2.0 -//Pentabarf//Schedule//EN PUBLISH HCSU3J@@conference.wireshark.org -HCSU3J Check-In & Badge Pick-Up + Breakfast en en 20240615T080000 20240615T090000 010000 Check-In & Badge Pick-Up + Breakfast PUBLIC CONFIRMED Organization https://conference.wireshark.org/sharkfest-24-us/talk/HCSU3J/ Potomac Ballroom Wireshark Foundation PUBLISH MSYLQX@@conference.wireshark.org -MSYLQX Pre-conference class I: Core Wireshark Skills for Network Engineers and Security Pros en en 20240615T090000 20240615T170000 080000 Pre-conference class I: Core Wireshark Skills for Network Engineers and Security Pros Throughout this course, we are going to look at real-world examples of how to practically use Wireshark to solve network problems and isolate cybersecurity incidents. This skill will help AllOps (NetOps, SecOps, DevOps) engineers to improve in their analysis and troubleshooting skills. Labs have been designed to give real-world, hands-on experience with protocols using Wireshark. While learning the art of packet analysis, we will also explore the Wireshark interface, configure custom columns, filters, and coloring rules, learning how to customize the layout so we can spot problems quickly. This course will give you comfort with the Wireshark interface and the experience you need to understand core protocols. In this course, we bring real-world examples to every lecture, exercise, and course assignment. We're not much of a slide-deck kind of instructors. Too boring. Our goal is to have your hands on the first pcap within 5 minutes of the first day and not let up until the final bell. So, you ready Packet People? Let's dig! PUBLIC CONFIRMED Pre Conference Class https://conference.wireshark.org/sharkfest-24-us/talk/MSYLQX/ Potomac Ballroom Chris Greer Ross Bagurdes PUBLISH HCSU3J@@conference.wireshark.org -HCSU3J Check-In & Badge Pick-Up + Breakfast en en 20240616T080000 20240616T090000 010000 Check-In & Badge Pick-Up + Breakfast PUBLIC CONFIRMED Organization https://conference.wireshark.org/sharkfest-24-us/talk/HCSU3J/ Potomac Ballroom Wireshark Foundation PUBLISH MSYLQX@@conference.wireshark.org -MSYLQX Pre-conference class I: Core Wireshark Skills for Network Engineers and Security Pros en en 20240616T090000 20240616T170000 080000 Pre-conference class I: Core Wireshark Skills for Network Engineers and Security Pros Throughout this course, we are going to look at real-world examples of how to practically use Wireshark to solve network problems and isolate cybersecurity incidents. This skill will help AllOps (NetOps, SecOps, DevOps) engineers to improve in their analysis and troubleshooting skills. Labs have been designed to give real-world, hands-on experience with protocols using Wireshark. While learning the art of packet analysis, we will also explore the Wireshark interface, configure custom columns, filters, and coloring rules, learning how to customize the layout so we can spot problems quickly. This course will give you comfort with the Wireshark interface and the experience you need to understand core protocols. In this course, we bring real-world examples to every lecture, exercise, and course assignment. We're not much of a slide-deck kind of instructors. Too boring. Our goal is to have your hands on the first pcap within 5 minutes of the first day and not let up until the final bell. So, you ready Packet People? Let's dig! PUBLIC CONFIRMED Pre Conference Class https://conference.wireshark.org/sharkfest-24-us/talk/MSYLQX/ Potomac Ballroom Chris Greer Ross Bagurdes PUBLISH HCSU3J@@conference.wireshark.org -HCSU3J Check-In & Badge Pick-Up + Breakfast en en 20240616T080000 20240616T090000 010000 Check-In & Badge Pick-Up + Breakfast PUBLIC CONFIRMED Organization https://conference.wireshark.org/sharkfest-24-us/talk/HCSU3J/ Great Falls Wireshark Foundation PUBLISH HCSU3J@@conference.wireshark.org -HCSU3J Check-In & Badge Pick-Up + Breakfast en en 20240617T080000 20240617T090000 010000 Check-In & Badge Pick-Up + Breakfast PUBLIC CONFIRMED Organization https://conference.wireshark.org/sharkfest-24-us/talk/HCSU3J/ Potomac Ballroom Wireshark Foundation PUBLISH XVAS3S@@conference.wireshark.org -XVAS3S Pre-conference class II: Wireshark Filtering Masterclass en en 20240617T090000 20240617T170000 080000 Pre-conference class II: Wireshark Filtering Masterclass PUBLIC CONFIRMED Pre Conference Class https://conference.wireshark.org/sharkfest-24-us/talk/XVAS3S/ Potomac Ballroom Sake Blok PUBLISH P8WPHS@@conference.wireshark.org -P8WPHS SharkFest'24 US Welcome Dinner & Sponsor Showcase en en 20240617T180000 20240617T203000 023000 SharkFest'24 US Welcome Dinner & Sponsor Showcase PUBLIC CONFIRMED Dinner https://conference.wireshark.org/sharkfest-24-us/talk/P8WPHS/ Potomac Ballroom Wireshark Foundation PUBLISH HCSU3J@@conference.wireshark.org -HCSU3J Check-In & Badge Pick-Up + Breakfast en en 20240617T080000 20240617T090000 010000 Check-In & Badge Pick-Up + Breakfast PUBLIC CONFIRMED Organization https://conference.wireshark.org/sharkfest-24-us/talk/HCSU3J/ Great Falls Wireshark Foundation PUBLISH GPQ8XB@@conference.wireshark.org -GPQ8XB Check-In & Badge Pick-Up en en 20240617T130000 20240617T180000 050000 Check-In & Badge Pick-Up PUBLIC CONFIRMED Organization https://conference.wireshark.org/sharkfest-24-us/talk/GPQ8XB/ Great Falls Wireshark Foundation PUBLISH HCSU3J@@conference.wireshark.org -HCSU3J Check-In & Badge Pick-Up + Breakfast en en 20240618T080000 20240618T090000 010000 Check-In & Badge Pick-Up + Breakfast PUBLIC CONFIRMED Organization https://conference.wireshark.org/sharkfest-24-us/talk/HCSU3J/ Potomac Ballroom Wireshark Foundation PUBLISH LKYCSK@@conference.wireshark.org -LKYCSK Keynote: "... So that's what we did! en en 20240618T090000 20240618T100000 010000 Keynote: "... So that's what we did! PUBLIC CONFIRMED Organization https://conference.wireshark.org/sharkfest-24-us/talk/LKYCSK/ Potomac Ballroom Gerald Combs PUBLISH YZ7JSH@@conference.wireshark.org -YZ7JSH Finding Duplications with Wireshark en en 20240618T101500 20240618T111500 010000 Finding Duplications with Wireshark When you troubleshoot or investigate network and security problems, duplications are good indicators to find the clues. We use Wireshark and CLI tools to find, recognize and dissect the network/security anomalies to solve the issues. Duplications exist in every layer in a trace file, so we follow each layer to check protocol-specified troubleshooting points. In this session, you can learn how to find duplications in each layer of a trace file, the meanings implied by duplications in the trace with TIPS and tricks of TIPS display filters and major plugins of Wireshark/tshark. We troubleshoot and investigate the issues using ARP/IP/TCP and major basic protocols. Duplications is one of the best anomalies to understand the packets. PUBLIC CONFIRMED Short Presentation https://conference.wireshark.org/sharkfest-24-us/talk/YZ7JSH/ Potomac Ballroom Megumi Takeshita PUBLISH JC79QQ@@conference.wireshark.org -JC79QQ 3GPP and me! A walk through of mobility en en 20240618T114500 20240618T124500 010000 3GPP and me! A walk through of mobility Look through a few key 3GPP docs that describe mobility call flow. Along with a couple packet walks through mobility events, and VoLTE. PUBLIC CONFIRMED Short Presentation https://conference.wireshark.org/sharkfest-24-us/talk/JC79QQ/ Potomac Ballroom Mark Stout PUBLISH 3TSNZP@@conference.wireshark.org -3TSNZP Using Wireshark to Solve Real Problems for Real People en en 20240618T140000 20240618T150000 010000 Using Wireshark to Solve Real Problems for Real People PUBLIC CONFIRMED Short Presentation https://conference.wireshark.org/sharkfest-24-us/talk/3TSNZP/ Potomac Ballroom Kary Rogers PUBLISH WEFE9J@@conference.wireshark.org -WEFE9J Gotta catch 'em all! A field test of portable gigabit taps en en 20240618T153000 20240618T163000 010000 Gotta catch 'em all! A field test of portable gigabit taps PUBLIC CONFIRMED Short Workshop https://conference.wireshark.org/sharkfest-24-us/talk/WEFE9J/ Potomac Ballroom Sake Blok PUBLISH YLHUXH@@conference.wireshark.org -YLHUXH Cloud doesn’t have Packets! en en 20240618T171500 20240618T181500 010000 Cloud doesn’t have Packets! PUBLIC CONFIRMED Short Presentation https://conference.wireshark.org/sharkfest-24-us/talk/YLHUXH/ Potomac Ballroom Stephen Donnelly PUBLISH QF3NMZ@@conference.wireshark.org -QF3NMZ Sponsor Technology Showcase Reception, Treasure Hunt & Dinner en en 20240618T183000 20240618T203000 020000 Sponsor Technology Showcase Reception, Treasure Hunt & Dinner PUBLIC CONFIRMED Dinner https://conference.wireshark.org/sharkfest-24-us/talk/QF3NMZ/ Potomac Ballroom PUBLISH HCSU3J@@conference.wireshark.org -HCSU3J Check-In & Badge Pick-Up + Breakfast en en 20240618T080000 20240618T090000 010000 Check-In & Badge Pick-Up + Breakfast PUBLIC CONFIRMED Organization https://conference.wireshark.org/sharkfest-24-us/talk/HCSU3J/ Great Falls Wireshark Foundation PUBLISH MAC3GH@@conference.wireshark.org -MAC3GH Real-world post-quantum TLS en en 20240618T101500 20240618T111500 010000 Real-world post-quantum TLS PUBLIC CONFIRMED Short Presentation https://conference.wireshark.org/sharkfest-24-us/talk/MAC3GH/ Great Falls Peter Wu PUBLISH Q97GAJ@@conference.wireshark.org -Q97GAJ Monitoring and Troubleshooting Without Packet Traces en en 20240618T114500 20240618T124500 010000 Monitoring and Troubleshooting Without Packet Traces PUBLIC CONFIRMED Short Presentation https://conference.wireshark.org/sharkfest-24-us/talk/Q97GAJ/ Great Falls Chris Hull PUBLISH FA7AET@@conference.wireshark.org -FA7AET Bake your own Pi: Building a TLS Decrypting Wireless Traffic Sniffer en en 20240618T140000 20240618T150000 010000 Bake your own Pi: Building a TLS Decrypting Wireless Traffic Sniffer PUBLIC CONFIRMED Short Presentation https://conference.wireshark.org/sharkfest-24-us/talk/FA7AET/ Great Falls Ross Bagurdes PUBLISH MNZ3XQ@@conference.wireshark.org -MNZ3XQ Wireshark plus Advanced Analytics – Better Together (2 part session) en en 20240618T153000 20240618T170000 013000 Wireshark plus Advanced Analytics – Better Together (2 part session) Join us for a troubleshooting deep dive into solving a difficult problem occurring within Webex login from 2018, known as the 98% hang condition. We’ll showcase how the partnership of Wireshark and Advanced Analytics can be leveraged to quickly isolate the fault domain. Captures will be provided for use during the session. Session is half presentation and half hands-on lab with Wireshark. PUBLIC CONFIRMED Short Workshop https://conference.wireshark.org/sharkfest-24-us/talk/MNZ3XQ/ Great Falls John Pittle PUBLISH MNZ3XQ@@conference.wireshark.org -MNZ3XQ Wireshark plus Advanced Analytics – Better Together (2 part session) en en 20240618T171500 20240618T181500 010000 Wireshark plus Advanced Analytics – Better Together (2 part session) Join us for a troubleshooting deep dive into solving a difficult problem occurring within Webex login from 2018, known as the 98% hang condition. We’ll showcase how the partnership of Wireshark and Advanced Analytics can be leveraged to quickly isolate the fault domain. Captures will be provided for use during the session. Session is half presentation and half hands-on lab with Wireshark. PUBLIC CONFIRMED Short Workshop https://conference.wireshark.org/sharkfest-24-us/talk/MNZ3XQ/ Great Falls John Pittle PUBLISH XUGLCD@@conference.wireshark.org -XUGLCD Panel Discussion: Steering the Wireshark project into the future en en 20240619T090000 20240619T100000 010000 Panel Discussion: Steering the Wireshark project into the future PUBLIC CONFIRMED Organization https://conference.wireshark.org/sharkfest-24-us/talk/XUGLCD/ Potomac Ballroom Roland Knall PUBLISH 7VVHAW@@conference.wireshark.org -7VVHAW Enhancing Wi-Fi Networks with AI: A Deep Dive into Machine Learning for Wi-Fi Health Checks en en 20240619T101500 20240619T114500 013000 Enhancing Wi-Fi Networks with AI: A Deep Dive into Machine Learning for Wi-Fi Health Checks Incorporating AI into Wi-Fi health monitoring is vital for sustaining robust connectivity, essential for remote work, online learning, telehealth services, and digital entertainment in homes. Improved Wi-Fi network performance and reliability lead to enhanced productivity and satisfaction across various societal sectors and family environments. By minimizing network disruptions, ML-driven Wi-Fi Health Checks contribute to a seamless digital experience, supporting the ever-increasing reliance on Internet connectivity in both public and private spheres. <b>Outcomes: </b> Participants will gain practical experience with ML models and techniques for analyzing and optimizing Wi-Fi networks. They will: - Understand case studies demonstrating the successful application of ML in boosting Wi-Fi network efficiency and reliability. - Learn to identify relevant Wi-Fi network features to detect interference and congestion. - Analyze data and metrics to make strategic decisions for network improvement. - Apply ML algorithms to detect a decrease in the quality of experience for network users. After completing the course, attendees will possess a good understanding of the application of machine learning in improving Wi-Fi network health and performance across different environments. They will receive a certificate of completion. <b>Prerequisites: </b> - Basic knowledge of Python and Python libraries management (pip) - Internet connection during the course - A Google Colab account PUBLIC CONFIRMED Restricted Workshop (requires registration for attending) https://conference.wireshark.org/sharkfest-24-us/talk/7VVHAW/ Potomac Ballroom Murat Bilgic PUBLISH ULCCTM@@conference.wireshark.org -ULCCTM Will QUIC Kill TCP? en en 20240619T120000 20240619T130000 010000 Will QUIC Kill TCP? Will QUIC kill TCP? Let's find out why this new protocol was needed and what challenges it helps to overcome. In this hands on session, we will decrypt QUIC and dig into how it ensures reliable delivery of data, while mitigating some of the challenges presented by TCP in modern networks. Beginners welcome. You know the deal, just bring a copy of Wireshark! PUBLIC CONFIRMED Short Presentation https://conference.wireshark.org/sharkfest-24-us/talk/ULCCTM/ Potomac Ballroom Chris Greer PUBLISH 7HSVER@@conference.wireshark.org -7HSVER The Packet Doctors are in! Packet trace examinations with the experts en en 20240619T140000 20240619T153000 013000 The Packet Doctors are in! Packet trace examinations with the experts PUBLIC CONFIRMED Long Workshop https://conference.wireshark.org/sharkfest-24-us/talk/7HSVER/ Potomac Ballroom Jasper Bongertz Ross Bagurdes Sake Blok PUBLISH XZ8YJY@@conference.wireshark.org -XZ8YJY Filters from a novice; Back to the Basics en en 20240619T154500 20240619T164500 010000 Filters from a novice; Back to the Basics PUBLIC CONFIRMED Short Presentation https://conference.wireshark.org/sharkfest-24-us/talk/XZ8YJY/ Potomac Ballroom Karinne Bessette Kirsten Stoner PUBLISH KBGMWL@@conference.wireshark.org -KBGMWL Smart Networks: Automating Analysis and Troubleshooting with AI Chatbots en en 20240619T170000 20240619T174500 004500 Smart Networks: Automating Analysis and Troubleshooting with AI Chatbots Join us at SharkFest US for a focused session on leveraging Python scripting and AI-driven chatbots to revolutionize network troubleshooting and analysis. This presentation is crafted for network engineers at all levels - from those frequently addressing basic user queries to experts analyzing complex network issues. **Key Highlights:** - **Python Scripting for Network Analysis:** Discover how to automate the analysis of network traffic with Python, simplifying the identification of issues and enhancing network performance monitoring. - **AI-Driven Chatbots for Troubleshooting:** Learn about the creation and deployment of an AI chatbot designed to field common network-related questions. This tool aids in reducing the workload on engineers by providing quick, accurate responses to user inquiries, from simple connectivity issues to advanced network diagnostics. - **Accessibility and Simplicity:** Our approach emphasizes ease of use, making these advanced troubleshooting tools accessible to engineers regardless of their coding background. The session aims to demystify the integration of AI and network analysis, showcasing practical applications that can be implemented immediately. - **Resources Provided:** All attendees will receive comprehensive access to the code and scripts demonstrated during the talk, allowing for easy implementation and customization in their own network environments. This session is a must-attend for network professionals seeking to enhance their troubleshooting capabilities with the latest advancements in technology. Whether you're looking to streamline your workflow, reduce response times to user queries, or deepen your network analysis, this talk will provide valuable insights and practical tools to elevate your network management strategy. **Join us to transform your approach to network troubleshooting and security with AI and Python.** PUBLIC CONFIRMED Long Workshop https://conference.wireshark.org/sharkfest-24-us/talk/KBGMWL/ Potomac Ballroom Roland Knall PUBLISH RDCTBH@@conference.wireshark.org -RDCTBH Wireshark Foundation Sponsorships en en 20240619T174500 20240619T181500 003000 Wireshark Foundation Sponsorships PUBLIC CONFIRMED Short Presentation https://conference.wireshark.org/sharkfest-24-us/talk/RDCTBH/ Potomac Ballroom Roland Knall Gerald Combs Sheri Najafi PUBLISH MGTV3M@@conference.wireshark.org -MGTV3M Sponsor Technology Showcase & Dinner en en 20240619T183000 20240619T203000 020000 Sponsor Technology Showcase & Dinner PUBLIC CONFIRMED Dinner https://conference.wireshark.org/sharkfest-24-us/talk/MGTV3M/ Potomac Ballroom PUBLISH YGHKAM@@conference.wireshark.org -YGHKAM TCP Retransmissions - How many is "too" many? en en 20240619T101500 20240619T111500 010000 TCP Retransmissions - How many is "too" many? Bring your laptops! This talk will be an interactive analysis of anonymized pcap files from real client cases. Walk away with insights to pinpoint the root cause of packet loss and the accompanying slowdowns. Please download my TCP profile from https://gitlab.com/WiresharkProfiles/profiles and add it to your Wireshark. How to instructions are on the page. Thanks! PUBLIC CONFIRMED Short Workshop https://conference.wireshark.org/sharkfest-24-us/talk/YGHKAM/ Great Falls Betty DuBois PUBLISH YJZGZG@@conference.wireshark.org -YJZGZG Passive Fingerprinting Methods for IoT Profiling en en 20240619T114500 20240619T124500 010000 Passive Fingerprinting Methods for IoT Profiling The Internet of Things (IoT) has revolutionized the way we live and work, but it has also created significant challenges for network security and asset management. Most businesses have a blind spot when it comes to IoT devices, which creates an opportunity for attackers. Lacking sufficient visibility and control, these devices provide an easy and inconspicuous way for attackers to infiltrate a network. With a vast array of devices, identifying what devices are running in the network has become a critical issue for organizations. Software agents have been the standard way to collect this information, but for embedded and IoT devices, it’s not always possible to install them. An effective solution to this problem lies in passive fingerprinting, which involves matching uniquely identifying patterns in the host’s network traffic and classifying it accordingly. In this talk, we will explore how various protocols from different layers of the OSI model can be used to provide information about the device and its operating system. Attendees can expect to gain valuable insights into the practical application of this technique and how it can enhance their organization’s security posture. PUBLIC CONFIRMED Short Presentation https://conference.wireshark.org/sharkfest-24-us/talk/YJZGZG/ Great Falls Asaf Fried PUBLISH UJRMED@@conference.wireshark.org -UJRMED Dissector developer design notes en en 20240619T154500 20240619T164500 010000 Dissector developer design notes As a core developer I get to see a lot of dissector code, in the form of merge requests, during investigation of bugs, or written by myself. While working on this code I often come across designs which are not optimal for the purpose they serve. This may have to do with the use of poor examples, missing insight into how the packet dissection process really works or lack of understanding of the protocols at hand. Either way more knowledge and insight will hopefully help you to create better dissectors. PUBLIC CONFIRMED Short Presentation https://conference.wireshark.org/sharkfest-24-us/talk/UJRMED/ Great Falls Jaap Keuter PUBLISH 8HHHRQ@@conference.wireshark.org -8HHHRQ An API-Driven approach to automating packet captures in cloud-native systems en en 20240619T170000 20240619T180000 010000 An API-Driven approach to automating packet captures in cloud-native systems Step-by-Step Workflow: 1. Detection: Falco, designed specifically for cloud-native environments like Kubernetes, monitors the environment for suspicious activity and potential threats. It is finely tuned to understand Kubernetes' context, making it adept at spotting Indicators of Compromise (IoCs). Let’s say, for example, it triggers a detection for specific anomalous network traffic to a C2 server or botnet endpoints. 2. Automating tshark: Upon detection of an IoC, Falco sends a webhook to the Falco Talon backend. Talon has many no-code response actions, but one of these actions allows users to trigger arbitrary scripts. This trigger can be context-aware from the metadata associated with the Falco alert, allowing for a tshark command to be automatically initiated with metadata context specific to the incident. 3. Contextual Packet Capturing: Finally, a PCAP file is generated for a few seconds with tailored context. In the case of a suspicious TCP traffic alert from Falco, we can filter tshark command for just TCP activity. In the case of a botnet endpoint detection, let’s track all traffic filtered specifically to/from that botnet endpoint. Falco Talon in each of these scenarios initiates a tshark capture tailored to the exact network context of the alert. This means capturing traffic only from the relevant pod, container, or process implicated in active security incidents. 4. Improved Analysis: Finally, the captured data is then immediately available for deeper analysis, providing security teams with the precise information needed to respond effectively to the incident. This is valuable for Digital Forensics & Incident Response (DFIR) efforts, but also in maintaining regulatory compliance by logging context specific to security incidents in production. PUBLIC CONFIRMED Short Presentation https://conference.wireshark.org/sharkfest-24-us/talk/8HHHRQ/ Great Falls Nigel Douglas PUBLISH SB3MX9@@conference.wireshark.org -SB3MX9 SharkBytes en en 20240620T090000 20240620T100000 010000 SharkBytes PUBLIC CONFIRMED Organization https://conference.wireshark.org/sharkfest-24-us/talk/SB3MX9/ Potomac Ballroom Wireshark Foundation PUBLISH XJEPRA@@conference.wireshark.org -XJEPRA Get comfy with TCP handshakes en en 20240620T101500 20240620T111500 010000 Get comfy with TCP handshakes PUBLIC CONFIRMED Short Presentation https://conference.wireshark.org/sharkfest-24-us/talk/XJEPRA/ Potomac Ballroom Chris Greer PUBLISH 7XHY9S@@conference.wireshark.org -7XHY9S Advanced TCP Troubleshooting en en 20240620T114500 20240620T124500 010000 Advanced TCP Troubleshooting PUBLIC CONFIRMED Short Presentation https://conference.wireshark.org/sharkfest-24-us/talk/7XHY9S/ Potomac Ballroom Jasper Bongertz PUBLISH 8ERDZL@@conference.wireshark.org -8ERDZL Closing Remarks and Farewell reception en en 20240620T130000 20240620T150000 020000 Closing Remarks and Farewell reception PUBLIC CONFIRMED Organization https://conference.wireshark.org/sharkfest-24-us/talk/8ERDZL/ Potomac Ballroom PUBLISH CUEN3E@@conference.wireshark.org -CUEN3E Using Packets to Guide Server Optimization en en 20240620T101500 20240620T111500 010000 Using Packets to Guide Server Optimization The internet operates using standards, and these standards were developed, debated, and ratified with the entirety of the internet in mind. But are these standards ideal for your environment? The largest internet companies tune their servers to operate best in the environments they maintain. That tight control lets them reduce application response times even when latency might be high. We will use packet captures to identify application traffic patterns and active network conditions, and we’ll explore options to customize how servers put data on the network to fit the application and the network. Slides and captures available on Github: https://github.com/je-clark/sf24us_infrastructure_optimization PUBLIC CONFIRMED Short Presentation https://conference.wireshark.org/sharkfest-24-us/talk/CUEN3E/ Great Falls Josh Clark PUBLISH XQG3XN@@conference.wireshark.org -XQG3XN Three-dimensional display filters with MATE en en 20240620T114500 20240620T124500 010000 Three-dimensional display filters with MATE A recent Discord question: "where the Time column's exact same value repeats at least 10 times" Could be done with TShark fields piped to `sort` and `uniq -c` then check for values >= 10. Or a half-dozen lines of MATE config and a display filter of `mate.frame_ses.NumOfPdus >= 10`. The future may be LUA, but MATE still exists. MATE config files are often a single screen of code. Knowing when to walk away and write a Lua script is the tough part. Hopefully you will see just enough useful examples in this session so that in the future you might attempt filtering with MATE. PUBLIC CONFIRMED Short Workshop https://conference.wireshark.org/sharkfest-24-us/talk/XQG3XN/ Great Falls Chuck Craft