SharkFest'24 US
Check in for your conference classes
Wireshark can be intimidating.
We remember how it felt when we first started looking at a trace file with Wireshark. Questions started flooding into our minds:
What should I look for?
Where do I start?
How can I find the packets that matter?
What filters should I use?
What is "normal" and what can I ignore in all this data?
I froze under the weight of all the detail in the packets. If you have ever felt that way when looking at a pcap, this is the course for you!
Check in for your conference classes
Check in for your conference classes
Wireshark can be intimidating.
We remember how it felt when we first started looking at a trace file with Wireshark. Questions started flooding into our minds:
What should I look for?
Where do I start?
How can I find the packets that matter?
What filters should I use?
What is "normal" and what can I ignore in all this data?
I froze under the weight of all the detail in the packets. If you have ever felt that way when looking at a pcap, this is the course for you!
Check in for your conference classes
Check in for your conference classes
The filtering capabilities in Wireshark are very flexible and powerful and have been significantly enhanced with the release of Wireshark 4.0. In this masterclass, your filtering skills will be taken to the next level. We will start with the basic operators and work our way through the more advanced filtering techniques like how to use display filter macros, dynamic filters (in combination with filter buttons), filtering arithmetics, regular expressions, etc. There will also be a comparison with using (advanced) BPF filters for filtering while capturing or post-processing pcap files.
Check in and pick up your badge
Let's kick off the conference in style
Check in for your conference classes
Check in for your conference classes
Gerald Combs & Friends talk about the new developments over the past year
Duplication tells us the key to troubleshoot the problems.
Quantum computers are coming which may break the security of existing TLS communications. Therefore we need post-quantum (PQ) cryptography to secure the new world. In this session, we will go over the basic flow of a TLS session, and compare various configurations (TLS 1.2, TLS 1.3, TLS 1.3 with PQ). We will also discuss how we can use Wireshark to study real-world traffic on the public Internet. Since TLS is encrypted, we will also go over methods to enable TLS decryption.
We'll review LTE, and 5G network structure, and some unique protocols that support mobility services.
"Packets Never Lie" has been a phrase that I have lived by for many years, and the ability to tease out root causes of application and network issues with packet data has been a key to my career. But with the move to more data in the cloud and [S,A,I,N]aaS deployments, the ability to capture or monitor at the packet level has been curtailed. I have been working on multiple efforts to obtain key data about network-related incidents and behavior from other sources, primarily from log sources. Proxy, firewall, VPN, application and the more elusive cloud and SAAS logs have all provided insight into network health and fed into incident support. In this presentation, I will share how I have used proxy logs to measure ongoing RTT, VPN logs to measure network hiccups, firewall logs to measure connectivity failures and cloud flow logs to identify security configuration errors. How to trust these data sources? Validation of these approaches with packet traces and Wireshark.
Ever struggled with capturing traffic from your mobile device or felt stumped by encrypted applications? Dive into this comprehensive session to build your very own wired or wireless traffic sniffer using a Raspberry Pi.
In this engaging workshop, you'll explore:
• Selecting the ideal Raspberry Pi hardware and components.
• Choosing the best Raspbian OS versions.
• Building proper interface and routing configurations.
• Setting up a wireless AP.
• Generating and installing certificates.
• Setting up a TLS proxy to export session keys.
• Connecting devices to capture their traffic.
• Limitations of the device and configuration.
• Addressing critical security and privacy considerations associated with the device.
Walk away with the confidence and knowledge to construct a wireless capture device, granting you the power to decrypt and troubleshoot applications with ease(results may vary)
Real-world packet analysis case studies. Stop banging your head on your desk trying to find root cause and solve performance problems. The answers are in the packets and this session will show you step-by-step in Wireshark how to solve real world case studies that had stumped others. Be the hero!
Capturing packets on the road can be a challenge. Do you have access to the switch? Are you able to install Wireshark on the endpoints. What if one side says it sends packets, but the other side does not receive them. There are many situations in which a tap might be handy or needed to make a useful packet capture. In those cases, having a portable tap in your laptop bag is a life-saver.
There are a few portable USB powered gigabit Ethernet taps on the market that have different capabilities. I made an overview of available portable taps and reached out to vendors to supply me one for a thorough test. This presentation gives an overview of the portable gigabit taps on the market, their capabilities and how well they performed on the test-bench.
Real life troubleshooting a difficult 3rd party software performance issue with using Wireshark and Advanced Analytics
It’s easy to laugh at the apocryphal executive quote “Cloud doesn’t have Packets!”, but is there something more to it? What might they have meant?
What are the differences between traditional On-premise and Cloud networking and architectures, and what does this tell us about attitudes towards network based security and trouble-shooting?
In this talk we will look at how Cloud differs from On-prem networking, what common Cloud architectures look like, and how they can confound established practice. We will review options for Packet Capture and network based tools in Cloud compared to On-prem environments, and discuss whether it is practical, beneficial, and necessary.
Real life troubleshooting a difficult 3rd party software performance issue with using Wireshark and Advanced Analytics
Join us for a fun night with an opportunity to enjoin wonderful conversations and win some nice gadgets!
Come join us for an engaging discussion about the future of our small little project
This course instructs participants on how to conduct Wi-Fi Health Checks using machine learning (ML). It explores AI and ML technologies tailored for enhancing Wi-Fi network health, addressing issues like interference and congestion. Integrating AI into Wi-Fi monitoring sustains robust connectivity crucial for remote work, online learning, and digital entertainment. Participants gain practical experience in ML techniques for network analysis and optimization. Prerequisites include basic Python knowledge and Internet connectivity. Upon completion, attendees will possess a comprehensive understanding of ML's application in improving Wi-Fi network health.
Some packet loss is expected, but how do you define "some"? This talk examines the characteristics of expected loss due to signal interference or router queue drops, versus excessive retransmissions indicating deeper issues.
- Practice with a "normal" TCP stream which has slight packet loss. How long should it take, and what are those darn Dup ACK's?
- Identifying the source of excessive retransmissions - your network or theirs?
- Retransmissions of specific packet types within TCP streams. Is it always or only sometimes?
- High retransmission counts in a pcap captured within a building, yet the switches and routers report no errors. What could cause that?
By analyzing real-world examples, you'll gain a detailed understanding of TCP retransmission patterns, learn to distinguish "normal" from "excessive", and troubleshoot accordingly.
The Internet of Things (IoT) has revolutionized the way we live and work, but it has also created significant challenges for network security and asset management. Most businesses have a blind spot when it comes to IoT devices, which creates an opportunity for attackers. Lacking sufficient visibility and control, these devices provide an easy and inconspicuous way for attackers to infiltrate a network.
With a vast array of devices, identifying what devices are running in the network has become a critical issue for organizations. Software agents have been the standard way to collect this information, but for embedded and IoT devices, it’s not always possible to install them. An effective solution to this problem lies in passive fingerprinting, which involves matching uniquely identifying patterns in the host’s network traffic and classifying it accordingly.
Let's tinker with this new protocol and learn about how it works.
The experts on this panel have been asked to look at a trace file and help find a reason for certain behaviors by attendees at many SharkFests. Based on this, they’ve decided to create a public forum for examining individual trace files with a broader audience for a collective learning experience. Trace files will be gathered from attendees prior to SharkFest and only given to the panel members during the session so that the “not-knowing what to expect and whether it can be solved” experience of working through an unknown trace file can be preserved.
Come to this session and learn to ask the right questions and look at packets in different ways.
PLEASE SEND PERPLEXING TRACE FILES FOR ANALYSIS BY THE PANEL TO [email protected] PRIOR TO SHARKFEST!
In this talk we'll go over lots of the details that dissector developers have to contend with. Not only will we touch on some of the Epan APIs available to us, but we will go behind the API's and discuss the way of thinking about packet dissection design. Here we may discover wisdoms which are not only important to dissector developers, but for software development in general.
Even though in this talk we will focus on development of C code, Lua dissector developers may take away some deeper insights as well.
Do you know what traffic is making its way to your application server? Organizations often manage multiple applications across their networks, but without the proper oversight, these applications can inadvertently create security risks and data sprawl. In this session, we will explore how Wireshark can help maintain hygiene by using filters and profiles. Learn how to apply what you find to improve documentation, gain visibility into change management, and help mitigate security threats
In Kubernetes, the management and analysis of network traffic is complicated by the transient nature of containers and the complex architecture of Kubernetes elements such as pods, deployments, and services. Traditional tools like Wireshark, while robust, often fail to effectively navigate these intricacies, capturing excessive and irrelevant data that we call "noise."
In this presentation, we will explore how Falco, a cloud-native detection engine, integrated with Falco Talon, a specialised response engine designed for the open-source Falco community, can streamline this process.
We'll show how this open-source proof-of-concept enables the automatic initiation of tshark captures directly in response to security alerts triggered by Falco in environments like containers and Kubernetes, which typically do not support interactive GUIs.
In this SharkFest US talk, we'll cover how to use Python and open-source language models with Wireshark for network troubleshooting. We'll focus on automating packet capture analysis, using language models for anomaly detection, and creating a chatbot to answer common network questions. The talk includes live demos showing how these tools can simplify network analysis and troubleshooting. This session is aimed at providing practical skills for improving network management and security with advanced technology.
How can we better create sponsorship opportunities and help you communicate those better
Sponsor Technology Showcase, Reception & Dinner
SharkBytes consist of “little crunchy bits of wisdom.” Like popular TED talks, SharkBytes aim to inform, inspire, surprise, and delight by delivering a speech on a personal topic in under 5 minutes.
Information and a review of past SharkByte presentations can be found https://sharkfest.wireshark.org/sharkbytes
Email us your SharkByte session idea: [email protected]
Get comfortable taking apart a TCP handshake and learn how to catch the most common issues
Using packet captures as a feedback mechanism, we will explore how to tune your server environment to both application requirements and network conditions
Analyzing TCP connection is the most common task a network analyst has to perform. And even though tracking sequence numbers, packet loss and generally understanding the TCP handshake and teardown can be tricky as well many analysts know how to deal with those steps. But sometimes you need to analyze complex situations and figure out what is going on, for example look at packet timing or troubleshooting an issue with less than ideal capture results. In this talk we'll look at techniques that can help and of course look at some example traces.
"MATE’s goal is to enable users to filter frames based on information extracted from related frames or information on how frames relate to each other."
Wireshark display filters are great when looking at individual packets.
MATE allows filtering using fields from more than one packet to create a filtered list of packets.
This will be a workshop format, solving a problem in steps using MATE.
In the cases where MATE needs just a little extra we will look at adding a Lua script to the solution.
Closing Remarks and Farewell reception