Jasper Bongertz
Jasper Bongertz is a network security expert with focus on network forensics and incident response at Airbus Defence and Space CyberSecurity. He started working freelance in 1992 while he was studying computer science at the Technical University of Aachen. In 2009, Jasper became a Senior Consultant and Trainer for Fast Lane, where he created a large training portfolio with a special focus on Wireshark and network hacking. In 2013, he joined Airbus Defence and Space CyberSecurity, before moving on to G Data Advanced Analytics in 2019 where he is now the head of the CyberSecurity Incident Response Team (CSIRT).
Jasper is the creator of the packet analysis tool TraceWrangler, which can be used to convert, edit and sanitize PCAP files. His blog regarding network analysis, network forensics and general security topics can be found at blog.packet-foo.com.
Sessions
The experts on this panel have been asked to look at a trace file and help find a reason for certain behaviors by attendees at many SharkFests. Based on this, they’ve decided to create a public forum for examining individual trace files with a broader audience for a collective learning experience. Trace files will be gathered from attendees prior to SharkFest and only given to the panel members during the session so that the “not-knowing what to expect and whether it can be solved” experience of working through an unknown trace file can be preserved.
Come to this session and learn to ask the right questions and look at packets in different ways.
PLEASE SEND PERPLEXING TRACE FILES FOR ANALYSIS BY THE PANEL TO [email protected] PRIOR TO SHARKFEST!
Analyzing TCP connection is the most common task a network analyst has to perform. And even though tracking sequence numbers, packet loss and generally understanding the TCP handshake and teardown can be tricky as well many analysts know how to deal with those steps. But sometimes you need to analyze complex situations and figure out what is going on, for example look at packet timing or troubleshooting an issue with less than ideal capture results. In this talk we'll look at techniques that can help and of course look at some example traces.