06-20, 11:45–12:45 (America/New_York), Potomac Ballroom
Analyzing TCP connection is the most common task a network analyst has to perform. And even though tracking sequence numbers, packet loss and generally understanding the TCP handshake and teardown can be tricky as well many analysts know how to deal with those steps. But sometimes you need to analyze complex situations and figure out what is going on, for example look at packet timing or troubleshooting an issue with less than ideal capture results. In this talk we'll look at techniques that can help and of course look at some example traces.
Jasper Bongertz is a network security expert with focus on network forensics and incident response at Airbus Defence and Space CyberSecurity. He started working freelance in 1992 while he was studying computer science at the Technical University of Aachen. In 2009, Jasper became a Senior Consultant and Trainer for Fast Lane, where he created a large training portfolio with a special focus on Wireshark and network hacking. In 2013, he joined Airbus Defence and Space CyberSecurity, before moving on to G Data Advanced Analytics in 2019 where he is now the head of the CyberSecurity Incident Response Team (CSIRT).
Jasper is the creator of the packet analysis tool TraceWrangler, which can be used to convert, edit and sanitize PCAP files. His blog regarding network analysis, network forensics and general security topics can be found at blog.packet-foo.com.