a94-ba7c-2d3d6f14dd59", "url": "https://conference.wireshark.org/sharkfest-24-eu/speaker/MZ9HCA/"}], "links": [], "feedback_url": "https://conference.wireshark.org/sharkfest-24-eu/talk/NTUTHL/feedback/", "origin_url": "https://conference.wireshark.org/sharkfest-24-eu/talk/NTUTHL/", "attachments": []}, {"guid": "a35bc196-3821-5273-9774-9e67b4ac7136", "code": "PDYKPQ", "id": 43, "logo": null, "date": "2024-11-06T13:00:00+01:00", "start": "13:00", "duration": "01:00", "room": "Ballroom A+B+C", "slug": "sharkfest-24-eu-43-capturing-wifi7-understand-wifi-again-with-catching-up-an-extremely-high-throughput-mode-of-ieee802-11be", "url": "https://conference.wireshark.org/sharkfest-24-eu/talk/PDYKPQ/", "title": "Capturing WiFi7, understand WiFi again with catching up an Extremely High Throughput mode of IEEE802.11be", "subtitle": "", "track": "Intermediate", "type": "Short Presentation", "language": "en", "abstract": "Capturing BE traffic and analyze EHT frame with quick review of IEEE802.11 WLAN communications with security standards.", "description": "WiFi has been upgraded in the next phase, 7th generation bumped up from 6/6E, enabling over 30Gbps wireless communication using 320MHz, 16 streams and 4096 QAM modulation. In this session, we try Intel BE200 adapter to capture actual live traffic of WiFI7 and dissect extended tags of IEEE802.11be using Wireshark. \r\nAnd this session includes the basic dissection of WLAN and WiFi security standards, too.\r\nWe dissect the management, control and data frames of WiFi and learn mechanisms and standards of IEEE802.11 protocols. It also includes security dissection based on WPA2/WPA3.", "recording_license": "", "do_not_record": false, "persons": [{"code": "7W3SNA", "name": "Megumi Takeshita", "avatar": null, "biography": "Megumi Takeshita, packet otaku, runs a packet company, ikeriri network service in Japan. Ikeriri offers services such as packet analysis for troubleshooting, debugging, security inspection. Ikeriri is also a reseller of wired/wireless capture and analysis products. Megumi has authored 10+ books about Wireshark and packet analysis. She also instructs Wireshark for Japanese companies including Japan Self Defense Forces and Chuo university as lecturer. She is one of contributors to the Wireshark projects including Japanese localization.", "public_name": "Megumi Takeshita", "guid": "a567fc5f-0c4c-582d-813b-bf7b4de03294", "url": "https://conference.wireshark.org/sharkfest-24-eu/speaker/7W3SNA/"}], "links": [], "feedback_url": "https://conference.wireshark.org/sharkfest-24-eu/talk/PDYKPQ/feedback/", "origin_url": "https://conference.wireshark.org/sharkfest-24-eu/talk/PDYKPQ/", "attachments": []}, {"guid": "f1b37fe0-c300-5e71-82b8-5c1a81455a51", "code": "TP88BZ", "id": 71, "logo": null, "date": "2024-11-06T14:00:00+01:00", "start": "14:00", "duration": "01:30", "room": "Ballroom A+B+C", "slug": "sharkfest-24-eu-71-communication-breakdown-making-online-conferencing-work-in-secured-company-networks", "url": "https://conference.wireshark.org/sharkfest-24-eu/talk/TP88BZ/", "title": "Communication breakdown - making online conferencing work in secured company networks", "subtitle": "", "track": "Intermediate", "type": "Long Presentation", "language": "en", "abstract": "A troubleshooters tale\r\nI routinely help large global enterprises to find problems in their network when our Online conferencing products do not work as expected. The problems range from very low level like broken packet fragmentation to high level like wrong Geolocation detection. \r\nThis brings me in contact with network security in various ways, and I learn about their ideas of securing networks and also how to configure such security systems and have to come up with ideas to make the conferencing software work.\r\nAs there is obviously no way around making our networks more secure, the question remains, how do we keep them working at the same time. I will show my approach to these problems.", "description": "High level network requirements of online communication (WebRTC and the other big ones)\r\nSecurity requirements in modern corporate networks\r\nThe everlasting conflict: tighter security vs. faster and more diverse communication connections\r\nSome typical problems with field examples and  how to identify them in Wireshark\r\n\t- Analysing UDP performance \r\n\t- DNS - a story of misunderstandings\r\n\t- VPN - what could possibly go wrong? \r\n\r\nHistory excurse : Why is it so complicated \r\n\t- The wild-west times of networked software\r\n\t- Things not to do in your software and why not\r\n\t- Things not to do in your network and why not\r\nThe perfect network - how would it look like?", "recording_license": "", "do_not_record": false, "persons": [{"code": "GEKGFS", "name": "Robert Hess", "avatar": "https://conference.wireshark.org/media/avatars/GEKGFS_717UcZg.jpg", "biography": "Starting with a small Web conferencing startup in Germany in 1999 and still with the same people after a long chain of acquisitions and mergers.\r\nThese days I help transitioning the venerable GoToMeeting to the modern WebRTC based GoTo.\r\nMy day job is helping our developers as well as our customers to analyse and understand intricate network problems in the context of various communication protocols and complex corporate networks. As such I'm proficient in network analysis tools like Wireshark as well as in log analysis tools like Splunk. In my spare time, I read, do the odd triathlon together with my colleagues and fancy ice bathing.", "public_name": "Robert Hess", "guid": "e7055e4e-1b55-5d30-8739-87b4b48fb4e9", "url": "https://conference.wireshark.org/sharkfest-24-eu/speaker/GEKGFS/"}], "links": [], "feedback_url": "https://conference.wireshark.org/sharkfest-24-eu/talk/TP88BZ/feedback/", "origin_url": "https://conference.wireshark.org/sharkfest-24-eu/talk/TP88BZ/", "attachments": []}, {"guid": "091cb524-b6fd-5b89-b59e-084b072fcb08", "code": "ZLH8RF", "id": 72, "logo": null, "date": "2024-11-06T15:45:00+01:00", "start": "15:45", "duration": "01:30", "room": "Ballroom A+B+C", "slug": "sharkfest-24-eu-72-ipsec-vpn-analysis-and-troubleshooting", "url": "https://conference.wireshark.org/sharkfest-24-eu/talk/ZLH8RF/", "title": "IPsec VPN Analysis and troubleshooting", "subtitle": "", "track": "Intermediate", "type": "Long Presentation", "language": "en", "abstract": "With this session we intend to demonstrate how Wireshark can be used to analyze IPSec VPNs in site to site and remote access contexts. We will also present some dysfunctioning cases where Wireshark can be of some help.", "description": "We will present the differents steps of an IPsec connexion (we'll base our presentation on IKEv2) with the help of Wireshark. We will use some profiles to highlight the most important elements and we'll detail the colors, columns, filters, buttons used in these profiles . \r\n\r\nOur presentation will  focus mainly on  two site-to site situations :  fhe first illustrating  a VPN without NAT with a simple situation (one tunnel) and a more complex one (several tunnels),  the second one involving some NAT between the two sites.  In each of these labs we will present capture files with functional VPNS and others with some issues. When necessary and possible we'll useWireshark to decipher the IKE and ESP exchanges.\r\n\r\nIf some time remains we will present capture files for a VPN between a Windows PC and a central site", "recording_license": "", "do_not_record": false, "persons": [{"code": "WRYZPN", "name": "Jean-Paul ARCHIER", "avatar": "https://conference.wireshark.org/media/avatars/13d3048f767b53f8c5557ce2dfcd90b9_f2rdW7U.jpg", "biography": "Jean-Paul has been working as a System and Network Engineer for more than 30 years. Since 2010, he has run his own company and is mainly focused on network training and consultancy. He is the author of several books for the French publisher ENI: VPN, IPv6, Cisco ASA, Postfix. \r\nHe regularly gives training sessions on Wireshark and other network-related topics. As a certified trainer, he also delivers training about VPNs and network security for WatchGuard resellers and clients.", "public_name": "Jean-Paul ARCHIER", "guid": "15f8aeb4-1c9c-55f2-9ac6-f8b9c926293d", "url": "https://conference.wireshark.org/sharkfest-24-eu/speaker/WRYZPN/"}], "links": [], "feedback_url": "https://conference.wireshark.org/sharkfest-24-eu/talk/ZLH8RF/feedback/", "origin_url": "https://conference.wireshark.org/sharkfest-24-eu/talk/ZLH8RF/", "attachments": []}, {"guid": "c7a706bb-283e-537f-ba57-8a78d2f9d6ac", "code": "PJCUHK", "id": 85, "logo": null, "date": "2024-11-06T17:15:00+01:00", "start": "17:15", "duration": "01:00", "room": "Ballroom A+B+C", "slug": "sharkfest-24-eu-85-let-s-dissect-malwares-by-collecting-their-syscalls-with-ebpf", "url": "https://conference.wireshark.org/sharkfest-24-eu/talk/PJCUHK/", "title": "Let\u2019s dissect malwares by collecting their syscalls with eBPF", "subtitle": "", "track": "Beginner", "type": "Short Presentation", "language": "en", "abstract": "As infrastructure managers, we often have to deal with malwares. Although we do our best to avoid or block them, some slip through the net anyway. Let's imagine that you or a member of your team got their hands on one of these malicious binaries. How can you find out what its purpose was? You can try to uncompile the binary or explore it in hexadecimal mode, two tried and tested but time-consuming methods. Let's try a new approach and analyze the malware's behavior by running it in an isolated environment and collecting all its syscalls using eBPF. The final step will be to explore the captures with Logray, a project forked from Wireshark, especially made to analyze syscall packets captures.", "description": "", "recording_license": "", "do_not_record": false, "persons": [{"code": "LQU7ZL", "name": "Thomas Labarussias", "avatar": "https://conference.wireshark.org/media/avatars/sticker_cncf_BQlO71q.png", "biography": "Thomas is Senior Developer Advocate at Sysdig, the company which created and open-sourced Falco, the Security Runtime Engine for Kubernetes and Cloud-Native technologies. Thomas worked for Qonto, a modern banking for SMEs and freelancers, where he managed their Kubernetes clusters and the enthusiastic tools around, like ArgoCD, Traefik, Prometheus. He also assisted for many years pure-players and e-business companies for a large managed service provider, as an AWS expert and FinOps. He's one of the longest tenured members of the Falco community, and creator of Falcosidekick and Falcosidekick-UI, two major components of the Falco ecosystem.", "public_name": "Thomas Labarussias", "guid": "9ec20c8c-f688-5cde-a2c2-01e71ac8cba1", "url": "https://conference.wireshark.org/sharkfest-24-eu/speaker/LQU7ZL/"}], "links": [], "feedback_url": "https://conference.wireshark.org/sharkfest-24-eu/talk/PJCUHK/feedback/", "origin_url": "https://conference.wireshark.org/sharkfest-24-eu/talk/PJCUHK/", "attachments": []}, {"guid": "ba3a72c0-2ee1-5c61-adce-6a3b7cd66622", "code": "UPEDSC", "id": 54, "logo": null, "date": "2024-11-06T18:30:00+01:00", "start": "18:30", "duration": "03:00", "room": "Ballroom A+B+C", "slug": "sharkfest-24-eu-54-sponsor-technology-showcase-reception-treasure-hunt-dinner", "url": "https://conference.wireshark.org/sharkfest-24-eu/talk/UPEDSC/", "title": "Sponsor Technology Showcase Reception, Treasure Hunt & Dinner", "subtitle": "", "track": "Organization", "type": "Dinner", "language": "en", "abstract": "Join us for a fun night with an opportunity to enjoin wonderful conversations and win some cool prizes!", "description": "", "recording_license": "", "do_not_record": true, "persons": [], "links": [], "feedback_url": "https://conference.wireshark.org/sharkfest-24-eu/talk/UPEDSC/feedback/", "origin_url": "https://conference.wireshark.org/sharkfest-24-eu/talk/UPEDSC/", "attachments": []}], "Palais Sachsen Coburg I-III": [{"guid": "dd09fdc4-505d-5da0-8503-6e736812f7f7", "code": "G7FWSD", "id": 58, "logo": null, "date": "2024-11-06T09:45:00+01:00", "start": "09:45", "duration": "01:00", "room": "Palais Sachsen Coburg I-III", "slug": "sharkfest-24-eu-58-stratoshark-or-how-to-inspire-your-devops-team-to-use-wireshark", "url": "https://conference.wireshark.org/sharkfest-24-eu/talk/G7FWSD/", "title": "Stratoshark: Or how to inspire your DevOps team to use Wireshark", "subtitle": "", "track": "Security", "type": "Short Presentation", "language": "en", "abstract": "With Stratoshark, we now have a Wireshark-based tool for analysing log events.\r\n\r\nIn this session I want to show why Logray has been my first choice for months to analyse and investigate AWS Cloudtrail events in an AWS Organization with around 1000 accounts. There are several advantages compared to the standard tools Athena + Glue and it is simply marvellous.\r\n\r\nThe session should help to spread the spark of Logray into the Dev(Sec)Ops world. Spread the word.... :-)", "description": "", "recording_license": "", "do_not_record": false, "persons": [{"code": "ZWZAC8", "name": "Uli Heilmeier", "avatar": "https://conference.wireshark.org/media/avatars/telefonbuch_uhei_neu_YZK2f7y.png", "biography": "Uli already used Wireshark when it was still called Ethereal. He has spent many years operating and planning secure networks and has been watching AWS Cloudtrail events very regularly for two years. He also contributes a little to Wireshark as a core developer.", "public_name": "Uli Heilmeier", "guid": "12e614d0-36da-5dfd-b33a-b0facc8db520", "url": "https://conference.wireshark.org/sharkfest-24-eu/speaker/ZWZAC8/"}], "links": [], "feedback_url": "https://conference.wireshark.org/sharkfest-24-eu/talk/G7FWSD/feedback/", "origin_url": "https://conference.wireshark.org/sharkfest-24-eu/talk/G7FWSD/", "attachments": []}, {"guid": "119b5703-7fe9-5c8f-81f4-b4c6183fb359", "code": "FW933D", "id": 86, "logo": null, "date": "2024-11-06T11:00:00+01:00", "start": "11:00", "duration": "01:00", "room": "Palais Sachsen Coburg I-III", "slug": "sharkfest-24-eu-86-automatically-trigger-captures-via-tcpdump-when-a-suspicious-event-occurs-in-your-kubernetes-cluster", "url": "https://conference.wireshark.org/sharkfest-24-eu/talk/FW933D/", "title": "Automatically trigger captures via tcpdump when a suspicious event occurs in your Kubernetes cluster", "subtitle": "", "track": "Security", "type": "Short Presentation", "language": "en", "abstract": "Falco, a CNCF project, is the de facto solution for runtime threat detection in Linux and Kubernetes environments. It offers complete kernel-level visibility by capturing Syscalls via eBPF, analyzing this flow with a powerful rules engine and alerting when a rule is triggered.\r\nOver time, the Falco ecosystem has grown to include the ability to retrieve events from different sources, such as SaaS or Cloud provider audit logs, and to integrate with dozens of tools for notification, analysis and reaction. The last born in its ecosystem is Falco Talon, a tailor made no-code response engine, which react to the Falco events with out of the box actions, such as terminating a pod, or triggering a tcpdump.\r\nIn this talk, listeners will learn the basics of Falco, and will be treated to a real-time demonstration of remediation action against intrusions, with a big focus on the capacity to trigger a tcpdump, to observe what the attacker did following the raised alert.", "description": "", "recording_license": "", "do_not_record": false, "persons": [{"code": "LQU7ZL", "name": "Thomas Labarussias", "avatar": "https://conference.wireshark.org/media/avatars/sticker_cncf_BQlO71q.png", "biography": "Thomas is Senior Developer Advocate at Sysdig, the company which created and open-sourced Falco, the Security Runtime Engine for Kubernetes and Cloud-Native technologies. Thomas worked for Qonto, a modern banking for SMEs and freelancers, where he managed their Kubernetes clusters and the enthusiastic tools around, like ArgoCD, Traefik, Prometheus. He also assisted for many years pure-players and e-business companies for a large managed service provider, as an AWS expert and FinOps. He's one of the longest tenured members of the Falco community, and creator of Falcosidekick and Falcosidekick-UI, two major components of the Falco ecosystem.", "public_name": "Thomas Labarussias", "guid": "9ec20c8c-f688-5cde-a2c2-01e71ac8cba1", "url": "https://conference.wireshark.org/sharkfest-24-eu/speaker/LQU7ZL/"}], "links": [], "feedback_url": "https://conference.wireshark.org/sharkfest-24-eu/talk/FW933D/feedback/", "origin_url": "https://conference.wireshark.org/sharkfest-24-eu/talk/FW933D/", "attachments": []}, {"guid": "c55da370-6455-5760-b180-8e9e0142087c", "code": "TABABN", "id": 80, "logo": null, "date": "2024-11-06T13:00:00+01:00", "start": "13:00", "duration": "01:00", "room": "Palais Sachsen Coburg I-III", "slug": "sharkfest-24-eu-80-beyond-network-latency-chasing-latency-up-the-stack", "url": "https://conference.wireshark.org/sharkfest-24-eu/talk/TABABN/", "title": "Beyond Network Latency: Chasing Latency up the Stack", "subtitle": "", "track": "Intermediate", "type": "Short Presentation", "language": "en", "abstract": "This talk is an introduction to intuiting where non-network latency comes from. While it's usually quite clear how to determine what is network latency and what isn't, it's less clear how to dig into the timing differences between packets at different stages of a TCP conversation to direct troubleshooting at different layers of the stack. \r\n\r\nUsing a Linux-based web server as an example platform, this talk will demonstrate what network latency looks like, what host latency looks like, and what application/backend latency looks like. To explain what we see in the demonstration, we will also examine the web server to show how packets and requests propagate through the Linux OS to the web server application.\r\n\r\nAttendees to this talk will leave with a greater understanding of how to identify latency at different stages of a web request. They will understand the basic Linux kernel and OS structure and how different stresses on a system show up in packet captures.", "description": "\"The website is slow, so the network must be having an issue.\"\r\n\r\nNetwork engineers skilled with Wireshark are masters of responding to statements like this one. With one peek at the iRTT, one scroll through the TCP stream, and one long-running ping to the web server, network latency can be disproven. But how do we take the next step? How do we help a server admin or application owner identify exactly what is happening?\r\n\r\nPackets can isolate latency at the network, the server, and the application, and this talk will walk through how to find and understand those latencies.\r\n\r\nExpect a review of identifying network latency. Expect to learn how to isolate both server and application latency. Expect to learn how network data propagates through a Linux server and where it makes pit stops along the way.", "recording_license": "", "do_not_record": true, "persons": [{"code": "LJMB8P", "name": "Josh Clark", "avatar": "https://conference.wireshark.org/media/avatars/a6cf3a193a4d11c2267b2c91698d3492_ikPSVyM.jpg", "biography": "Josh has both academic and real-world experience in the world of protocol analysis. He holds an M.S. degree in Computer Engineering with a focus in network engineering and has spent the past 8 years designing, troubleshooting, and optimizing networks and applications.", "public_name": "Josh Clark", "guid": "29a8c981-dca2-5ee5-aa17-869b6103ca3b", "url": "https://conference.wireshark.org/sharkfest-24-eu/speaker/LJMB8P/"}], "links": [], "feedback_url": "https://conference.wireshark.org/sharkfest-24-eu/talk/TABABN/feedback/", "origin_url": "https://conference.wireshark.org/sharkfest-24-eu/talk/TABABN/", "attachments": []}, {"guid": "4fcaea26-68fb-5147-a15d-255099eb47c9", "code": "XFQZQA", "id": 64, "logo": null, "date": "2024-11-06T14:00:00+01:00", "start": "14:00", "duration": "01:30", "room": "Palais Sachsen Coburg I-III", "slug": "sharkfest-24-eu-64-unlocking-security-insights-wireshark-techniques-for-security-analysts", "url": "https://conference.wireshark.org/sharkfest-24-eu/talk/XFQZQA/", "title": "Unlocking Security Insights: Wireshark Techniques for Security Analysts", "subtitle": "", "track": "Security", "type": "Long Presentation", "language": "en", "abstract": "Packet-level analysis stands as the gold standard in incident response, providing the most detailed evidence during security investigations. Despite its importance, packet analysis is often underutilized, typically considered only as a last resort. This session aims to elevate the use of Wireshark in everyday security practices, demonstrating its effectiveness not just in validating security tool alerts but in gaining a profound understanding of attack methodologies through network traces.\r\n\r\nThe session will focus on:\r\nExplore and demonstrate methods for SSL interception, comparing browser-based versus proxy-based analysis, including techniques like PCAP over IP for remote capturing.\r\nInvestigate Attack Vectors: Learn to identify various network scans and conduct in-depth analyses of successful attacks. We will also highlight a successful attack using Metasploit, capturing and analyzing network traces to deepen our understanding and see examples of useful LUA Plugins for Security.", "description": "", "recording_license": "", "do_not_record": false, "persons": [{"code": "DYWKQY", "name": "Walter Hofstetter", "avatar": "https://conference.wireshark.org/media/avatars/1516239556725_XQ9rQjo.jpg", "biography": "Walter is a veteran in network and protocol analysis, having earned his stripes as a \"Sniffer University Certified Instructor\" from Network General in 1994. Throughout his career, he quickly advanced into the cybersecurity arena, where his expertise in protocols proved invaluable. Walter has held primarily technical roles at notable companies such as Network Associates, McAfee, Symantec, and Palo Alto Networks. Additionally, he was responsible for Managed Security Services for Palo Alto Networks and Akamai (Micro Segmentation / Guardicore) at Telekom Security.", "public_name": "Walter Hofstetter", "guid": "2d7d0be0-5683-5363-8099-a9c4c275d67d", "url": "https://conference.wireshark.org/sharkfest-24-eu/speaker/DYWKQY/"}], "links": [], "feedback_url": "https://conference.wireshark.org/sharkfest-24-eu/talk/XFQZQA/feedback/", "origin_url": "https://conference.wireshark.org/sharkfest-24-eu/talk/XFQZQA/", "attachments": []}, {"guid": "fa4eed31-5430-516b-b2e6-68efa5c84171", "code": "ULC3YU", "id": 76, "logo": "https://conference.wireshark.org/media/sharkfest-24-eu/submissions/ULC3YU/Kerberos_Lw6xb9v.png", "date": "2024-11-06T15:45:00+01:00", "start": "15:45", "duration": "01:30", "room": "Palais Sachsen Coburg I-III", "slug": "sharkfest-24-eu-76-kerberos-deep-dive", "url": "https://conference.wireshark.org/sharkfest-24-eu/talk/ULC3YU/", "title": "Kerberos Deep Dive", "subtitle": "", "track": "Security", "type": "Long Workshop", "language": "en", "abstract": "Kerberos is the bread and butter protocol used for authentication and authorization in a Windows domain.\r\nLike many Windows components, it works fine in the default configuration and offers several options to strengthen its security. This includes the search for old encryption algorithms and the introduction of Kerberos Armoring, a.k.a Kerberos FAST.\r\nThis hands-on workshop will take you into the inner workings of Kerberos. We will use Wireshark to identify faulty configurations, misleading messages in event logs and decrypt whatever Windows wants to hide from plain view.\r\nTrace files included: Bring your own laptop!", "description": "After a quick introduction on standard Kerberos operations we will examine advanced features. This workshop will teach you\r\n* How to configure Wireshark for a speedy analysis of Kerberos packets\r\n* How to identify hosts and accounts that use old encryption protocols\r\n* Why you should use Kerberos Armoring and how to prepare your systems\r\n* How Kerberos encrypts messages and how to decrypt them with Wireshark\r\n\r\nFeel free to bring your laptop and click along during the workstation.\r\nTracefiles are ready for download at https://sharkfest.packet-foo.com/kerberos-deep-dive.zip\r\n\r\nA Python interpreter is recommended, but not required.", "recording_license": "", "do_not_record": false, "persons": [{"code": "G7DKUQ", "name": "Eddi Blenkers", "avatar": null, "biography": "For over 20 years, Eddi has been looking at network protocols to find (or rule out) network problems, vulnerabilities, ongoing hacking attacks or just for fun.\r\n\r\nWorking for the Swiss train company BLS as IT security analyst, he is reviewing the configuration of a multitude of systems to improve the overall security of the domain. Wireshark is one of the tools to verify the outcome of a configuration change.\r\n\r\nShameless promotion: Visit https://www.bls.ch/en/freizeit-und-ferien/ausflug to find some of the best destinations in Switzerland.", "public_name": "Eddi Blenkers", "guid": "fe7e996e-5292-58a2-8f18-5390a46d4560", "url": "https://conference.wireshark.org/sharkfest-24-eu/speaker/G7DKUQ/"}], "links": [], "feedback_url": "https://conference.wireshark.org/sharkfest-24-eu/talk/ULC3YU/feedback/", "origin_url": "https://conference.wireshark.org/sharkfest-24-eu/talk/ULC3YU/", "attachments": []}, {"guid": "6754da33-880d-5a55-a2a7-24edba8ef884", "code": "BB3E8B", "id": 45, "logo": "https://conference.wireshark.org/media/sharkfest-24-eu/submissions/BB3E8B/RDP_Tunneling_Attack_over_MySQL_51iL3u7.PNG", "date": "2024-11-06T17:15:00+01:00", "start": "17:15", "duration": "01:00", "room": "Palais Sachsen Coburg I-III", "slug": "sharkfest-24-eu-45-deep-packet-inspection-analyses-unveiling-a-shocking-rdp-attack-through-unusual-protocol-combinations", "url": "https://conference.wireshark.org/sharkfest-24-eu/talk/BB3E8B/", "title": "Deep packet inspection analyses: Unveiling a shocking RDP Attack through unusual protocol combinations", "subtitle": "", "track": "Security", "type": "Short Presentation", "language": "en", "abstract": "In September 2018, the Internet Crime Complaint Center (IC3), in collaboration with the Department of Homeland Security and the Federal Bureau of Investigation, warned of attackers exploiting legitimate tools like Remote Desktop Protocol (RDP) for malicious purposes. This presentation explores a recently discovered large-scale RDP Tunneling Attack that weaponized the mstshash cookie, a session management mechanism within RDP. The most intriguing aspect of this attack was the attacker's diverse use of protocols, including TCP, TLS, SSL, MEMCACHE, Socks, WOW, WOWW, MySQL, X11, MQTT, LISP, VICP, RSL, KDSP, ICAP, BitTorrent, CVSPSERVER, NDPS, PTP/IP, TPM, kNet, ECMP, and FF. This talk utilizes deep packet inspection (DPI) analysis to dissect this attack, revealing why seemingly unrelated protocols were chosen and emphasizing the attacker's strategy to bypass traditional security measures.", "description": "Presentation Outline:\r\n\r\n(1) Introduction:\r\n\r\n- I will briefly explain Remote Desktop Protocol (RDP) and its importance and broad utilization on the Internet.\r\n- I will discuss the role of the mstshash cookie in RDP session management.\r\n- I will introduce the concept of RDP Tunneling Attacks and their potential dangers.\r\n\r\n(2) Unveiling the Attack with Deep Packet Inspection (DPI):\r\n\r\n- I will analyze the attacker's use of common protocols, such as TCP, TLS and SSL for tunneling RDP traffic.\r\n- I will deep dive into the lesser-known and very diverse protocols (such as MEMCACHE, Socks, WOW, WOWW, MySQL, X11, MQTT, LISP, VICP, RSL, KDSP, ICAP, BitTorrent, CVSPSERVER, NDPS, PTP/IP, TPM, kNet, ECMP, and FF) used in the attack and their role in tunneling RDP.\r\n\r\n(3) Why These Protocols? Identifying Shared Characteristics:\r\n\r\n- I will explore the common features of the chosen protocols that make them suitable for tunneling RDP traffic.\r\n- I will discuss how attackers exploit limitations of traditional port-based security measures by using this diverse protocol set.\r\n\r\n(4) The Need for Broader Network Monitoring:\r\n\r\n- I will explain the limitations of focusing solely on RDP's standard port (3389).\r\n- I will emphasize the importance of DPI and comprehensive network monitoring to detect attacks hidden within other protocols.\r\n\r\n(5) Conclusion:\r\n\r\n- I will recap key takeaways: the importance of minimal RDP library usage, dangers of RDP Tunneling Attacks, and the need for broader network monitoring.\r\n- I will conclude by emphasizing the critical need for vigilance against evolving attack methods and the importance of expanding network monitoring practices.\r\n\r\nTarget Audience:\r\n\r\nThis presentation is designed for security professionals, network administrators, and anyone interested in understanding advanced attack techniques and network security best practices - especially professionals interested in protocol security.", "recording_license": "", "do_not_record": false, "persons": [{"code": "CWR9QW", "name": "Michal Soltysik", "avatar": "https://conference.wireshark.org/media/avatars/IMG_4099_RJSFqHS.jpg", "biography": "Micha\u0142 So\u0142tysik is a Cybersecurity Consultant and Deep Packet Inspection Analyst specializing in network edge profiling and 0-day attacks (one of the most difficult to detect).\r\nWith a focus on IT, OT, and IoT areas, he has identified so far 254 protocols used for cyberattacks.\r\nMicha\u0142 is also a skilled Digital and Network Forensics Examiner, a CyberWarfare Organizer, and a SOC Trainer, enhancing his cybersecurity roles with a broad range of expert knowledge.\r\nMore information available at https://michalsoltysik.com/", "public_name": "Michal Soltysik", "guid": "df1d71a5-577d-5e4a-a7de-922e3b9d6c35", "url": "https://conference.wireshark.org/sharkfest-24-eu/speaker/CWR9QW/"}], "links": [], "feedback_url": "https://conference.wireshark.org/sharkfest-24-eu/talk/BB3E8B/feedback/", "origin_url": "https://conference.wireshark.org/sharkfest-24-eu/talk/BB3E8B/", "attachments": []}]}}, {"index": 4, "date": "2024-11-07", "day_start": "2024-11-07T04:00:00+01:00", "day_end": "2024-11-08T03:59:00+01:00", "rooms": {"Ballroom A+B+C": [{"guid": "c869d858-6fb2-5aa9-aae5-c39ad158d87b", "code": "TBWNC7", "id": 66, "logo": null, "date": "2024-11-07T09:00:00+01:00", "start": "09:00", "duration": "00:45", "room": "Ballroom A+B+C", "slug": "sharkfest-24-eu-66-panel-discussion", "url": "https://conference.wireshark.org/sharkfest-24-eu/talk/TBWNC7/", "title": "Panel Discussion", "subtitle": "", "track": "Beginner", "type": "Organization", "language": "en", "abstract": "Let us discuss what interesting topics lay ahead of us", "description": "", "recording_license": "", "do_not_record": false, "persons": [{"code": "RFDHVJ", "name": "Roland Knall", "avatar": "https://conference.wireshark.org/media/avatars/RFDHVJ_Twx9SMI.webp", "biography": "Roland Knall is a veteran software developer with 25 years of experience, specializing in machine safety network protocols and industrial automation applications. Since 2016, he has been a core developer for Wireshark, one of the world's leading network protocol analyzers. Currently working at Profitap, Roland continues to innovate in the field of network analysis and security. With over a decade of teaching experience, he brings a unique blend of deep technical knowledge and educational expertise to his presentations.", "public_name": "Roland Knall", "guid": "eee7cd60-caea-5893-9691-e622c7a61f95", "url": "https://conference.wireshark.org/sharkfest-24-eu/speaker/RFDHVJ/"}], "links": [], "feedback_url": "https://conference.wireshark.org/sharkfest-24-eu/talk/TBWNC7/feedback/", "origin_url": "https://conference.wireshark.org/sharkfest-24-eu/talk/TBWNC7/", "attachments": []}, {"guid": "2dc2b387-2107-52b8-a441-0c9b527ad86c", "code": "KCCXJY", "id": 60, "logo": null, "date": "2024-11-07T09:45:00+01:00", "start": "09:45", "duration": "01:30", "room": "Ballroom A+B+C", "slug": "sharkfest-24-eu-60-a-deep-dive-into-traffic-fingerprints-using-wireshark", "url": "https://conference.wireshark.org/sharkfest-24-eu/talk/KCCXJY/", "title": "A Deep Dive Into Traffic Fingerprints using Wireshark", "subtitle": "", "track": "Intermediate", "type": "Long Presentation", "language": "en", "abstract": "Understanding network traffic fingerprints is crucial for enhancing cybersecurity and network performance. This talk provides a concise exploration of network traffic fingerprints, discussing their definition, identification methods, and practical applications. We will cover techniques like deep packet inspection, flow analysis, and machine learning to capture and analyze traffic patterns. Real-world examples using Wireshark/tshark will illustrate their use in intrusion detection, anomaly detection, and network optimization.\r\n\r\nChallenges such as encryption and evolving threats will be addressed, alongside emerging trends in network traffic analysis. Attendees will gain actionable insights on leveraging traffic fingerprints for improved security and efficiency, making this talk essential for network administrators, security professionals, and researchers. \r\n\r\nPresentation slides and pcaps are available at https://tinyurl.com/sf24derinardi", "description": "", "recording_license": "", "do_not_record": false, "persons": [{"code": "HZHMXR", "name": "Luca Deri", "avatar": "https://conference.wireshark.org/media/avatars/luca_BqwvZoE.png", "biography": "Luca Deri is the leader of the ntop project (www.ntop.org), aimed at developing an open-source monitoring platform for high-speed traffic analysis and cybersecurity. He worked for the University College of London and IBM Research, before receiving his PhD at the University of Berne with a thesis about software components for traffic monitoring applications. Well-known in the open-source and Linux community, he currently shares his time between the ntop project and the University of Pisa where he has been appointed as a lecturer in the CS department.", "public_name": "Luca Deri", "guid": "0db8e63e-7b60-5bff-b243-f9e2873bf626", "url": "https://conference.wireshark.org/sharkfest-24-eu/speaker/HZHMXR/"}, {"code": "XGFWKN", "name": "Ivan Nardi", "avatar": null, "biography": null, "public_name": "Ivan Nardi", "guid": "03e7c203-4da7-5dea-8549-acb8f2ed803c", "url": "https://conference.wireshark.org/sharkfest-24-eu/speaker/XGFWKN/"}], "links": [], "feedback_url": "https://conference.wireshark.org/sharkfest-24-eu/talk/KCCXJY/feedback/", "origin_url": "https://conference.wireshark.org/sharkfest-24-eu/talk/KCCXJY/", "attachments": []}, {"guid": "45854f55-12c9-5671-a2e0-4dce5d2ba308", "code": "N99N8N", "id": 90, "logo": null, "date": "2024-11-07T11:30:00+01:00", "start": "11:30", "duration": "01:30", "room": "Ballroom A+B+C", "slug": "sharkfest-24-eu-90-the-packet-doctors-are-in-packet-trace-examinations-with-the-experts", "url": "https://conference.wireshark.org/sharkfest-24-eu/talk/N99N8N/", "title": "The Packet Doctors are in! Packet trace examinations with the experts", "subtitle": "", "track": null, "type": "Long Presentation", "language": "en", "abstract": "The experts on this panel have been asked to look at a trace file and help find a reason for certain behaviors by attendees at many SharkFests. Based on this, they\u2019ve decided to create a public forum for examining individual trace files with a broader audience for a collective learning experience. Trace files will be gathered from attendees prior to SharkFest and only given to the panel members during the session so that the \u201cnot-\r\nknowing what to expect and whether it can be solved\u201d experience of working through an unknown trace file can be preserved.\r\nCome to this session and learn to ask the right questions and look at packets in different ways.\r\nPLEASE SEND PERPLEXING TRACE FILES FOR ANALYSIS BY THE PANEL TO jasper@packet-foo.com PRIOR TO SHARKFEST!", "description": "", "recording_license": "", "do_not_record": true, "persons": [], "links": [], "feedback_url": "https://conference.wireshark.org/sharkfest-24-eu/talk/N99N8N/feedback/", "origin_url": "https://conference.wireshark.org/sharkfest-24-eu/talk/N99N8N/", "attachments": []}, {"guid": "64e023a9-0dde-58fa-a735-57b8be637d99", "code": "9RT9SP", "id": 63, "logo": null, "date": "2024-11-07T14:00:00+01:00", "start": "14:00", "duration": "01:00", "room": "Ballroom A+B+C", "slug": "sharkfest-24-eu-63-vxlan-evpn-and-other-intricacies-unpacked", "url": "https://conference.wireshark.org/sharkfest-24-eu/talk/9RT9SP/", "title": "VXLAN, EVPN and other intricacies unpacked", "subtitle": "", "track": "Intermediate", "type": "Short Presentation", "language": "en", "abstract": "This talk will focus on VXLAN and MP-BGP EVPN in datacenter environments. It will analyze some of the inner workings and interactions between all the different components using Wireshark and will hopefully provide attendees with a better understanding of how these different pieces of technology work altogether. It will also give some troubleshooting tips for VXLAN EVPN. The discussion will first cover foundational concepts (VXLAN encapsulation, EVPN route types, L3VNI/L2VNI...) and get into more advanced topics (BGP unnumbered, RTs, MLAG/MH interactions, TE).", "description": "", "recording_license": "", "do_not_record": false, "persons": [{"code": "XLZPAM", "name": "Pierre Besombes", "avatar": "https://conference.wireshark.org/media/avatars/pierreblanck_PZr7SdU.JPG", "biography": "Pierre brings over a decade of experience in designing, managing, and troubleshooting networks and IT infrastructures. Starting his career as a consulting engineer, he has supported a diverse range of businesses, from large corporations to small firms. His early work focused extensively on packet captures, which he considers the most reliable method for uncovering the \"truth\". Over the years, Pierre's role has evolved to encompass system and platform engineering, some aspects of IT security, as well as reflecting on organizational and human factors.", "public_name": "Pierre Besombes", "guid": "147c13b8-1181-53ad-9dd1-2e94f2a7fe2f", "url": "https://conference.wireshark.org/sharkfest-24-eu/speaker/XLZPAM/"}], "links": [], "feedback_url": "https://conference.wireshark.org/sharkfest-24-eu/talk/9RT9SP/feedback/", "origin_url": "https://conference.wireshark.org/sharkfest-24-eu/talk/9RT9SP/", "attachments": []}, {"guid": "03d94d9a-0667-5551-9d91-8ccfea835061", "code": "YHDD3S", "id": 68, "logo": null, "date": "2024-11-07T15:00:00+01:00", "start": "15:00", "duration": "01:00", "room": "Ballroom A+B+C", "slug": "sharkfest-24-eu-68-everything-is-encrypted", "url": "https://conference.wireshark.org/sharkfest-24-eu/talk/YHDD3S/", "title": "Everything is encrypted", "subtitle": "", "track": "Intermediate", "type": "Short Presentation", "language": "en", "abstract": "More and more traffic is encrypted using TLS: \u201chttps is the new tcp\u201d. What if you need to troubleshoot but can\u2019t use decryption? Either because it is hard to do or not allowed. \r\nBut based on traffic patterns, or meta data, it is still possible to draw conclusions. Like who is slow, how many applications turns (request/response pairs), size of the data, is the communication efficient (overhead ratio), etc..  \r\nThis session we cover the methods of analyzing using Wireshark. First part for TLS up to version 1.2. The second part using version TLS 1.3, which is much harder to do, but not impossible.", "description": "", "recording_license": "", "do_not_record": false, "persons": [{"code": "KZT9D7", "name": "Andr\u00e9 Luyer", "avatar": "https://conference.wireshark.org/media/avatars/ProfielfotoAndre_gvxMwmu.JPG", "biography": "Andr\u00e9 is a senior Performance Consultant and troubleshooter at Rabobank, and has been analyzing packets for over 25 years. He started his career as a troubleshooter for network issues, both hard- and software, and later specialized in performance testing, which requires a combination of in-depth knowledge of networking protocols and coding skills. Andr\u00e9 also delivers an in-house \u2018Wireshark bootcamp\u2019 training course and contributed to the Wireshark project.", "public_name": "Andr\u00e9 Luyer", "guid": "31e5cac9-2607-5709-8202-fd9f433d912d", "url": "https://conference.wireshark.org/sharkfest-24-eu/speaker/KZT9D7/"}], "links": [], "feedback_url": "https://conference.wireshark.org/sharkfest-24-eu/talk/YHDD3S/feedback/", "origin_url": "https://conference.wireshark.org/sharkfest-24-eu/talk/YHDD3S/", "attachments": []}, {"guid": "6a0dd249-a25e-5416-a190-db93cc2c0503", "code": "SZH3SB", "id": 75, "logo": null, "date": "2024-11-07T16:15:00+01:00", "start": "16:15", "duration": "01:00", "room": "Ballroom A+B+C", "slug": "sharkfest-24-eu-75-network-traffic-your-home", "url": "https://conference.wireshark.org/sharkfest-24-eu/talk/SZH3SB/", "title": "Network traffic @ your home", "subtitle": "", "track": "Beginner", "type": "Short Presentation", "language": "en", "abstract": "Wireshark has become an omnipresent tool in the realms of IT, OT, IoT, and cybersecurity.\r\n\r\nRecognizing that today's higher education students rely less on textbooks and more on dynamic learning experiences, educators must adapt and develop innovative methods to effectively engage students and help them achieve their aims. \r\n\r\nThe goal of this presentation is to flatten the learning curve of network packet analysis. By using captures within the learner\u2019s living space, we can teach necessary skills and gain insights without much overhead. In addition, the particular communication behaviour of smart devices (lights, television, vacuum cleaner, Xbox, doorbell, pet cam, \u2026 ) is often unknown to many people.\r\n\r\nThe objective of this interactive session is to provide participants with ideas on harnessing Wireshark's capabilities for their own activities while showcasing its usage in higher education and research endeavours.", "description": "This inspirational session will feature two senior lecturers from different European Universities of Applied Sciences, who will share their insights and best practices on leveraging Wireshark in both educational and research contexts.\r\n\r\nThe primary focus of this presentation is on using Wireshark correctly to become more efficient packet analyser. Drawing from our personal experiences as lecturers and researchers, we will discuss practical examples that underscore the tool's versatility and value.\r\n\r\nThis session is interactive and includes hands-on tasks with trace files. Trace files will be provided to the participants.\r\n\r\nSome info about Ville Haapakangas:\r\n\u2022             Senior Lecturer at Tampere University of Applied Sciences (Tampere, Finland)\r\n\u2022             Lecturer in Computer Networks and Cybersecurity, several cybersecurity related research projects\r\n\u2022             A speaker at Sharkfest22EU and Sharkfest23EU and a participant of SharkFest EU for a few years now\r\n\r\nSome info about Tom Cordemans:\r\n\u2022             Lecturer at Odisee University of Applied Sciences (Gent, Belgium)\r\n\u2022             ICT Technologist at DistriNet Research Unit @KU Leuven (Gent, Belgium)\r\n\u2022             A speaker at Sharkfest23EU and a participant of SharkFest EU for many years now.", "recording_license": "", "do_not_record": false, "persons": [{"code": "PFPDDQ", "name": "Ville Haapakangas", "avatar": null, "biography": "Ville Haapakangas is a Senior Lecturer at Tampere University of Applied Sciences in Tampere, Finland, with a strong focus on Computer Networks and Cybersecurity. He is especially interested in using Wireshark as a pedagogical and research tool. Ville\u2019s involvement with SharkFest EU extends over several years as both a participant and a speaker.", "public_name": "Ville Haapakangas", "guid": "f0a559d4-d197-577b-b49c-e57f5c86eec2", "url": "https://conference.wireshark.org/sharkfest-24-eu/speaker/PFPDDQ/"}, {"code": "YY3RVA", "name": "Tom Cordemans", "avatar": "https://conference.wireshark.org/media/avatars/YY3RVA_Hme1zPZ.jpg", "biography": "Tom Cordemans is a senior lecturer at the Odisee University of Applied Sciences and a researcher at the DistriNet Research Unit of KU Leuven in Gent, Belgium with a strong focus on IT, IoT and OT networks. He is a daily user of Wireshark and sharing knowledge and expertise is his trigger to give workshops and presentations.", "public_name": "Tom Cordemans", "guid": "da0271c8-112f-5fdb-a1e9-a5f70d858364", "url": "https://conference.wireshark.org/sharkfest-24-eu/speaker/YY3RVA/"}], "links": [], "feedback_url": "https://conference.wireshark.org/sharkfest-24-eu/talk/SZH3SB/feedback/", "origin_url": "https://conference.wireshark.org/sharkfest-24-eu/talk/SZH3SB/", "attachments": []}, {"guid": "ed501fbf-9281-52af-b1c9-5089f7d3bece", "code": "J8NNR3", "id": 87, "logo": "https://conference.wireshark.org/media/sharkfest-24-eu/submissions/J8NNR3/ACI_ZGcAqrF.png", "date": "2024-11-07T17:15:00+01:00", "start": "17:15", "duration": "01:00", "room": "Ballroom A+B+C", "slug": "sharkfest-24-eu-87-compare-the-accuracy-of-trace-files-captured-with-a-tap-and-cisco-aci", "url": "https://conference.wireshark.org/sharkfest-24-eu/talk/J8NNR3/", "title": "Compare the accuracy of trace files captured with a tap and Cisco ACI", "subtitle": "", "track": "Beginner", "type": "Short Presentation", "language": "en", "abstract": "in this short presentation we transfer a file and record the event with a tap and the Cisco ACI engine\r\n\r\nIntuitively, we might configure a SPAN port because it's cheap and fast.\r\nThis presentation will explore the situation when the infrastructure or the virtual capture points are overloaded", "description": "", "recording_license": "", "do_not_record": false, "persons": [{"code": "G7DKUQ", "name": "Eddi Blenkers", "avatar": null, "biography": "For over 20 years, Eddi has been looking at network protocols to find (or rule out) network problems, vulnerabilities, ongoing hacking attacks or just for fun.\r\n\r\nWorking for the Swiss train company BLS as IT security analyst, he is reviewing the configuration of a multitude of systems to improve the overall security of the domain. Wireshark is one of the tools to verify the outcome of a configuration change.\r\n\r\nShameless promotion: Visit https://www.bls.ch/en/freizeit-und-ferien/ausflug to find some of the best destinations in Switzerland.", "public_name": "Eddi Blenkers", "guid": "fe7e996e-5292-58a2-8f18-5390a46d4560", "url": "https://conference.wireshark.org/sharkfest-24-eu/speaker/G7DKUQ/"}, {"code": "UGUNE7", "name": "Markus Liechti", "avatar": null, "biography": "Markus Liechti is a veteran network analyst working for the Swiss Federal Office of Information Technology and Communication.\r\n \r\nAmong other tools, he uses WireShark to investigate network problems small, big, and exceptionally big.", "public_name": "Markus Liechti", "guid": "ade0d9e8-dd78-5c7a-aa54-ee323424d01a", "url": "https://conference.wireshark.org/sharkfest-24-eu/speaker/UGUNE7/"}], "links": [], "feedback_url": "https://conference.wireshark.org/sharkfest-24-eu/talk/J8NNR3/feedback/", "origin_url": "https://conference.wireshark.org/sharkfest-24-eu/talk/J8NNR3/", "attachments": []}, {"guid": "6e5e5619-c07f-5a1e-af97-b22699446db7", "code": "7USMUA", "id": 57, "logo": null, "date": "2024-11-07T18:30:00+01:00", "start": "18:30", "duration": "02:30", "room": "Ballroom A+B+C", "slug": "sharkfest-24-eu-57-sponsor-technology-showcase-packet-hero-quiz-dinner", "url": "https://conference.wireshark.org/sharkfest-24-eu/talk/7USMUA/", "title": "Sponsor Technology Showcase, Packet Hero Quiz & Dinner", "subtitle": "", "track": "Organization", "type": "Dinner", "language": "en", "abstract": "Sponsor Technology Showcase & Dinner", "description": "", "recording_license": "", "do_not_record": false, "persons": [], "links": [], "feedback_url": "https://conference.wireshark.org/sharkfest-24-eu/talk/7USMUA/feedback/", "origin_url": "https://conference.wireshark.org/sharkfest-24-eu/talk/7USMUA/", "attachments": []}], "Palais Sachsen Coburg I-III": [{"guid": "14f67136-1128-5cb0-b5f4-33ef1bc58346", "code": "JZ8MZJ", "id": 59, "logo": null, "date": "2024-11-07T09:45:00+01:00", "start": "09:45", "duration": "01:30", "room": "Palais Sachsen Coburg I-III", "slug": "sharkfest-24-eu-59-unveiling-network-errors-a-deep-dive-into-icmp-destination-unreachable-messages", "url": "https://conference.wireshark.org/sharkfest-24-eu/talk/JZ8MZJ/", "title": "Unveiling Network Errors: A Deep Dive into ICMP 'Destination Unreachable' Messages", "subtitle": "", "track": "Expert / Developer", "type": "Long Presentation", "language": "en", "abstract": "Effective troubleshooting of network issues is a critical concern for network technicians. While many are familiar with basic ICMP tools like ping and traceroute, the breadth of ICMP capabilities often goes underutilized. This session delves into ICMP messages, specifically the 'Destination Unreachable' type, and the insights they provide into network errors.\r\n\r\nWe will explore methods for capturing and analyzing network traffic, highlighting practical tips and tricks for using Wireshark to diagnose and resolve issues efficiently. Attendees will gain a deeper understanding of ICMP message functions and how to leverage them for improved network troubleshooting.", "description": "", "recording_license": "", "do_not_record": false, "persons": [{"code": "PXP8DZ", "name": "Johannes Weber", "avatar": "https://conference.wireshark.org/media/avatars/PXP8DZ_GRq6JRm.jpg", "biography": "Johannes is a dedicated network security consultant at SVA System Vertrieb Alexander GmbH in Germany, with a master's degree in IT Security, specializing in IPv6 Security. He excels in implementing next-gen firewalls, DNS appliances, and IPv6 connectivity at customer sites. As a trainer, Johannes conducts classes on IPv6 and DNS, focusing on technical deep dives and security features. His insights and tutorials on IPv6, VPNs, DNSSEC, NTP, Wireshark, and enterprise-grade firewalls (Palo Alto Networks, Fortinet) can be found on his blog, https://netsec.blog/.", "public_name": "Johannes Weber", "guid": "f390f758-d6cb-552d-b920-5a7892edc72e", "url": "https://conference.wireshark.org/sharkfest-24-eu/speaker/PXP8DZ/"}], "links": [], "feedback_url": "https://conference.wireshark.org/sharkfest-24-eu/talk/JZ8MZJ/feedback/", "origin_url": "https://conference.wireshark.org/sharkfest-24-eu/talk/JZ8MZJ/", "attachments": []}, {"guid": "bac3cb51-4da4-5a40-bbd3-879355c06114", "code": "WX9LX3", "id": 81, "logo": null, "date": "2024-11-07T14:00:00+01:00", "start": "14:00", "duration": "01:00", "room": "Palais Sachsen Coburg I-III", "slug": "sharkfest-24-eu-81-advanced-tcp-troubleshooting", "url": "https://conference.wireshark.org/sharkfest-24-eu/talk/WX9LX3/", "title": "Advanced TCP Troubleshooting", "subtitle": "", "track": "Expert / Developer", "type": "Short Presentation", "language": "en", "abstract": "Analyzing TCP connection is the most common task a network analyst has to perform. And even though tracking sequence numbers, packet loss and generally understanding the TCP handshake and teardown can be tricky as well many analysts know how to deal with those steps. But sometimes you need to analyze complex situations and figure out what is going on, for example look at packet timing or troubleshooting an issue with less than ideal capture results. In this talk we'll look at techniques that can help and of course look at some example traces.", "description": "", "recording_license": "", "do_not_record": false, "persons": [{"code": "JJLHFE", "name": "Jasper Bongertz", "avatar": "https://conference.wireshark.org/media/avatars/32db88b741fd066a3afc295884850482_KxKZwQ8.jpg", "biography": "Jasper Bongertz is a network security expert with focus on network forensics and incident response at Airbus Defence and Space CyberSecurity. He started working freelance in 1992 while he was studying computer science at the Technical University of Aachen. In 2009, Jasper became a Senior Consultant and Trainer for Fast Lane, where he created a large training portfolio with a special focus on Wireshark and network hacking. In 2013, he joined Airbus Defence and Space CyberSecurity, before moving on to G Data Advanced Analytics in 2019 where he is now the head of the CyberSecurity Incident Response Team (CSIRT).\r\n\r\nJasper is the creator of the packet analysis tool TraceWrangler, which can be used to convert, edit and sanitize PCAP files. His blog regarding network analysis, network forensics and general security topics can be found at blog.packet-foo.com.", "public_name": "Jasper Bongertz", "guid": "01090920-dcf6-5bfc-8ce9-c09dfc5e857c", "url": "https://conference.wireshark.org/sharkfest-24-eu/speaker/JJLHFE/"}], "links": [], "feedback_url": "https://conference.wireshark.org/sharkfest-24-eu/talk/WX9LX3/feedback/", "origin_url": "https://conference.wireshark.org/sharkfest-24-eu/talk/WX9LX3/", "attachments": []}, {"guid": "b4cb8a87-1c27-53ce-9f29-8a0bdaaa0483", "code": "N3XNY9", "id": 84, "logo": null, "date": "2024-11-07T15:00:00+01:00", "start": "15:00", "duration": "01:00", "room": "Palais Sachsen Coburg I-III", "slug": "sharkfest-24-eu-84-dissector-developer-design-notes", "url": "https://conference.wireshark.org/sharkfest-24-eu/talk/N3XNY9/", "title": "Dissector developer design notes", "subtitle": "", "track": "Expert / Developer", "type": "Short Presentation", "language": "en", "abstract": "In this talk we'll go over lots of the details that dissector developers have to contend with. Not only will we touch on some of the Epan APIs available to us, but we will go beyond the API's and discuss the way of thinking about packet dissection design. Here we may discover wisdoms which are not only important to dissector developers, but for software development in general.\r\n\r\nEven though in this talk we will focus on development of C code, Lua dissector developers may take away some deeper insights as well.", "description": "As a core developer I get to see a lot of dissector code, in the form of merge requests, during investigation of bugs, or written by myself. While working on this code I often come across designs which are not optimal for the purpose they serve. This may have to do with the use of poor examples, missing insight into how the packet dissection process really works or lack of understanding of the protocols at hand. Either way more knowledge and insight will hopefully help you to create better dissectors.", "recording_license": "", "do_not_record": false, "persons": [{"code": "JLXRGY", "name": "Jaap Keuter", "avatar": "https://conference.wireshark.org/media/avatars/JaapKeuter_BOSKmU9_BMvJtbH.jpg", "biography": "Studied telecommunications and computer systems. Worked for a PABX manufacturer and currently for a manufacturer of Ethernet switching and telecommunication transmission systems, in the role of embedded software engineer. Along the way I started using what was then called Ethereal, enhancing it and providing bug fixes, which eventually lead to becoming a core developer. \r\n\r\nBesides this I like to spend time in the air, either skydiving or flying sailplanes.", "public_name": "Jaap Keuter", "guid": "a68c1c66-3899-53ca-b1a7-49637389a675", "url": "https://conference.wireshark.org/sharkfest-24-eu/speaker/JLXRGY/"}], "links": [], "feedback_url": "https://conference.wireshark.org/sharkfest-24-eu/talk/N3XNY9/feedback/", "origin_url": "https://conference.wireshark.org/sharkfest-24-eu/talk/N3XNY9/", "attachments": []}, {"guid": "fd12e08d-9047-5c3f-8b08-6dc894f40f7e", "code": "DPTKUS", "id": 79, "logo": null, "date": "2024-11-07T16:15:00+01:00", "start": "16:15", "duration": "01:00", "room": "Palais Sachsen Coburg I-III", "slug": "sharkfest-24-eu-79-optimizing-server-settings-using-packet-captures", "url": "https://conference.wireshark.org/sharkfest-24-eu/talk/DPTKUS/", "title": "Optimizing Server Settings Using Packet Captures", "subtitle": "", "track": "Expert / Developer", "type": "Short Presentation", "language": "en", "abstract": "This talk explores how we might use Wireshark to optimize servers and applications even when they aren't slow. Depending on the type of traffic, optimizing TCP windowing and reducing the number of round trips required to transmit information can improve the speed of an application significantly.", "description": "The internet operates using standards, and these standards were developed, debated, and ratified with the entirety of the internet in mind. But are these standards ideal for your environment?\r\n\r\nThe largest internet companies tune their servers to operate best in the environments they maintain. That tight control lets them reduce application response times even when latency might be high.\r\n\r\nWe will use packet captures to identify application traffic patterns and active network conditions, and we\u2019ll explore options to customize how servers put data on the network to fit the application and the network.", "recording_license": "", "do_not_record": true, "persons": [{"code": "LJMB8P", "name": "Josh Clark", "avatar": "https://conference.wireshark.org/media/avatars/a6cf3a193a4d11c2267b2c91698d3492_ikPSVyM.jpg", "biography": "Josh has both academic and real-world experience in the world of protocol analysis. He holds an M.S. degree in Computer Engineering with a focus in network engineering and has spent the past 8 years designing, troubleshooting, and optimizing networks and applications.", "public_name": "Josh Clark", "guid": "29a8c981-dca2-5ee5-aa17-869b6103ca3b", "url": "https://conference.wireshark.org/sharkfest-24-eu/speaker/LJMB8P/"}], "links": [], "feedback_url": "https://conference.wireshark.org/sharkfest-24-eu/talk/DPTKUS/feedback/", "origin_url": "https://conference.wireshark.org/sharkfest-24-eu/talk/DPTKUS/", "attachments": []}, {"guid": "bfb014ae-dce9-5d7d-8c66-bdc73ac60d4e", "code": "GEJMM9", "id": 65, "logo": "https://conference.wireshark.org/media/sharkfest-24-eu/submissions/GEJMM9/pyshark_GA7QOgT.jpg", "date": "2024-11-07T17:15:00+01:00", "start": "17:15", "duration": "01:00", "room": "Palais Sachsen Coburg I-III", "slug": "sharkfest-24-eu-65-dissecting-the-client-hello-with-pyshark", "url": "https://conference.wireshark.org/sharkfest-24-eu/talk/GEJMM9/", "title": "Dissecting the Client Hello with Pyshark", "subtitle": "", "track": "Beginner", "type": "Short Presentation", "language": "en", "abstract": "This talk covers using Pyshark for analyzing pcap files, focusing on accessing nested elements in network packets, particularly within Client Hello packets, including encryption suites and TLS versions. This presentation provides an updated guide on effectively using Pyshark, addressing the gaps in current documentation and offering practical insights. The session will cover the basics of loading pcap files, inspecting packet types and layers, and using commands to list packet layers and extract details. It includes a practical example of extracting offered encryption suites from Client Hello packets to ensure secure encryption methods. By applying Wireshark display filters in Pyshark, the talk demonstrates how to efficiently find needed packets. Key issues and solutions when using JSON and Python objects will be highlighted, helping avoid errors and process data smoothly. Learn to effectively access and use nested elements and specific data points with Pyshark.", "description": "", "recording_license": "", "do_not_record": false, "persons": [{"code": "YJV89N", "name": "Katherine Leese", "avatar": "https://conference.wireshark.org/media/avatars/jlwS2nT-_JlbtYxz.jpg", "biography": "Katherine is a tech professional with 18 months of experience, having retrained in her 40s to become a Computer Expert, specialising in System Integration. Originally from New Zealand, she is currently based in Germany. During her training, she undertook a practicum at SevenShift, a boutique IoT cybersecurity company in Cologne that recognised her talent and dedication, ultimately hiring her. She is now in a training position, where she is honing her skills and contributing to the company's security initiatives. Outside of her professional life, Katherine is a dedicated single mother to a teenager. She also plays bass guitar and provides backing vocals in a punk band, and if there's any time left over, you will find her on the netball court.  She is also a member of the Haecksen, the FINTA branch of the CCC.", "public_name": "Katherine Leese", "guid": "9a6ca4c9-86e4-5f80-b0de-6f1e4f4c4605", "url": "https://conference.wireshark.org/sharkfest-24-eu/speaker/YJV89N/"}], "links": [], "feedback_url": "https://conference.wireshark.org/sharkfest-24-eu/talk/GEJMM9/feedback/", "origin_url": "https://conference.wireshark.org/sharkfest-24-eu/talk/GEJMM9/", "attachments": []}]}}, {"index": 5, "date": "2024-11-08", "day_start": "2024-11-08T04:00:00+01:00", "day_end": "2024-11-09T03:59:00+01:00", "rooms": {"Ballroom A+B+C": [{"guid": "bed095e0-9f94-5266-be09-3dd6433301c5", "code": "MLBZMC", "id": 74, "logo": null, "date": "2024-11-08T09:00:00+01:00", "start": "09:00", "duration": "00:45", "room": "Ballroom A+B+C", "slug": "sharkfest-24-eu-74-sharkbytes", "url": "https://conference.wireshark.org/sharkfest-24-eu/talk/MLBZMC/", "title": "SharkBytes", "subtitle": "", "track": "Organization", "type": "Organization", "language": "en", "abstract": "Come and enjoy an interesting session with learning interesting stuff about each other!", "description": "", "recording_license": "", "do_not_record": false, "persons": [], "links": [], "feedback_url": "https://conference.wireshark.org/sharkfest-24-eu/talk/MLBZMC/feedback/", "origin_url": "https://conference.wireshark.org/sharkfest-24-eu/talk/MLBZMC/", "attachments": []}, {"guid": "4a7873fc-c58b-5651-a79a-67f60e9c5559", "code": "RVUPLY", "id": 82, "logo": null, "date": "2024-11-08T09:45:00+01:00", "start": "09:45", "duration": "01:30", "room": "Ballroom A+B+C", "slug": "sharkfest-24-eu-82-sharksniff-3000-the-wireless-decrypting-cyberdeck", "url": "https://conference.wireshark.org/sharkfest-24-eu/talk/RVUPLY/", "title": "Sharksniff 3000 - the Wireless Decrypting Cyberdeck", "subtitle": "", "track": "Intermediate", "type": "Short Presentation", "language": "en", "abstract": "Modern networks and devices rely heavily on two critical protocols: WiFi and TLS encryption. Many devices, such as smartphones, tablets, IoT devices, and others, lack built-in options for packet capture or the ability to obtain session keys.\r\n\r\nMy objective was to develop a device that functions as a proxy, capable of capturing traffic from wireless devices, decrypting and re-encrypting it, and outputting session keys\u2014all while remaining invisible to the end user. The ultimate goal is to enable engineers to analyze decrypted traffic.\r\n\r\nIn this session, I'll share my motivation for building the cyberdeck, the challenges and successes I encountered, how the system works, and review traffic captures from well-known smartphone apps.", "description": "", "recording_license": "", "do_not_record": false, "persons": [{"code": "LVXUVN", "name": "Ross Bagurdes", "avatar": "https://conference.wireshark.org/media/avatars/Bagurdes_Headshot_SjVuW0O.jpeg", "biography": "Ross has had a diverse career in engineering, beginning as a structural engineer, then project engineer for a gas utility, Ross was always quickly assigned the de-facto network administrator, typically after no one else was brave enough to break, and later fix, the network. Ross eventually ended up working as a network engineer designing and implementing enterprise networks for a major university hospital. Here he worked with Extreme Networks, HP, Cisco, Tipping Point, among other network technology, as well as honed his Wireshark and protocol analysis skills. Ross spent 7 years teaching data networking at Madison College, and in 2017 started authoring and producing IT training videos in Wireshark/Protocol Analysis, Cisco, and general networking topics for www.Pluralsight.com. In his free time, you'll find Ross and his dog at the beach swimming and surfing, traveling, hiking, or snowboarding somewhere in the western US.", "public_name": "Ross Bagurdes", "guid": "0def5250-101e-527e-a22d-2ffc2ecf9ad9", "url": "https://conference.wireshark.org/sharkfest-24-eu/speaker/LVXUVN/"}], "links": [], "feedback_url": "https://conference.wireshark.org/sharkfest-24-eu/talk/RVUPLY/feedback/", "origin_url": "https://conference.wireshark.org/sharkfest-24-eu/talk/RVUPLY/", "attachments": []}, {"guid": "bcacc86e-a1cf-5ff6-a990-da25352c3704", "code": "TPT9PT", "id": 83, "logo": null, "date": "2024-11-08T11:30:00+01:00", "start": "11:30", "duration": "01:00", "room": "Ballroom A+B+C", "slug": "sharkfest-24-eu-83-cloud-doesn-t-have-packets", "url": "https://conference.wireshark.org/sharkfest-24-eu/talk/TPT9PT/", "title": "Cloud doesn\u2019t have Packets!", "subtitle": "", "track": "Beginner", "type": "Short Presentation", "language": "en", "abstract": "It\u2019s easy to laugh at the apocryphal executive quote \u201cCloud doesn\u2019t have Packets!\u201d, but is there something more to it? What might they have meant?\r\n \r\nWhat are the differences between traditional On-premise and Cloud networking and architectures, and what does this tell us about attitudes towards network based security and trouble-shooting?\r\n \r\nIn this talk we will look at how Cloud differs from On-prem networking, what common Cloud architectures look like, and how they can confound established practice. We will review options for Packet Capture and network based tools in Cloud compared to On-prem environments, and discuss whether it is practical, beneficial, and necessary.", "description": "", "recording_license": "", "do_not_record": false, "persons": [{"code": "3MTJ77", "name": "Stephen Donnelly", "avatar": "https://conference.wireshark.org/media/avatars/dd9b73de6604fe1aa5b498fb631c4ff2_Z6LnIt5.jpg", "biography": "Stephen has worked on packet capture and time-stamping systems for 20 years, earning his PhD for \u201cHigh Precision Timing in Passive Measurements of Data Networks\u201d from the University of Waikato, New Zealand.\r\nA founding employee of Endace, Stephen has developed FPGA-based packet capture and timing systems, clock synchronization systems, and high-performance network monitoring virtualization, and collaborated with customers in telcos, finance, test & measurement, enterprise, and government agencies to solve unique problems.\r\nStephen is a contributor to the Wireshark, libpcap, Zeek, and Suricata open-source projects.", "public_name": "Stephen Donnelly", "guid": "f3ab1550-4987-5443-9dba-51a557913170", "url": "https://conference.wireshark.org/sharkfest-24-eu/speaker/3MTJ77/"}], "links": [], "feedback_url": "https://conference.wireshark.org/sharkfest-24-eu/talk/TPT9PT/feedback/", "origin_url": "https://conference.wireshark.org/sharkfest-24-eu/talk/TPT9PT/", "attachments": []}, {"guid": "c5e65c77-6652-5998-ae37-e5da39916de8", "code": "GUGZZQ", "id": 56, "logo": null, "date": "2024-11-08T12:30:00+01:00", "start": "12:30", "duration": "01:30", "room": "Ballroom A+B+C", "slug": "sharkfest-24-eu-56-lunch-closing-remarks-and-farewell-reception", "url": "https://conference.wireshark.org/sharkfest-24-eu/talk/GUGZZQ/", "title": "Lunch, Closing Remarks and Farewell Reception", "subtitle": "", "track": "Organization", "type": "Long Presentation", "language": "en", "abstract": "Closing Remarks and Farewell reception", "description": "", "recording_license": "", "do_not_record": false, "persons": [], "links": [], "feedback_url": "https://conference.wireshark.org/sharkfest-24-eu/talk/GUGZZQ/feedback/", "origin_url": "https://conference.wireshark.org/sharkfest-24-eu/talk/GUGZZQ/", "attachments": []}], "Palais Sachsen Coburg I-III": [{"guid": "ad46a388-9b99-5b99-af20-fa2f056bceae", "code": "VBHSF3", "id": 91, "logo": null, "date": "2024-11-08T11:30:00+01:00", "start": "11:30", "duration": "01:00", "room": "Palais Sachsen Coburg I-III", "slug": "sharkfest-24-eu-91-gotta-catch-em-all-a-field-test-of-portable-gigabit-taps", "url": "https://conference.wireshark.org/sharkfest-24-eu/talk/VBHSF3/", "title": "Gotta catch 'em all! A field test of portable gigabit taps", "subtitle": "", "track": "Beginner", "type": "Short Presentation", "language": "en", "abstract": "Capturing packets on the road can be a challenge. Do you have access to the switch? Are you able to install Wireshark on the endpoints. What if one side says it sends packets, but the other side does not receive them. There are many situations in which a tap might be handy or needed to make a useful packet capture. In those cases, having a portable tap in your laptop bag is a life-saver.\r\n\r\nThere are a few portable USB powered gigabit Ethernet taps on the market that have different capabilities. I made an overview of available portable taps and reached out to vendors to supply me one for a thorough test. This presentation gives an overview of the portable gigabit taps on the market, their capabilities and how well they performed on the test-bench.", "description": "", "recording_license": "", "do_not_record": false, "persons": [{"code": "MZ9HCA", "name": "Sake Blok", "avatar": "https://conference.wireshark.org/media/avatars/profile-2025-400x400_hgdKmpu.png", "biography": "Sake has been analyzing packets for over 20 years. During his work, Sake started developing functionality for Wireshark while working with the analyzer in his day-to-day job. He also enhanced multiple protocol dissectors. In 2007, Sake joined the Wireshark Core Development team. In 2009, After working for a reseller of networking equipment for 8 years, he started the company SYN-bit to provide network analysis and training services to enterprises across Europe.", "public_name": "Sake Blok", "guid": "eeeda75a-cc6d-5a94-ba7c-2d3d6f14dd59", "url": "https://conference.wireshark.org/sharkfest-24-eu/speaker/MZ9HCA/"}], "links": [], "feedback_url": "https://conference.wireshark.org/sharkfest-24-eu/talk/VBHSF3/feedback/", "origin_url": "https://conference.wireshark.org/sharkfest-24-eu/talk/VBHSF3/", "attachments": []}]}}]}}}