{"$schema": "https://c3voc.de/schedule/schema.json", "generator": {"name": "pretalx", "version": "2025.2.2"}, "schedule": {"url": "https://conference.wireshark.org/sharkfest-25-europe-2025/schedule/", "version": "0.39", "base_url": "https://conference.wireshark.org", "conference": {"acronym": "sharkfest-25-europe-2025", "title": "SharkFest'25 EUROPE", "start": "2025-11-03", "end": "2025-11-07", "daysCount": 5, "timeslot_duration": "00:05", "time_zone_name": "Europe/Warsaw", "colors": {"primary": "#672fc6"}, "rooms": [{"name": "Grand Ballroom Salons AB", "slug": "9-grand-ballroom-salons-ab", "guid": "253b4214-1e2a-5850-949c-0b8a9292b758", "description": "Plenary Room", "capacity": null}, {"name": "Grand Ballroom Salons CDE", "slug": "10-grand-ballroom-salons-cde", "guid": "d89863ae-3316-5419-babb-84355d4133c9", "description": "2nd Session Room", "capacity": 80}], "tracks": [{"name": "Beginner", "slug": "23-beginner", "color": "#00AB9B"}, {"name": "Intermediate", "slug": "24-intermediate", "color": "#2B9ECF"}, {"name": "Expert / Developer", "slug": "25-expert-developer", "color": "#9D6DEC"}, {"name": "Security", "slug": "26-security", "color": "#72B406"}, {"name": "A.I.", "slug": "27-ai", "color": "#E60757"}, {"name": "Pre-conference class", "slug": "28-pre-conference-class", "color": "#0C590D"}, {"name": "Organization", "slug": "29-organization", "color": "#3C8BC4"}], "days": [{"index": 1, "date": "2025-11-03", "day_start": "2025-11-03T04:00:00+01:00", "day_end": "2025-11-04T03:59:00+01:00", "rooms": {"Grand Ballroom Salons AB": [{"guid": "0dbfcb98-d989-5eaa-9cdb-882ebed86fe2", "code": "RKPHN8", "id": 137, "logo": null, "date": "2025-11-03T09:00:00+01:00", "start": "09:00", "duration": "08:00", "room": "Grand Ballroom Salons AB", "slug": "sharkfest-25-europe-2025-137-0-pre-conference-class-i-essential-wireshark-skills-practical-packet-analysis-2-day-class", "url": "https://conference.wireshark.org/sharkfest-25-europe-2025/talk/RKPHN8/", "title": "Pre-conference class I: Essential Wireshark Skills: Practical Packet Analysis (2-day class)", "subtitle": "", "track": "Pre-conference class", "type": "Pre Conference Class", "language": "en", "abstract": "Level up your Wireshark skills and get ready for Sharkfest! This hands-on course will provide core Wireshark skills for IT pros of all experience levels. Participants will gain a solid understanding of how to use Wireshark to capture, analyze, and troubleshoot network traffic. The course is designed with beginners in mind, but even seasoned packet people will pick up new tips and tricks.", "description": "Topics Covered:\r\n\r\nIntroduction to network analysis and the role of Wireshark\r\nInstalling and configuring Wireshark\r\nAnalyzing captured packets, understanding protocol structures, and identifying network issues\r\nUtilizing powerful filtering techniques to isolate specific traffic and find the packets that matter\r\nDeep Dive into ARP, IP, ICMP, DNS, DHCP, TCP, UDP, QUIC, HTTP, TLS, and much more!\r\nWorking with command-line tools like TShark", "recording_license": "", "do_not_record": true, "persons": [{"code": "LVXUVN", "name": "Ross Bagurdes", "avatar": "https://conference.wireshark.org/media/avatars/Bagurdes_Headshot_SjVuW0O.jpeg", "biography": "Ross has had a diverse career in engineering, beginning as a structural engineer, then project engineer for a gas utility, Ross was always quickly\r\nassigned the de-facto network administrator, typically after no one else was brave enough to break, and later fix, the network. This lead to working as a network engineer designing and implementing enterprise networks for a major university hospital. Here he worked with\r\nExtreme Networks, HP, Cisco, Tipping Point, among other network technology, as well as honed his Wireshark and protocol analysis skills. Ross\r\nspent 7 years teaching data networking at Madison College, and in 2017 started authoring and producing IT training videos in Wireshark/Protocol\r\nAnalysis, Cisco, and general networking topics for www.Pluralsight.com. In his free time, you'll find Ross and his dog at the beach swimming and\r\nsurfing, traveling, hiking, or snowboarding somewhere in the western US.", "public_name": "Ross Bagurdes", "guid": "0def5250-101e-527e-a22d-2ffc2ecf9ad9", "url": "https://conference.wireshark.org/sharkfest-25-europe-2025/speaker/LVXUVN/"}], "links": [], "feedback_url": "https://conference.wireshark.org/sharkfest-25-europe-2025/talk/RKPHN8/feedback/", "origin_url": "https://conference.wireshark.org/sharkfest-25-europe-2025/talk/RKPHN8/", "attachments": []}], "Grand Ballroom Salons CDE": [{"guid": "5ca4be84-2f32-5967-8c6c-889fa4f652e7", "code": "D8UHZY", "id": 145, "logo": null, "date": "2025-11-03T09:00:00+01:00", "start": "09:00", "duration": "08:00", "room": "Grand Ballroom Salons CDE", "slug": "sharkfest-25-europe-2025-145-pre-conference-class-ii-tcp-analysis-masterclass", "url": "https://conference.wireshark.org/sharkfest-25-europe-2025/talk/D8UHZY/", "title": "Pre-conference class II: TCP Analysis Masterclass", "subtitle": "", "track": "Pre-conference class", "type": "Pre Conference Class", "language": "en", "abstract": "Analyzing TCP connections is one of the biggest topics in network analysis in general, especially when troubleshooting applications or even multi-tiered deployments of servers. How TCP works and detecting problems is one of the 'easy to learn, hard to master' skills that is always in demand. Most Wireshark classes only touch the basics and do not go into the more complex scenarios, especially when it comes to multi point captures to track packet loss and timing issues. In this masterclass you will learn how to troubleshoot TCP in seemingly simple as well as complex and quite challenging cases.", "description": "", "recording_license": "", "do_not_record": false, "persons": [{"code": "JJLHFE", "name": "Jasper Bongertz", "avatar": "https://conference.wireshark.org/media/avatars/32db88b741fd066a3afc295884850482_KxKZwQ8.jpg", "biography": "Jasper Bongertz is a network security expert with focus on network forensics and incident response at Airbus Defence and Space CyberSecurity. He started working freelance in 1992 while he was studying computer science at the Technical University of Aachen. In 2009, Jasper became a Senior Consultant and Trainer for Fast Lane, where he created a large training portfolio with a special focus on Wireshark and network hacking. In 2013, he joined Airbus Defence and Space CyberSecurity, before moving on to G Data Advanced Analytics in 2019 where he is now the head of the CyberSecurity Incident Response Team (CSIRT).\r\n\r\nJasper is the creator of the packet analysis tool TraceWrangler, which can be used to convert, edit and sanitize PCAP files. His blog regarding network analysis, network forensics and general security topics can be found at blog.packet-foo.com.", "public_name": "Jasper Bongertz", "guid": "01090920-dcf6-5bfc-8ce9-c09dfc5e857c", "url": "https://conference.wireshark.org/sharkfest-25-europe-2025/speaker/JJLHFE/"}], "links": [], "feedback_url": "https://conference.wireshark.org/sharkfest-25-europe-2025/talk/D8UHZY/feedback/", "origin_url": "https://conference.wireshark.org/sharkfest-25-europe-2025/talk/D8UHZY/", "attachments": []}]}}, {"index": 2, "date": "2025-11-04", "day_start": "2025-11-04T04:00:00+01:00", "day_end": "2025-11-05T03:59:00+01:00", "rooms": {"Grand Ballroom Salons AB": [{"guid": "76ea347d-4205-565a-bdf1-1f49cd19de59", "code": "RKPHN8", "id": 137, "logo": null, "date": "2025-11-04T09:00:00+01:00", "start": "09:00", "duration": "08:00", "room": "Grand Ballroom Salons AB", "slug": "sharkfest-25-europe-2025-137-1-pre-conference-class-i-essential-wireshark-skills-practical-packet-analysis-2-day-class", "url": "https://conference.wireshark.org/sharkfest-25-europe-2025/talk/RKPHN8/", "title": "Pre-conference class I: Essential Wireshark Skills: Practical Packet Analysis (2-day class)", "subtitle": "", "track": "Pre-conference class", "type": "Pre Conference Class", "language": "en", "abstract": "Level up your Wireshark skills and get ready for Sharkfest! This hands-on course will provide core Wireshark skills for IT pros of all experience levels. Participants will gain a solid understanding of how to use Wireshark to capture, analyze, and troubleshoot network traffic. The course is designed with beginners in mind, but even seasoned packet people will pick up new tips and tricks.", "description": "Topics Covered:\r\n\r\nIntroduction to network analysis and the role of Wireshark\r\nInstalling and configuring Wireshark\r\nAnalyzing captured packets, understanding protocol structures, and identifying network issues\r\nUtilizing powerful filtering techniques to isolate specific traffic and find the packets that matter\r\nDeep Dive into ARP, IP, ICMP, DNS, DHCP, TCP, UDP, QUIC, HTTP, TLS, and much more!\r\nWorking with command-line tools like TShark", "recording_license": "", "do_not_record": true, "persons": [{"code": "LVXUVN", "name": "Ross Bagurdes", "avatar": "https://conference.wireshark.org/media/avatars/Bagurdes_Headshot_SjVuW0O.jpeg", "biography": "Ross has had a diverse career in engineering, beginning as a structural engineer, then project engineer for a gas utility, Ross was always quickly\r\nassigned the de-facto network administrator, typically after no one else was brave enough to break, and later fix, the network. This lead to working as a network engineer designing and implementing enterprise networks for a major university hospital. Here he worked with\r\nExtreme Networks, HP, Cisco, Tipping Point, among other network technology, as well as honed his Wireshark and protocol analysis skills. Ross\r\nspent 7 years teaching data networking at Madison College, and in 2017 started authoring and producing IT training videos in Wireshark/Protocol\r\nAnalysis, Cisco, and general networking topics for www.Pluralsight.com. In his free time, you'll find Ross and his dog at the beach swimming and\r\nsurfing, traveling, hiking, or snowboarding somewhere in the western US.", "public_name": "Ross Bagurdes", "guid": "0def5250-101e-527e-a22d-2ffc2ecf9ad9", "url": "https://conference.wireshark.org/sharkfest-25-europe-2025/speaker/LVXUVN/"}], "links": [], "feedback_url": "https://conference.wireshark.org/sharkfest-25-europe-2025/talk/RKPHN8/feedback/", "origin_url": "https://conference.wireshark.org/sharkfest-25-europe-2025/talk/RKPHN8/", "attachments": []}, {"guid": "53a7c40b-f807-5598-85f2-6c58737e43ec", "code": "VENMYF", "id": 138, "logo": null, "date": "2025-11-04T17:30:00+01:00", "start": "17:30", "duration": "03:00", "room": "Grand Ballroom Salons AB", "slug": "sharkfest-25-europe-2025-138-sharkfest-25-europe-welcome-dinner-sponsor-showcase", "url": "https://conference.wireshark.org/sharkfest-25-europe-2025/talk/VENMYF/", "title": "SharkFest'25 EUROPE Welcome Dinner & Sponsor Showcase", "subtitle": "", "track": "Organization", "type": "Dinner", "language": "en", "abstract": "Let's kick-off the conference in style!", "description": "SharkFest'25 EUROPE Welcome Dinner & Sponsor Showcase", "recording_license": "", "do_not_record": false, "persons": [], "links": [], "feedback_url": "https://conference.wireshark.org/sharkfest-25-europe-2025/talk/VENMYF/feedback/", "origin_url": "https://conference.wireshark.org/sharkfest-25-europe-2025/talk/VENMYF/", "attachments": []}], "Grand Ballroom Salons CDE": [{"guid": "708e3b83-96d5-5afa-bca2-395ba7838712", "code": "MF8XDP", "id": 146, "logo": null, "date": "2025-11-04T08:30:00+01:00", "start": "08:30", "duration": "09:00", "room": "Grand Ballroom Salons CDE", "slug": "sharkfest-25-europe-2025-146-pre-conference-class-iii-smb-masterclass-starting-at-08-30", "url": "https://conference.wireshark.org/sharkfest-25-europe-2025/talk/MF8XDP/", "title": "Pre-conference class III: SMB Masterclass // Starting at 08:30", "subtitle": "", "track": "Pre-conference class", "type": "Pre Conference Class", "language": "en", "abstract": "SMB is the bread and butter protocol used to access file shares in virtually every company and home network. Since Windows Vista / Server 2008, the \"classic\" SMB has been replaced by SMB2 and later SMB3. Since legacy systems running Windows XP / Server 2003 are increasingly rare, we focus on the newer version.\r\n\r\nThis class will enable students to investigate functional issues and performance problems. Topics covered are\r\n\r\n* SMB Handshake, selection of a dialect version and user authentication\r\n\r\n* General process of mounting a share and accessing files\r\n\r\n* Tracking SMB sessions over multiple interfaces or IP-addresses\r\n\r\n* SMB functions beyond file sharing (IPC, Named Pipes)\r\n\r\n* Investigating error codes\r\n\r\n* Decryption of SMB traffic (not for the faint-hearted)\r\n\r\n* Understanding the service response time feature for SMB\r\n\r\n* identification of performance bottlenecks in the network, application logic, client or server", "description": "Please note that class will start at 08:30 and end at 17:30.", "recording_license": "", "do_not_record": false, "persons": [{"code": "G7DKUQ", "name": "Eddi Blenkers", "avatar": null, "biography": "For over 20 years, Eddi has been looking at network protocols to find (or rule out) network problems, vulnerabilities, ongoing hacking attacks or just for fun.\r\n\r\nWorking for the Swiss train company BLS as IT security analyst, he is reviewing the configuration of a multitude of systems to improve the overall security of the domain. Wireshark is one of the tools to verify the outcome of a configuration change.\r\n\r\nShameless promotion: Visit https://www.bls.ch/en/freizeit-und-ferien/ausflug to find some of the best destinations in Switzerland.", "public_name": "Eddi Blenkers", "guid": "fe7e996e-5292-58a2-8f18-5390a46d4560", "url": "https://conference.wireshark.org/sharkfest-25-europe-2025/speaker/G7DKUQ/"}], "links": [], "feedback_url": "https://conference.wireshark.org/sharkfest-25-europe-2025/talk/MF8XDP/feedback/", "origin_url": "https://conference.wireshark.org/sharkfest-25-europe-2025/talk/MF8XDP/", "attachments": []}]}}, {"index": 3, "date": "2025-11-05", "day_start": "2025-11-05T04:00:00+01:00", "day_end": "2025-11-06T03:59:00+01:00", "rooms": {"Grand Ballroom Salons AB": [{"guid": "18a778a7-3735-5660-95c9-e22665ae7df1", "code": "ULU3WK", "id": 142, "logo": null, "date": "2025-11-05T09:00:00+01:00", "start": "09:00", "duration": "01:00", "room": "Grand Ballroom Salons AB", "slug": "sharkfest-25-europe-2025-142-keynote-what-s-new-in-wireshark-4-6", "url": "https://conference.wireshark.org/sharkfest-25-europe-2025/talk/ULU3WK/", "title": "Keynote: What's New in Wireshark 4.6?", "subtitle": "", "track": "Organization", "type": "Organization", "language": "en", "abstract": "Gerald Combs & Friends talk about the new developments over the past year", "description": "", "recording_license": "", "do_not_record": false, "persons": [], "links": [], "feedback_url": "https://conference.wireshark.org/sharkfest-25-europe-2025/talk/ULU3WK/feedback/", "origin_url": "https://conference.wireshark.org/sharkfest-25-europe-2025/talk/ULU3WK/", "attachments": []}, {"guid": "23935dd3-6496-5387-98ab-4b71e16fd51f", "code": "QGAT79", "id": 170, "logo": null, "date": "2025-11-05T10:15:00+01:00", "start": "10:15", "duration": "01:00", "room": "Grand Ballroom Salons AB", "slug": "sharkfest-25-europe-2025-170-introduction-to-cloud-packet-capture", "url": "https://conference.wireshark.org/sharkfest-25-europe-2025/talk/QGAT79/", "title": "Introduction to Cloud Packet Capture", "subtitle": "", "track": "Beginner", "type": "Presentation", "language": "en", "abstract": "Cloud computing is often described in a very abstract way, but in reality relies on the same networking technologies and protocols we use every day. How can we get visibility into Cloud networks to troubleshoot and secure them?\r\n\r\nWhat are the differences between traditional On-premise and Cloud networking and architectures, and what does this tell us about attitudes towards network based security and trouble-shooting?\r\n \r\nIn this talk we will look at Cloud networking from the user perspective, and what some common Cloud architectures look like. We will review options for Packet Capture and network based tools in Cloud compared to On-prem environments, and discuss whether it is practical, beneficial, and necessary.", "description": "", "recording_license": "", "do_not_record": false, "persons": [{"code": "3MTJ77", "name": "Stephen Donnelly", "avatar": "https://conference.wireshark.org/media/avatars/dd9b73de6604fe1aa5b498fb631c4ff2_Z6LnIt5.jpg", "biography": null, "public_name": "Stephen Donnelly", "guid": "f3ab1550-4987-5443-9dba-51a557913170", "url": "https://conference.wireshark.org/sharkfest-25-europe-2025/speaker/3MTJ77/"}], "links": [], "feedback_url": "https://conference.wireshark.org/sharkfest-25-europe-2025/talk/QGAT79/feedback/", "origin_url": "https://conference.wireshark.org/sharkfest-25-europe-2025/talk/QGAT79/", "attachments": [{"title": "Presentation slides", "url": "/media/sharkfest-25-europe-2025/submissions/QGAT79/resources/SharkFest25_EUROPE_I_TjlKMpC.pptx", "type": "related"}]}, {"guid": "78c12141-c138-5b52-a072-cd87a7aa29d4", "code": "87EHWR", "id": 119, "logo": null, "date": "2025-11-05T11:30:00+01:00", "start": "11:30", "duration": "01:00", "room": "Grand Ballroom Salons AB", "slug": "sharkfest-25-europe-2025-119-wireless-with-wireshark", "url": "https://conference.wireshark.org/sharkfest-25-europe-2025/talk/87EHWR/", "title": "Wireless with Wireshark", "subtitle": "", "track": "Intermediate", "type": "Presentation", "language": "en", "abstract": "Scanning wireless to find devices with Wireshark", "description": "Wireshark is a tool for analyzing both wireless and wired networks. In this session, Megumi will show you how to find devices on your wireless network. With various scanning tools, we can explore different standards of WiFi networks and Bluetooth using Wireshark. Additionally, tshark and other Wireshark command-line interface (CLI) tools are useful for collecting and summarize device information. Use Wireshark to manage your wireless environment and enhance your wireless security!!", "recording_license": "", "do_not_record": false, "persons": [{"code": "MQPULF", "name": "Megumi Takeshita", "avatar": "https://conference.wireshark.org/media/avatars/ea73b656018238499cd621f442bec89d_hPlCb4o.jpg", "biography": "Megumi Takeshita, packet otaku, runs a packet company, ikeriri network service in Japan. Ikeriri offers services such as packet analysis for troubleshooting, debugging, security inspection. Ikeriri is also a reseller of wired/wireless capture and analysis products. Megumi has authored 10+ books about Wireshark and packet analysis. She also instructs Wireshark for Japanese companies including Japan Self Defense Forces and Chuo university as lecturer. She is one of contributors to the Wireshark projects including Japanese localization.", "public_name": "Megumi Takeshita", "guid": "21f525f3-2a01-5598-b519-0228df74f377", "url": "https://conference.wireshark.org/sharkfest-25-europe-2025/speaker/MQPULF/"}], "links": [], "feedback_url": "https://conference.wireshark.org/sharkfest-25-europe-2025/talk/87EHWR/feedback/", "origin_url": "https://conference.wireshark.org/sharkfest-25-europe-2025/talk/87EHWR/", "attachments": []}, {"guid": "c02e1e81-1f82-5ff2-bffc-e6f4323c7c1f", "code": "EUDWFA", "id": 178, "logo": null, "date": "2025-11-05T13:30:00+01:00", "start": "13:30", "duration": "01:00", "room": "Grand Ballroom Salons AB", "slug": "sharkfest-25-europe-2025-178-bridging-the-it-ot-divide-analyzing-operational-technology-networks-with-wireshark", "url": "https://conference.wireshark.org/sharkfest-25-europe-2025/talk/EUDWFA/", "title": "Bridging the IT/OT Divide: Analyzing Operational Technology Networks with Wireshark", "subtitle": "", "track": "Beginner", "type": "Presentation", "language": "en", "abstract": "Modern industrial networks pose unique challenges for packet analysis. This talk will introduce Wireshark users to the world of Operational Technology (OT) networks \u2013 the networks that control physical equipment in factories, power plants, and critical infrastructure \u2013 and explain how they differ from traditional Information Technology (IT) networks. We will explore how OT networks prioritize deterministic, time-critical communication in a way that IT networks do not, and why capturing and analyzing packets in OT environments is often more challenging. Attendees will learn about the distinct network architectures and protocols used in OT (from fieldbus and PLC communications to SCADA systems), and how factors like cycle times and real-time scheduling shape traffic patterns. We\u2019ll discuss why OT traffic tends to be highly regular and cyclic (enabling whitelisting of expected flows) in contrast to the bursty, ad-hoc traffic of IT networks \ufffc. The talk will also highlight security implicat", "description": "Key Takeaways:\r\n\t\u2022\tFundamental differences in purpose and design between IT and OT networks (priorities of safety/up-time vs. data-centric goals \ufffc).\r\n\t\u2022\tHow OT network traffic is deterministic and cycle-driven rather than ad-hoc, with strict timing requirements \ufffc \ufffc.\r\n\t\u2022\tAwareness of legacy systems and security challenges in OT (long device lifecycles, rare patches, focus on network segregation over frequent updates \ufffc \ufffc).\r\n\t\u2022\tPractical tips for using Wireshark on OT protocols, including recognizing industrial protocol traffic and analyzing communication patterns over time.\r\n\t\u2022\tExamples of diagnosing OT network issues by examining packet timing and sequence instead of just packet content.\r\n\r\nBy the end of this talk, attendees will have a clear understanding of what makes packet capture and analysis in OT environments unique, and how to leverage Wireshark to troubleshoot and monitor industrial network traffic effectively. Expect to gain insight into a fascinating area where networking meets the physical world, and pick up tips that you can apply when you encounter OT protocols in the wild.", "recording_license": "", "do_not_record": false, "persons": [{"code": "RFDHVJ", "name": "Roland Knall", "avatar": "https://conference.wireshark.org/media/avatars/RFDHVJ_Twx9SMI.webp", "biography": "Roland Knall is a seasoned software developer and systems architect based in Salzburg, Austria, with over 25 years of experience \ufffc. He has extensive expertise in network technology, focusing on network analysis and packet capture \ufffc. As a core developer of the Wireshark network analyzer, Roland has contributed to its open-source development for nearly a decade, including six years on Wireshark\u2019s core team \ufffc. He is also a member of Wireshark\u2019s Technical Steering Committee \ufffc, helping shape the project\u2019s direction. He is active in the open-source community and regularly shares his knowledge through conference talks and panel discussions, including Wireshark\u2019s SharkFest user conferences \ufffc.", "public_name": "Roland Knall", "guid": "eee7cd60-caea-5893-9691-e622c7a61f95", "url": "https://conference.wireshark.org/sharkfest-25-europe-2025/speaker/RFDHVJ/"}], "links": [], "feedback_url": "https://conference.wireshark.org/sharkfest-25-europe-2025/talk/EUDWFA/feedback/", "origin_url": "https://conference.wireshark.org/sharkfest-25-europe-2025/talk/EUDWFA/", "attachments": []}, {"guid": "13c0cd2c-9bc9-59cb-8de4-8a41566fd867", "code": "P3EFQN", "id": 168, "logo": null, "date": "2025-11-05T14:45:00+01:00", "start": "14:45", "duration": "01:00", "room": "Grand Ballroom Salons AB", "slug": "sharkfest-25-europe-2025-168-let-s-use-wireshark-to-better-understand-kubernetes", "url": "https://conference.wireshark.org/sharkfest-25-europe-2025/talk/P3EFQN/", "title": "Let's use wireshark to better understand Kubernetes", "subtitle": "", "track": "Intermediate", "type": "Presentation", "language": "en", "abstract": "In this talk we will get an overview of networking setup in Kubernetes on the example of Openshift. \r\nWe will also see how application traffic can be captured and analysed.", "description": "", "recording_license": "", "do_not_record": false, "persons": [{"code": "RQYT9F", "name": "Sergey Guzenkov", "avatar": "https://conference.wireshark.org/media/avatars/RQYT9F_1DTvrov.jpeg", "biography": "Sergey started with system administrator in 1999. And since 2002 full time with linux systems. \r\nLast almost 10 years he has been with Red Hat as a seniour, and now a principal instructor.\r\n\r\nHis first SharkFest was in 2014 in San Rafael and 10 years later in Vienna in 2024. \r\n\r\nIn 2016 he gave a tutorial  at linux.conf.au in Geelong \"Packets don't lie: how can you use tcpdump/tshark (wireshark) to prove your point\".", "public_name": "Sergey Guzenkov", "guid": "152e19c5-a1b8-5d75-a77e-d5088303a848", "url": "https://conference.wireshark.org/sharkfest-25-europe-2025/speaker/RQYT9F/"}], "links": [], "feedback_url": "https://conference.wireshark.org/sharkfest-25-europe-2025/talk/P3EFQN/feedback/", "origin_url": "https://conference.wireshark.org/sharkfest-25-europe-2025/talk/P3EFQN/", "attachments": []}, {"guid": "9987a23d-724f-59a6-ad17-be068e44e895", "code": "3SQLN9", "id": 160, "logo": null, "date": "2025-11-05T16:00:00+01:00", "start": "16:00", "duration": "01:00", "room": "Grand Ballroom Salons AB", "slug": "sharkfest-25-europe-2025-160-from-full-capture-to-criminal-evidence-a-real-world-case-of-lawful-interception", "url": "https://conference.wireshark.org/sharkfest-25-europe-2025/talk/3SQLN9/", "title": "From Full Capture to Criminal Evidence: A Real-World Case of Lawful Interception", "subtitle": "", "track": "Intermediate", "type": "Presentation", "language": "en", "abstract": "You\u2019ve  wiretapped a suspect\u2019s internet connection. You have the entire packet capture \u2014 but not a single clue about what\u2019s relevant, or even what you\u2019re trying to find.\r\n\r\nIn this session, we walk through a real-life criminal investigation involving the forensic analysis of a standard residential internet connection. The task: uncover evidence of illegal online activity, without prior knowledge of the services used, IP addresses involved, or even the nature of the communication.\r\n\r\nUsing only Wireshark and patience, the investigator faced hundreds of thousands of packets, countless domains, and protocols ranging from common to obscure. There were no predefined indicators of suspicious communication\u2014just raw traffic and a hunch that something was hidden within.\r\n\r\nThis talk will demonstrate how targeted filtering, temporal analysis, and a dose of good old-fashioned intuition led to the successful identification of suspicious communication. Starting with nothing but a massive stream of packet", "description": "", "recording_license": "", "do_not_record": false, "persons": [{"code": "E73Q8S", "name": "Daniel Spiekermann", "avatar": null, "biography": "Daniel Spiekermann has more than 20 years of experience in communications technology and worked for many years as a forensic scientist for various law enforcement agencies, focusing on computer and network forensics. After completing his doctorate at the FernUniversit\u00e4t in Hagen in 2019, he began working as a professor of digital forensics at the Lower Saxony Police Academy in 2020. Since 2023, he has been teaching as a professor of distributed systems at the Dortmund University of Applied Sciences and Arts, conducting research on virtual networks and digital forensics.", "public_name": "Daniel Spiekermann", "guid": "c6804d44-a3a4-5b12-b947-0d0855dabad1", "url": "https://conference.wireshark.org/sharkfest-25-europe-2025/speaker/E73Q8S/"}], "links": [], "feedback_url": "https://conference.wireshark.org/sharkfest-25-europe-2025/talk/3SQLN9/feedback/", "origin_url": "https://conference.wireshark.org/sharkfest-25-europe-2025/talk/3SQLN9/", "attachments": []}, {"guid": "f996750a-8151-5f3f-85e5-4a715e43d3a7", "code": "K3QZUJ", "id": 157, "logo": null, "date": "2025-11-05T17:15:00+01:00", "start": "17:15", "duration": "01:00", "room": "Grand Ballroom Salons AB", "slug": "sharkfest-25-europe-2025-157-level-up-your-mpls-skills-a-wireshark-driven-approach", "url": "https://conference.wireshark.org/sharkfest-25-europe-2025/talk/K3QZUJ/", "title": "Level up your MPLS skills - A Wireshark-driven approach", "subtitle": "", "track": "Intermediate", "type": "Presentation", "language": "en", "abstract": "This session offers a practical, Wireshark-driven approach to understanding and troubleshooting MPLS. The goal is to articulate the control plane and data plane's inner workings through packet analysis. We'll deep-dive into packet structures, label exchange mechanisms, and eventually explore some traffic engineering scenarios. This session begins with a quick review of MPLS fundamentals, then dives into real-world use cases and potentially explores related technologies and advancements like SR-MPLS.", "description": "", "recording_license": "", "do_not_record": false, "persons": [{"code": "XLZPAM", "name": "Pierre Besombes", "avatar": "https://conference.wireshark.org/media/avatars/pierreblanck_PZr7SdU.JPG", "biography": null, "public_name": "Pierre Besombes", "guid": "147c13b8-1181-53ad-9dd1-2e94f2a7fe2f", "url": "https://conference.wireshark.org/sharkfest-25-europe-2025/speaker/XLZPAM/"}, {"code": "VMTNWE", "name": "Juan Pablo Azar Ricciardi", "avatar": null, "biography": null, "public_name": "Juan Pablo Azar Ricciardi", "guid": "5f544a34-8663-574c-a0f0-8c73e4d98164", "url": "https://conference.wireshark.org/sharkfest-25-europe-2025/speaker/VMTNWE/"}], "links": [], "feedback_url": "https://conference.wireshark.org/sharkfest-25-europe-2025/talk/K3QZUJ/feedback/", "origin_url": "https://conference.wireshark.org/sharkfest-25-europe-2025/talk/K3QZUJ/", "attachments": []}, {"guid": "9b3bc0c1-d043-5ed8-9f0a-7e21f07e061b", "code": "ANX98U", "id": 139, "logo": null, "date": "2025-11-05T18:30:00+01:00", "start": "18:30", "duration": "03:00", "room": "Grand Ballroom Salons AB", "slug": "sharkfest-25-europe-2025-139-sponsor-technology-showcase-reception-dinner", "url": "https://conference.wireshark.org/sharkfest-25-europe-2025/talk/ANX98U/", "title": "Sponsor Technology Showcase Reception & Dinner", "subtitle": "", "track": "Organization", "type": "Dinner", "language": "en", "abstract": "Join us for a fun night with an opportunity to enjoy wonderful conversations and win some nice prizes!", "description": "", "recording_license": "", "do_not_record": false, "persons": [], "links": [], "feedback_url": "https://conference.wireshark.org/sharkfest-25-europe-2025/talk/ANX98U/feedback/", "origin_url": "https://conference.wireshark.org/sharkfest-25-europe-2025/talk/ANX98U/", "attachments": []}], "Grand Ballroom Salons CDE": [{"guid": "b3db86f0-75c6-593f-8a85-14cf9c76d4b0", "code": "HUB3MR", "id": 132, "logo": null, "date": "2025-11-05T10:15:00+01:00", "start": "10:15", "duration": "01:00", "room": "Grand Ballroom Salons CDE", "slug": "sharkfest-25-europe-2025-132-packet-stories", "url": "https://conference.wireshark.org/sharkfest-25-europe-2025/talk/HUB3MR/", "title": "Packet Stories", "subtitle": "", "track": "Expert / Developer", "type": "Presentation", "language": "en", "abstract": "_To be the network or not to be the network, that's the question!_\r\n\r\nThis is a question we face a lot. The network is blamed by default, but is it really the network. During this session a couple of real life cases will be presented. What was the problem, how was it analyzed, what can we learn about the process and off course the answer to the question: was it the network?", "description": "", "recording_license": "", "do_not_record": false, "persons": [{"code": "MZ9HCA", "name": "Sake Blok", "avatar": "https://conference.wireshark.org/media/avatars/profile-2025-400x400_hgdKmpu.png", "biography": "Sake has been analyzing packets for over 20 years. During his work, Sake started developing functionality for Wireshark while working with the analyzer in his day-to-day job. He also enhanced multiple protocol dissectors. In 2007, Sake joined the Wireshark Core Development team. In 2009, After working for a reseller of networking equipment for 8 years, he started the company SYN-bit to provide network analysis and training services to enterprises across Europe.", "public_name": "Sake Blok", "guid": "eeeda75a-cc6d-5a94-ba7c-2d3d6f14dd59", "url": "https://conference.wireshark.org/sharkfest-25-europe-2025/speaker/MZ9HCA/"}], "links": [], "feedback_url": "https://conference.wireshark.org/sharkfest-25-europe-2025/talk/HUB3MR/feedback/", "origin_url": "https://conference.wireshark.org/sharkfest-25-europe-2025/talk/HUB3MR/", "attachments": []}, {"guid": "4b7e3878-ca1c-50be-8dc4-eab2afa72a12", "code": "8UKP7Z", "id": 161, "logo": null, "date": "2025-11-05T11:30:00+01:00", "start": "11:30", "duration": "01:00", "room": "Grand Ballroom Salons CDE", "slug": "sharkfest-25-europe-2025-161-secure-dns-attacks-and-defenses", "url": "https://conference.wireshark.org/sharkfest-25-europe-2025/talk/8UKP7Z/", "title": "Secure DNS: Attacks and Defenses", "subtitle": "", "track": "Security", "type": "Presentation", "language": "en", "abstract": "DNS is a foundational part of the Internet - but also a prime target for attackers. In this talk, we dive into common DNS attack vectors like spoofing, command-and-control traffic via DNS, or DNS tunnelling. We'll explore modern defence mechanisms such as DNSSEC, DNS-over-HTTPS (DoH), and DNS-over-TLS (DoT), and how they help protect DNS integrity and privacy. You'll also get insights into leveraging threat intel and malware feeds to detect malicious domains, plus a look at useful tools for DNS troubleshooting and analysis.", "description": "", "recording_license": "", "do_not_record": false, "persons": [{"code": "PXP8DZ", "name": "Johannes Weber", "avatar": "https://conference.wireshark.org/media/avatars/PXP8DZ_GRq6JRm.jpg", "biography": "Johannes works as a network security consultant at SVA System Vertrieb Alexander GmbH in Germany, holding a master's degree in IT Security with a specialisation in IPv6 Security. He excels in implementing next-gen firewalls, DNS appliances, and IPv6 connectivity at customer sites. As a trainer, Johannes conducts classes on IPv6 and DNS, focusing on in-depth technical discussions and security features. His insights and tutorials on IPv6, VPNs, DNSSEC, NTP, Wireshark, and enterprise-grade firewalls (Palo Alto Networks, Fortinet) can be found on his blog at https://weberblog.net/.", "public_name": "Johannes Weber", "guid": "f390f758-d6cb-552d-b920-5a7892edc72e", "url": "https://conference.wireshark.org/sharkfest-25-europe-2025/speaker/PXP8DZ/"}], "links": [], "feedback_url": "https://conference.wireshark.org/sharkfest-25-europe-2025/talk/8UKP7Z/feedback/", "origin_url": "https://conference.wireshark.org/sharkfest-25-europe-2025/talk/8UKP7Z/", "attachments": []}, {"guid": "86646720-aaf9-5a5b-930c-6fa4ab01bbf1", "code": "HW7QGN", "id": 163, "logo": null, "date": "2025-11-05T13:30:00+01:00", "start": "13:30", "duration": "01:00", "room": "Grand Ballroom Salons CDE", "slug": "sharkfest-25-europe-2025-163-talk-with-your-packets-ai-powered-natural-language-interaction-with-packet-captures-part-1", "url": "https://conference.wireshark.org/sharkfest-25-europe-2025/talk/HW7QGN/", "title": "Talk with Your Packets: AI-Powered Natural Language Interaction with Packet Captures (part 1)", "subtitle": "", "track": "Expert / Developer", "type": "Presentation", "language": "en", "abstract": "Unlock a groundbreaking approach to packet analysis with \"Talk with Your Packets,\" where cutting-edge AI and Large Language Models (LLMs) meet the world of .pcap and .pcapng files. This session explores how natural language, combined with artificial intelligence and a Retrieval Augmented Generation (RAG) pipeline, can transform traditional packet analysis.\r\n\r\nWe\u2019ll dive into how packets are converted into JSON representations via the CLI, chunked for efficient processing, embedded as vectors, and stored in ChromaDB for retrieval. Democratizing access to advanced packet analysis and making it easier for users to ask meaningful questions about their packet captures.\r\n\r\nWhile this solution augments Wireshark by aiding in the filtering and crafting of high-value .pcaps (garbage in, garbage out), it does not replace Wireshark. Instead, it empowers analysts with a more intuitive and streamlined way to interpret packet data.", "description": "This will be a mix of slides and live demonstrations as well as Q&A and interactivity with the audience", "recording_license": "", "do_not_record": false, "persons": [{"code": "KRGTQN", "name": "John Capobianco", "avatar": "https://conference.wireshark.org/media/avatars/SBducZEp_400x400_atflUfm.jpg", "biography": "John Capobianco is a visionary leader, author, and evangelist at the forefront of IT operations, artificial intelligence, and automation. With over 25 years of experience in IT Operations across public and private sectors, John has served as a Technical Leader in AI at Cisco and is currently a Product Marketing Evangelist at Selector AI. His career blends deep technical expertise with a passion for innovation, helping bridge the gap between technology and business value.\r\n\r\nJohn is the author of several influential works, including Automate Your Network and Cisco pyATS: Network Test and Automation Solution. A recognized thought leader, he frequently speaks at global conferences on topics such as AIOps, network automation, and the transformative impact of AI. His engaging style and real-world insights inspire professionals to embrace the future of IT operations.", "public_name": "John Capobianco", "guid": "a0cda325-ac56-56dc-8410-bf7e76244793", "url": "https://conference.wireshark.org/sharkfest-25-europe-2025/speaker/KRGTQN/"}], "links": [], "feedback_url": "https://conference.wireshark.org/sharkfest-25-europe-2025/talk/HW7QGN/feedback/", "origin_url": "https://conference.wireshark.org/sharkfest-25-europe-2025/talk/HW7QGN/", "attachments": []}, {"guid": "8cf202c6-a757-5bb7-afe5-67a32a1aae73", "code": "B3QNQ7", "id": 164, "logo": null, "date": "2025-11-05T14:45:00+01:00", "start": "14:45", "duration": "02:15", "room": "Grand Ballroom Salons CDE", "slug": "sharkfest-25-europe-2025-164-talk-with-your-packets-ai-powered-natural-language-interaction-with-packet-captures-part-2-lab", "url": "https://conference.wireshark.org/sharkfest-25-europe-2025/talk/B3QNQ7/", "title": "Talk with Your Packets: AI-Powered Natural Language Interaction with Packet Captures (part 2, Lab)", "subtitle": "", "track": "Expert / Developer", "type": "Workshop", "language": "en", "abstract": "A hands on lab that goes with the lecture. People will be using AI and NL to 'talk to their packets' \r\n\r\n2 hour lab", "description": "A hands on lab that goes with the lecture. People will be using AI and NL to 'talk to their packets' \r\n\r\n2 hour lab", "recording_license": "", "do_not_record": false, "persons": [{"code": "KRGTQN", "name": "John Capobianco", "avatar": "https://conference.wireshark.org/media/avatars/SBducZEp_400x400_atflUfm.jpg", "biography": "John Capobianco is a visionary leader, author, and evangelist at the forefront of IT operations, artificial intelligence, and automation. With over 25 years of experience in IT Operations across public and private sectors, John has served as a Technical Leader in AI at Cisco and is currently a Product Marketing Evangelist at Selector AI. His career blends deep technical expertise with a passion for innovation, helping bridge the gap between technology and business value.\r\n\r\nJohn is the author of several influential works, including Automate Your Network and Cisco pyATS: Network Test and Automation Solution. A recognized thought leader, he frequently speaks at global conferences on topics such as AIOps, network automation, and the transformative impact of AI. His engaging style and real-world insights inspire professionals to embrace the future of IT operations.", "public_name": "John Capobianco", "guid": "a0cda325-ac56-56dc-8410-bf7e76244793", "url": "https://conference.wireshark.org/sharkfest-25-europe-2025/speaker/KRGTQN/"}], "links": [], "feedback_url": "https://conference.wireshark.org/sharkfest-25-europe-2025/talk/B3QNQ7/feedback/", "origin_url": "https://conference.wireshark.org/sharkfest-25-europe-2025/talk/B3QNQ7/", "attachments": []}, {"guid": "769e6bef-e359-5658-b795-86ef1570e6ef", "code": "7YAQ3C", "id": 174, "logo": null, "date": "2025-11-05T17:15:00+01:00", "start": "17:15", "duration": "01:00", "room": "Grand Ballroom Salons CDE", "slug": "sharkfest-25-europe-2025-174-lte-5g-packet-flow-explained", "url": "https://conference.wireshark.org/sharkfest-25-europe-2025/talk/7YAQ3C/", "title": "LTE / 5G packet flow explained", "subtitle": "", "track": "Intermediate", "type": "Presentation", "language": "en", "abstract": "We'll walk through packets captured from a cell phone acquiring a tower, and follow the packet all the way out to the internet. Show filters used when troubleshooting 4G/5G, as well as some real world problems.", "description": "", "recording_license": "", "do_not_record": false, "persons": [{"code": "LKKWAR", "name": "Mark Stout", "avatar": null, "biography": "Currently working for T-Mobile with 5G feature development and support. While supporting the existing LTE infrastructure for the last 13 years. In the packet trenches everyday.", "public_name": "Mark Stout", "guid": "52f4461d-c166-5b72-91c6-ed3edd7dcbac", "url": "https://conference.wireshark.org/sharkfest-25-europe-2025/speaker/LKKWAR/"}], "links": [], "feedback_url": "https://conference.wireshark.org/sharkfest-25-europe-2025/talk/7YAQ3C/feedback/", "origin_url": "https://conference.wireshark.org/sharkfest-25-europe-2025/talk/7YAQ3C/", "attachments": []}]}}, {"index": 4, "date": "2025-11-06", "day_start": "2025-11-06T04:00:00+01:00", "day_end": "2025-11-07T03:59:00+01:00", "rooms": {"Grand Ballroom Salons AB": [{"guid": "ac787f54-85b7-5215-a0a3-18c9e4d6fb7f", "code": "VPBRDM", "id": 128, "logo": null, "date": "2025-11-06T09:00:00+01:00", "start": "09:00", "duration": "00:45", "room": "Grand Ballroom Salons AB", "slug": "sharkfest-25-europe-2025-128-keynote-shift-the-conversation-open-source-is-free-but-not-free-free", "url": "https://conference.wireshark.org/sharkfest-25-europe-2025/talk/VPBRDM/", "title": "Keynote: Shift the Conversation: Open Source is Free, But Not Free-Free", "subtitle": "", "track": "Intermediate", "type": "Presentation", "language": "en", "abstract": "Open-source software is everywhere\u2014from network security tools like Wireshark and Suricata to the critical infrastructure enterprises rely on daily. Yet, when OSS enters the corporate conversation, it\u2019s often met with \"Isn\u2019t it free? Why should we invest in it?\" or \u201cWon\u2019t the community just take care of everything.\u201d or \"Who\u2019s responsible if something goes wrong?\" Instead of treating OSS as a strategic asset, these misconceptions create barriers to security, sustainability, and innovation.\r\n\r\nThis session will help you shift the OSS conversation\u2014moving from passive consumption to active engagement. Drawing from real-world experience leading OISF (Suricata), we\u2019ll explore how to make the business case for OSS, advocate for responsible adoption, and integrate due diligence into enterprise processes. Attendees will leave with strategies to foster internal support and transform OSS from an afterthought into a competitive advantage.", "description": "", "recording_license": "", "do_not_record": false, "persons": [{"code": "DBYMTJ", "name": "Kelley Misata", "avatar": "https://conference.wireshark.org/media/avatars/Dr._Kelley_Misata_2024_cD3JOg8.jpeg", "biography": "Dr. Kelley Misata is a leader in cybersecurity strategy, open source\r\ninnovation, and nonprofits. As Founder of Sightline Security, she empowers\r\nnonprofits to build robust cybersecurity. As President of OISF, she strengthens global\r\nnetwork security through Suricata, a premier open-source technology. Renowned for\r\ntranslating complex cybersecurity challenges into actionable solutions, Dr. Misata has\r\ntransformed her journey as a cyberstalking survivor into advocacy for security, privacy, and\r\nopen-source practices. With a Ph.D. in Information Security from Purdue University and a\r\nBusiness Administration and Marketing degree from Bentley University, she exemplifies\r\nthe fusion of expertise and leadership to address real-world threats and drive\r\ntransformative change.", "public_name": "Kelley Misata", "guid": "c8b87c48-2ca1-53cc-a273-2b8e624ca89e", "url": "https://conference.wireshark.org/sharkfest-25-europe-2025/speaker/DBYMTJ/"}], "links": [], "feedback_url": "https://conference.wireshark.org/sharkfest-25-europe-2025/talk/VPBRDM/feedback/", "origin_url": "https://conference.wireshark.org/sharkfest-25-europe-2025/talk/VPBRDM/", "attachments": []}, {"guid": "d35ddc93-daa3-59b1-a17b-aa4d1c6f64db", "code": "NMUBR7", "id": 131, "logo": null, "date": "2025-11-06T10:15:00+01:00", "start": "10:15", "duration": "01:00", "room": "Grand Ballroom Salons AB", "slug": "sharkfest-25-europe-2025-131-new-kid-on-the-block-stratoshark", "url": "https://conference.wireshark.org/sharkfest-25-europe-2025/talk/NMUBR7/", "title": "New kid on the block: Stratoshark", "subtitle": "", "track": "Intermediate", "type": "Presentation", "language": "en", "abstract": "Gerald has been working on a new tool that has just been released to the public: Stratoshark. It has the same look and feel of Wireshark (as it shares quite a bit of common code), but you can analyze (linux) system calls and (cloud) logs with it.\r\n\r\nAs per www.stratoshark.org:\r\n_Stratoshark lets you explore and investigate the application-level behavior of your systems. You can capture system call and log activity and use a variety of advanced features to troubleshoot and analyze that activity. If you've ever used Wireshark, Stratoshark will look very familiar! It's a sibling application that shares the same dissection and filtering engine and much of the same user interface. It supports the same file format as Falco and Sysdig CLI, which lets you pivot seamlessly between each tool. As an added bonus, it's open source, just like Wireshark and Falco._\r\n\r\nThis talk will give you an introduction to Stratoshark and some hints to get started your Stratoshark journey.", "description": "", "recording_license": "", "do_not_record": false, "persons": [{"code": "MZ9HCA", "name": "Sake Blok", "avatar": "https://conference.wireshark.org/media/avatars/profile-2025-400x400_hgdKmpu.png", "biography": "Sake has been analyzing packets for over 20 years. During his work, Sake started developing functionality for Wireshark while working with the analyzer in his day-to-day job. He also enhanced multiple protocol dissectors. In 2007, Sake joined the Wireshark Core Development team. In 2009, After working for a reseller of networking equipment for 8 years, he started the company SYN-bit to provide network analysis and training services to enterprises across Europe.", "public_name": "Sake Blok", "guid": "eeeda75a-cc6d-5a94-ba7c-2d3d6f14dd59", "url": "https://conference.wireshark.org/sharkfest-25-europe-2025/speaker/MZ9HCA/"}], "links": [], "feedback_url": "https://conference.wireshark.org/sharkfest-25-europe-2025/talk/NMUBR7/feedback/", "origin_url": "https://conference.wireshark.org/sharkfest-25-europe-2025/talk/NMUBR7/", "attachments": []}, {"guid": "623af515-5019-505b-b948-5d13f2b7ab5f", "code": "8N8MES", "id": 158, "logo": null, "date": "2025-11-06T11:30:00+01:00", "start": "11:30", "duration": "01:00", "room": "Grand Ballroom Salons AB", "slug": "sharkfest-25-europe-2025-158-making-webrtc-work-in-times-of-locked-down-networks-a-hands-on-session-on-how-to-find-out-what-your-favorite-web-conferencing-tool-really-needs", "url": "https://conference.wireshark.org/sharkfest-25-europe-2025/talk/8N8MES/", "title": "Making WebRTC work in times of locked down networks  - A hands-on session on how to find out what your favorite Web Conferencing tool really needs", "subtitle": "", "track": "Intermediate", "type": "Presentation", "language": "en", "abstract": "According to their documentation, modern WebRTC based conferencing solutions require literally thousands of open ports to hundreds of thousands IP addresses to play.\r\nHow come they still work in todays super restrictive  corporate networks - when they were conceived at a time were the Internet was still an idyllic place and a firewall just a clean cut packet filter.\r\nAnd how you can fix them, in case they don't cooperate\r\nI invite you to my journey of finding this out and I'll show you my implements ;-)", "description": "**We will look at the big players**\r\n\t\u2022 Zoom Web\r\n\t\u2022 Teams\r\n\t\u2022 Google Meet\r\n\t\u2022 Webex\r\n\t\u2022  GotoWebinar (not big, but what my company does)\r\n\r\nWhat do the specs say wrt IPS/Ports/Domains ?\r\nWhat is the (tested) minimum ?\r\n\r\n**How do we find out what network requirements they really have?**\r\n\t\u2022 Run Wireshark capture in unrestricted network to get a first idea\r\n\t\u2022 Have browser export TLS keys so you can read the setup messages\r\n\t\u2022 Step by step restrict protocols, address ranges, domains to see what still works.\r\n\t\u2022 Live demonstration of test setup\r\n\r\n**Short sidenote:** How WebRTC finds connections - diagrams of the different configurations\r\n\r\n**Tests**\r\nHow do they deal with\r\n\t\u2022 Explicit Proxies (SNI)\r\n\t\u2022 No local DNS / DNS sinkholes\r\n\t\u2022 DPI (Fallback from QUIC to force proxies)\r\n\t\u2022 Zscaler connections (split routing)\r\n\t\u2022 Non corporate VPN solutions (wireguard based)\r\n\t\u2022 How many connections are used in total\r\n\t\u2022 IP ranges/domains used\r\n\r\n**What to do if things fail**\r\ncommon workarounds\r\n\t\u2022 WebRTC fallbacks\r\n\t\u2022 Exclude Signaling from DPI\r\n\t\u2022 Open UDP \r\n\t\u2022 TURN server to rescue\r\n\t\u2022 Faking DNS", "recording_license": "", "do_not_record": false, "persons": [{"code": "GEKGFS", "name": "Robert Hess", "avatar": "https://conference.wireshark.org/media/avatars/GEKGFS_717UcZg.jpg", "biography": "Helping customers and engineers to understand problems with communication protocols in their networks.\r\nDebugging communication protocols and analysing log files for a living and having fun with it.\r\nFinding problems in software since the era of punched tapes.\r\nWorking for Goto - them makers of GotoWebinar / GoToTraining", "public_name": "Robert Hess", "guid": "bcda86eb-7f30-51f7-b663-306046fd2d54", "url": "https://conference.wireshark.org/sharkfest-25-europe-2025/speaker/GEKGFS/"}], "links": [], "feedback_url": "https://conference.wireshark.org/sharkfest-25-europe-2025/talk/8N8MES/feedback/", "origin_url": "https://conference.wireshark.org/sharkfest-25-europe-2025/talk/8N8MES/", "attachments": []}, {"guid": "e25f5f0b-4f31-59e9-b964-474414b7f769", "code": "CHKWHN", "id": 143, "logo": null, "date": "2025-11-06T13:30:00+01:00", "start": "13:30", "duration": "01:30", "room": "Grand Ballroom Salons AB", "slug": "sharkfest-25-europe-2025-143-the-packet-doctors-are-in-packet-trace-examinations-with-the-experts", "url": "https://conference.wireshark.org/sharkfest-25-europe-2025/talk/CHKWHN/", "title": "The Packet Doctors are in! Packet trace examinations with the experts", "subtitle": "", "track": "Beginner", "type": "Packetdoctors Session", "language": "en", "abstract": "The experts on this panel have been asked to look at a trace file and help find a reason for certain behaviors by attendees at many SharkFests. Based on this, they\u2019ve decided to create a public forum for examining individual trace files with a broader audience for a collective learning experience. Trace files will be gathered from attendees prior to SharkFest and only given to the panel members during the session so that the \u201cnot-\r\nknowing what to expect and whether it can be solved\u201d experience of working through an unknown trace file can be preserved.\r\nCome to this session and learn to ask the right questions and look at packets in different ways.\r\nPLEASE SEND PERPLEXING TRACE FILES FOR ANALYSIS BY THE PANEL TO jasper@packet-foo.com PRIOR TO SHARKFEST!", "description": "", "recording_license": "", "do_not_record": true, "persons": [], "links": [], "feedback_url": "https://conference.wireshark.org/sharkfest-25-europe-2025/talk/CHKWHN/feedback/", "origin_url": "https://conference.wireshark.org/sharkfest-25-europe-2025/talk/CHKWHN/", "attachments": []}, {"guid": "d45c5f69-d202-582c-82be-192cae532595", "code": "HREGSB", "id": 159, "logo": null, "date": "2025-11-06T15:15:00+01:00", "start": "15:15", "duration": "01:00", "room": "Grand Ballroom Salons AB", "slug": "sharkfest-25-europe-2025-159-wireshark-in-action-empowering-education-and-research", "url": "https://conference.wireshark.org/sharkfest-25-europe-2025/talk/HREGSB/", "title": "Wireshark in Action: Empowering Education and Research", "subtitle": "", "track": "Beginner", "type": "Presentation", "language": "en", "abstract": "Network packet analysis remains a cornerstone in both education and research. In this session, we will present a series of practical examples that illustrate its continued relevance and versatility. Our proven format remains unchanged from previous years\u2014expect an interactive, engaging experience enhanced by gamification elements that create a dynamic learning environment.\r\nAs technology and methodologies evolve, so does our content. We will explore and demonstrate new insights, and approaches that have emerged over the past year. Whether you're new to packet analysis or looking to deepen your expertise, this session will leave you with fresh perspectives and actionable ideas to take away.", "description": "", "recording_license": "", "do_not_record": false, "persons": [{"code": "YY3RVA", "name": "Tom Cordemans", "avatar": "https://conference.wireshark.org/media/avatars/YY3RVA_Hme1zPZ.jpg", "biography": "Tom Cordemans is a senior lecturer at the Odisee University of Applied Sciences and a researcher at the DistriNet Research Unit of KU Leuven in Gent, Belgium with a strong focus on IT, IoT and OT networks. He is a daily user of Wireshark and sharing knowledge and expertise is his trigger to give workshops and presentations.", "public_name": "Tom Cordemans", "guid": "34d641a6-7172-5119-9da4-eff4fed23a51", "url": "https://conference.wireshark.org/sharkfest-25-europe-2025/speaker/YY3RVA/"}, {"code": "PFPDDQ", "name": "Ville Haapakangas", "avatar": null, "biography": "Ville Haapakangas is a Senior Lecturer at Tampere University of Applied Sciences in Tampere, Finland, with a strong focus on Computer Networks and Cybersecurity. He is especially interested in using Wireshark as a pedagogical and research tool. Ville\u2019s involvement with SharkFest EU extends over several years as both a participant and a speaker.", "public_name": "Ville Haapakangas", "guid": "f0a559d4-d197-577b-b49c-e57f5c86eec2", "url": "https://conference.wireshark.org/sharkfest-25-europe-2025/speaker/PFPDDQ/"}], "links": [], "feedback_url": "https://conference.wireshark.org/sharkfest-25-europe-2025/talk/HREGSB/feedback/", "origin_url": "https://conference.wireshark.org/sharkfest-25-europe-2025/talk/HREGSB/", "attachments": []}, {"guid": "2afdfe38-aa03-5726-8ac9-deb867660c91", "code": "GWBY8A", "id": 173, "logo": null, "date": "2025-11-06T16:30:00+01:00", "start": "16:30", "duration": "01:00", "room": "Grand Ballroom Salons AB", "slug": "sharkfest-25-europe-2025-173-handcrafted-packets-build-network-packets-with-scapy", "url": "https://conference.wireshark.org/sharkfest-25-europe-2025/talk/GWBY8A/", "title": "Handcrafted Packets: Build network packets with Scapy", "subtitle": "", "track": "Intermediate", "type": "Presentation", "language": "en", "abstract": "\u2022 You want to reproduce a network problem for specific frames?\r\n\u2022 You want to test a Wireshark dissector you\u2019ve developed but a sample capture is missing?\r\n\u2022 You want to test whether an application reacts to all defined commands?\r\n\u2022 You do a penetration test and want to see how a network device handles undefined data (e.g. with TCP MSS=0)\r\n\r\nFor all these cases, Scapy can help you build the packets you need. In this talk, I will show you how to do it. Scapy is\r\na packet manipulation tool written in Python. It can forge or decode packets, send them on the wire, capture them, and\r\nmatch requests and replies. At the end of the session, we can assemble packages together in a hands-on session. => Bring\r\nyour laptop with you.", "description": "", "recording_license": "", "do_not_record": false, "persons": [{"code": "ZWZAC8", "name": "Uli Heilmeier", "avatar": "https://conference.wireshark.org/media/avatars/telefonbuch_uhei_neu_YZK2f7y.png", "biography": "Uli has been working somewhere between IT/OT infrastructure and IT/OT security for more than two decades. His current position is \u2018IT Security Architect\u2019 at Krones AG. He has been a member of the Core Developer Team since 2021.", "public_name": "Uli Heilmeier", "guid": "12e614d0-36da-5dfd-b33a-b0facc8db520", "url": "https://conference.wireshark.org/sharkfest-25-europe-2025/speaker/ZWZAC8/"}], "links": [], "feedback_url": "https://conference.wireshark.org/sharkfest-25-europe-2025/talk/GWBY8A/feedback/", "origin_url": "https://conference.wireshark.org/sharkfest-25-europe-2025/talk/GWBY8A/", "attachments": []}, {"guid": "f088e260-c1bc-591a-a6ea-4d59844ef07f", "code": "DE8KZY", "id": 162, "logo": null, "date": "2025-11-06T17:45:00+01:00", "start": "17:45", "duration": "01:00", "room": "Grand Ballroom Salons AB", "slug": "sharkfest-25-europe-2025-162-http-deep-dive", "url": "https://conference.wireshark.org/sharkfest-25-europe-2025/talk/DE8KZY/", "title": "HTTP deep dive", "subtitle": "", "track": "Beginner", "type": "Presentation", "language": "en", "abstract": "In the past HTTP was just used for websites. Today many applications depend on APIs, using HTTP(S) as communication protocol as well. So, when troubleshooting there is a big change that you have to investigate HTTP traffic. With HTTP/2 and HTTP/3 becoming more popular that may require a different approach.\r\nThis session is not only about how to use Wireshark, but especially about understanding the protocol. What the HTTP status codes really mean, quirks of cookies, caching done the right way, compression and more.", "description": "", "recording_license": "", "do_not_record": false, "persons": [{"code": "KZT9D7", "name": "Andr\u00e9 Luyer", "avatar": "https://conference.wireshark.org/media/avatars/ProfielfotoAndre_gvxMwmu.JPG", "biography": "Andr\u00e9 is a senior Performance Consultant and troubleshooter at Rabobank, and has been analyzing packets for over 25 years. He started his career as a troubleshooter for network issues, both hard- and software, and later specialized in performance testing, which requires a combination of in-depth knowledge of networking protocols and coding skills. Andr\u00e9 also delivers an in-house \u2018Wireshark bootcamp\u2019 training course and contributed to the Wireshark project.", "public_name": "Andr\u00e9 Luyer", "guid": "31e5cac9-2607-5709-8202-fd9f433d912d", "url": "https://conference.wireshark.org/sharkfest-25-europe-2025/speaker/KZT9D7/"}], "links": [], "feedback_url": "https://conference.wireshark.org/sharkfest-25-europe-2025/talk/DE8KZY/feedback/", "origin_url": "https://conference.wireshark.org/sharkfest-25-europe-2025/talk/DE8KZY/", "attachments": []}, {"guid": "be879b22-206a-5f58-894d-2261839dd464", "code": "WHU9VP", "id": 140, "logo": null, "date": "2025-11-06T18:45:00+01:00", "start": "18:45", "duration": "03:00", "room": "Grand Ballroom Salons AB", "slug": "sharkfest-25-europe-2025-140-sponsor-technology-showcase-reception-espcape-group-packet-challenge-and-dinner", "url": "https://conference.wireshark.org/sharkfest-25-europe-2025/talk/WHU9VP/", "title": "Sponsor Technology Showcase Reception, esPCAPe Group Packet Challenge and Dinner", "subtitle": "", "track": "Organization", "type": "Dinner", "language": "en", "abstract": "Sake's esPCAPe Group Packet Challenge is back!", "description": "Sake's esPCAPe Group Packet Challenge is back!", "recording_license": "", "do_not_record": false, "persons": [], "links": [], "feedback_url": "https://conference.wireshark.org/sharkfest-25-europe-2025/talk/WHU9VP/feedback/", "origin_url": "https://conference.wireshark.org/sharkfest-25-europe-2025/talk/WHU9VP/", "attachments": []}], "Grand Ballroom Salons CDE": [{"guid": "15eb89c6-5990-5e36-a699-af7daf6a3f23", "code": "3LRMGH", "id": 172, "logo": null, "date": "2025-11-06T10:15:00+01:00", "start": "10:15", "duration": "01:00", "room": "Grand Ballroom Salons CDE", "slug": "sharkfest-25-europe-2025-172-smb-masterclass-outtakes-and-lessons-learned", "url": "https://conference.wireshark.org/sharkfest-25-europe-2025/talk/3LRMGH/", "title": "SMB Masterclass - Outtakes and Lessons Learned", "subtitle": "", "track": "Beginner", "type": "Presentation", "language": "en", "abstract": "The SMB masterclass (available as pre-conference training) throws students into the network of a fictitious company. With the limited time of a one-day class, I had prepared few use cases that did not make it into the class. Here is an extra hour of SMB analysis with a focus on performance analysis.", "description": "The lab environment for the class includes a Windows domain, multiple servers, workstations and applications. The applications were custom-build for this class to show odd behavior from real-world scenarios. \r\nThis presentation will show, how to go from a user experience (\"it's slow\"), get around the usual blame (\"it's the network\") and then identify the root cause. \r\n#pcapincluded\r\n\r\nPlease find additional material at https://www.stellar-bluetani.space/sf25eu/", "recording_license": "", "do_not_record": false, "persons": [{"code": "G7DKUQ", "name": "Eddi Blenkers", "avatar": null, "biography": "For over 20 years, Eddi has been looking at network protocols to find (or rule out) network problems, vulnerabilities, ongoing hacking attacks or just for fun.\r\n\r\nWorking for the Swiss train company BLS as IT security analyst, he is reviewing the configuration of a multitude of systems to improve the overall security of the domain. Wireshark is one of the tools to verify the outcome of a configuration change.\r\n\r\nShameless promotion: Visit https://www.bls.ch/en/freizeit-und-ferien/ausflug to find some of the best destinations in Switzerland.", "public_name": "Eddi Blenkers", "guid": "fe7e996e-5292-58a2-8f18-5390a46d4560", "url": "https://conference.wireshark.org/sharkfest-25-europe-2025/speaker/G7DKUQ/"}], "links": [], "feedback_url": "https://conference.wireshark.org/sharkfest-25-europe-2025/talk/3LRMGH/feedback/", "origin_url": "https://conference.wireshark.org/sharkfest-25-europe-2025/talk/3LRMGH/", "attachments": []}, {"guid": "66053bfa-2fe4-5d9e-84fc-3dcd1c4bce9c", "code": "SSSB3Q", "id": 167, "logo": null, "date": "2025-11-06T11:30:00+01:00", "start": "11:30", "duration": "01:00", "room": "Grand Ballroom Salons CDE", "slug": "sharkfest-25-europe-2025-167-dissector-developer-design-notes", "url": "https://conference.wireshark.org/sharkfest-25-europe-2025/talk/SSSB3Q/", "title": "Dissector developer design notes", "subtitle": "", "track": "Expert / Developer", "type": "Presentation", "language": "en", "abstract": "In this talk we'll go over lots of the details that dissector developers have to contend with. Not only will we touch on some of the Epan APIs available to us, but we will go beyond the API's and discuss the way of thinking about packet dissection design. Here we may discover wisdoms which are not only important to dissector developers, but for software development in general.\r\n\r\nEven though in this talk we will focus on development of C code, Lua dissector developers may take away some deeper insights as well.", "description": "As a core developer I get to see a lot of dissector code, in the form of merge requests, during investigation of bugs, or written by myself. While working on this code I often come across designs which are not optimal for the purpose they serve. This may have to do with the use of poor examples, missing insight into how the packet dissection process really works or lack of understanding of the protocols at hand. Either way more knowledge and insight will hopefully help you to create better dissectors.", "recording_license": "", "do_not_record": false, "persons": [{"code": "JLXRGY", "name": "Jaap Keuter", "avatar": "https://conference.wireshark.org/media/avatars/JaapKeuter_BOSKmU9_BMvJtbH.jpg", "biography": "After studying \"Telecommunications and computer systems\", I worked for a <a href=\"https://www.zdnet.com/home-and-office/networking/philips-business-communications/\">global PABX manufacturer</a> and now for <a href=\"\">a company</a> that designs Ethernet switching and optical transmission systems, among other projects, as an embedded software engineer. Along the way I started using what was then called Ethereal, enhancing it and providing bug fixes, which eventually lead me to becoming a core developer. \r\n\r\nBesides this I like to spend time in the air, either skydiving or flying sailplanes.", "public_name": "Jaap Keuter", "guid": "a68c1c66-3899-53ca-b1a7-49637389a675", "url": "https://conference.wireshark.org/sharkfest-25-europe-2025/speaker/JLXRGY/"}], "links": [], "feedback_url": "https://conference.wireshark.org/sharkfest-25-europe-2025/talk/SSSB3Q/feedback/", "origin_url": "https://conference.wireshark.org/sharkfest-25-europe-2025/talk/SSSB3Q/", "attachments": []}, {"guid": "34808ebd-0459-5f47-905d-8030e94f6950", "code": "TUW8JR", "id": 177, "logo": null, "date": "2025-11-06T15:15:00+01:00", "start": "15:15", "duration": "01:00", "room": "Grand Ballroom Salons CDE", "slug": "sharkfest-25-europe-2025-177-the-art-of-sanitization", "url": "https://conference.wireshark.org/sharkfest-25-europe-2025/talk/TUW8JR/", "title": "The Art of Sanitization", "subtitle": "", "track": "Security", "type": "Presentation", "language": "en", "abstract": "Every once in a while there is a need to share actual capture files with others. Maybe a technical support person at a vendor needs packets to troubleshoot a device your company bought. Or you want to ask a more seasoned network analyst for help (the packet doctors at Sharkfest, for example ;)) In many cases it is necessary to remove sensitive information from the capture file first, for example IP addresses or even meta information about the capture itself. There are different ways to achieve the goal of a sanitized capture file, but there are pros and cons to all of them. In this session we'll take a look at the various option so that you know how to share your capture files without exposing sensitive information.", "description": "", "recording_license": "", "do_not_record": false, "persons": [{"code": "JJLHFE", "name": "Jasper Bongertz", "avatar": "https://conference.wireshark.org/media/avatars/32db88b741fd066a3afc295884850482_KxKZwQ8.jpg", "biography": "Jasper Bongertz is a network security expert with focus on network forensics and incident response at Airbus Defence and Space CyberSecurity. He started working freelance in 1992 while he was studying computer science at the Technical University of Aachen. In 2009, Jasper became a Senior Consultant and Trainer for Fast Lane, where he created a large training portfolio with a special focus on Wireshark and network hacking. In 2013, he joined Airbus Defence and Space CyberSecurity, before moving on to G Data Advanced Analytics in 2019 where he is now the head of the CyberSecurity Incident Response Team (CSIRT).\r\n\r\nJasper is the creator of the packet analysis tool TraceWrangler, which can be used to convert, edit and sanitize PCAP files. His blog regarding network analysis, network forensics and general security topics can be found at blog.packet-foo.com.", "public_name": "Jasper Bongertz", "guid": "01090920-dcf6-5bfc-8ce9-c09dfc5e857c", "url": "https://conference.wireshark.org/sharkfest-25-europe-2025/speaker/JJLHFE/"}], "links": [], "feedback_url": "https://conference.wireshark.org/sharkfest-25-europe-2025/talk/TUW8JR/feedback/", "origin_url": "https://conference.wireshark.org/sharkfest-25-europe-2025/talk/TUW8JR/", "attachments": []}, {"guid": "edf6b4bb-b8e0-597b-948f-29b518ec2fc8", "code": "BEGBHS", "id": 175, "logo": null, "date": "2025-11-06T16:30:00+01:00", "start": "16:30", "duration": "01:00", "room": "Grand Ballroom Salons CDE", "slug": "sharkfest-25-europe-2025-175-attacking-ipv4-networks-with-ipv6-security-implications-of-dual-stack-and-native-ipv6-support", "url": "https://conference.wireshark.org/sharkfest-25-europe-2025/talk/BEGBHS/", "title": "Attacking IPv4 Networks with IPv6: Security Implications of Dual Stack and native IPv6 Support", "subtitle": "", "track": "Security", "type": "Presentation", "language": "en", "abstract": "Modern operating systems ship with native IPv6 support and dual stack configurations enabled by default. While this is essential for comprehensive connectivity, it introduces subtle yet critical security risks - especially in environments still predominantly focusing on IPv4 and IPv4 security.\r\nThis talk provides an overview of dynamic IPv6 configuration options and explores how attackers can exploit IPv6 capabilities to compromise IPv4 networks. We will demonstrate how IPv6 features - such as SLAAC, Router Advertisements, and DHCPv6 - can be weaponized in dual stack setups. For this, we will use Wireshark to analyze different types of attacks and the corresponding behaviors of the targeted operating systems at the packet level. Finally, we will conclude our talk with recommended mitigation strategies for the identified issues.", "description": "", "recording_license": "", "do_not_record": false, "persons": [{"code": "7TKVUK", "name": "Gabor \u00d6sterreicher", "avatar": "https://conference.wireshark.org/media/avatars/7TKVUK_AYdHxjZ.jpeg", "biography": "Gabor is a senior lecturer and researcher at University of Applied Sciences St. P\u00f6lten (Austria), specializing in network technologies and cybersecurity. He has more than 25 years of experience with all types of wired and wireless network technologies and manufacturers such as Cisco and HP/Aruba. Wireshark is therefore his preferred tool for analysis, troubleshooting, and teaching in the field of computer networks.\r\nIn his free time, Gabor can be found on the streets and in the parks of Vienna, swimming in the Danube, playing basketball, traveling, or hiking and snowboarding in the mountains.", "public_name": "Gabor \u00d6sterreicher", "guid": "eb490b00-08ec-5d69-b0df-9d216bb208e5", "url": "https://conference.wireshark.org/sharkfest-25-europe-2025/speaker/7TKVUK/"}, {"code": "H88DXZ", "name": "Stefan Machherndl", "avatar": "https://conference.wireshark.org/media/avatars/H88DXZ_njnlu7M.jpg", "biography": "Stefan Machherndl is a Junior Researcher at St.P\u00f6lten University of Applied Sciences, Austria. He is focusing on network technologies and cybersecurity. He is especially interested in cybersecurity competitions (CTFs), during these competitions he is using Wireshark for attack analysis and to solve forensic challenges.", "public_name": "Stefan Machherndl", "guid": "188b273e-7481-5726-9340-b52dc63d3db6", "url": "https://conference.wireshark.org/sharkfest-25-europe-2025/speaker/H88DXZ/"}], "links": [], "feedback_url": "https://conference.wireshark.org/sharkfest-25-europe-2025/talk/BEGBHS/feedback/", "origin_url": "https://conference.wireshark.org/sharkfest-25-europe-2025/talk/BEGBHS/", "attachments": []}, {"guid": "a681d6cc-9806-5e45-b1b6-9f86f828378f", "code": "8WPTVX", "id": 176, "logo": null, "date": "2025-11-06T17:45:00+01:00", "start": "17:45", "duration": "01:00", "room": "Grand Ballroom Salons CDE", "slug": "sharkfest-25-europe-2025-176-troubleshooting-voip-sip-rtp-analysis-with-wireshark", "url": "https://conference.wireshark.org/sharkfest-25-europe-2025/talk/8WPTVX/", "title": "Troubleshooting VoIP | SIP- & RTP-Analysis with Wireshark", "subtitle": "", "track": "Beginner", "type": "Presentation", "language": "en", "abstract": "Nearly every organization is using Voice over IP (VoIP) in their networks. But sometimes Administrators and Engineers are facing complex challenges. At the signalling part they see incompatibilities between vendors from over 100 RFCs regarding SIP or some weird SIP stack implementations. On the audio side, end-users sometimes experience bad quality because of jitter, loss or latency or they have one-way audio effects because of bad media descriptions. All this comes coupled with the increasing use of encryption and NAT by cloud PBX solutions such as Teams Phone or Webex Calling. \r\n\r\nAttendees will explore the fundamentals of SIP and RTP paired with the use of integrated tools in Wireshark for an effective and efficient troubleshooting. They get some real-world examples and they will be told how these were solved using Wireshark.", "description": "", "recording_license": "", "do_not_record": false, "persons": [{"code": "CZKLHS", "name": "Benjamin Pfister", "avatar": "https://conference.wireshark.org/media/avatars/CZKLHS_nNym8RM.jpg", "biography": "- Head of Networking and Telecommunication at City of Kassel\r\n- Author for several IT-Magazines (Heise, iX, IT-Administrator)\r\n- VoIP and Network Consultant\r\n- Freelance Trainer\r\n- System Administrator for Telecommunication and Networking at City of Kassel\r\n- Service Technician at Deutsche Telekom", "public_name": "Benjamin Pfister", "guid": "8073c3b1-b34d-5b41-91e9-1f6e693c8694", "url": "https://conference.wireshark.org/sharkfest-25-europe-2025/speaker/CZKLHS/"}], "links": [], "feedback_url": "https://conference.wireshark.org/sharkfest-25-europe-2025/talk/8WPTVX/feedback/", "origin_url": "https://conference.wireshark.org/sharkfest-25-europe-2025/talk/8WPTVX/", "attachments": []}]}}, {"index": 5, "date": "2025-11-07", "day_start": "2025-11-07T04:00:00+01:00", "day_end": "2025-11-08T03:59:00+01:00", "rooms": {"Grand Ballroom Salons AB": [{"guid": "03873d49-c9b3-5060-b2bb-87f31c575f48", "code": "ENQ77T", "id": 144, "logo": null, "date": "2025-11-07T09:00:00+01:00", "start": "09:00", "duration": "01:00", "room": "Grand Ballroom Salons AB", "slug": "sharkfest-25-europe-2025-144-sharkbytes", "url": "https://conference.wireshark.org/sharkfest-25-europe-2025/talk/ENQ77T/", "title": "SharkBytes", "subtitle": "", "track": "Organization", "type": "Organization", "language": "en", "abstract": "Come and enjoy an interesting session with learning interesting stuff about each other!", "description": "SharkBytes are great fun and a highlight of the SharkFest conferences. Each year, attendees offer glimpses into their lives by speaking about a particular interest or hobby (unrelated to Wireshark!) that reveals a side of them that fellow SharkFesters would not otherwise know.\r\nIf you want to volunteer to present a 5-minute Byte, please send us an email:\r\nsharkfest@wireshark.org", "recording_license": "", "do_not_record": false, "persons": [], "links": [], "feedback_url": "https://conference.wireshark.org/sharkfest-25-europe-2025/talk/ENQ77T/feedback/", "origin_url": "https://conference.wireshark.org/sharkfest-25-europe-2025/talk/ENQ77T/", "attachments": []}, {"guid": "246149fe-dfc0-5869-93ac-f3060a5d94cd", "code": "NZZFEB", "id": 150, "logo": null, "date": "2025-11-07T10:15:00+01:00", "start": "10:15", "duration": "01:00", "room": "Grand Ballroom Salons AB", "slug": "sharkfest-25-europe-2025-150-may-i-analyze-your-network-planning-and-preparing-packet-captures", "url": "https://conference.wireshark.org/sharkfest-25-europe-2025/talk/NZZFEB/", "title": "May I analyze your network? \u2013 Planning and preparing packet captures", "subtitle": "", "track": "Intermediate", "type": "Presentation", "language": "en", "abstract": "To analyze PCAP files, you have to learn a lot about protocols, processes and typical problems in networks. However, it is just as important to collect the right data at the right place in the network in order to obtain the packet data required for the analysis.\r\nNetwork analysts need clearly defined tasks of what to identify, check, prove or solve. They need to understand the network structure and application behavior at customer sites and finally get permission to capture application traffic with the required equipment.\r\nIn this presentation, Matthias will discuss the issues network analysts need to address before they start collecting data from customer sites or from their own corporate networks. Using real cases, he will explain what was helpful for a successful analysis, and what was not.", "description": "", "recording_license": "", "do_not_record": false, "persons": [{"code": "B9FZJH", "name": "Matthias Kaiser", "avatar": "https://conference.wireshark.org/media/avatars/Kaiser_Matthias_01-2_RBRXRV8.jpg", "biography": "Matthias started working in network analysis in 1996 as a Sniffer University staff instructor at Network General, where he delivered Sniffer University training and coordinated the European instructor team. In 2004, as a freelance instructor and network consultant, he wrote his own courseware on troubleshooting networks with Wireshark. Since 2009, Matthias has been working for ExperTeach, a German training and consulting company, where he manages and teaches the ExperTeach packet analysis curriculum for business customers. He has trained many individuals on Wireshark and helped them identify network and application-related problems since.", "public_name": "Matthias Kaiser", "guid": "b5355950-5a72-5b09-95cb-b5ebc0239d8d", "url": "https://conference.wireshark.org/sharkfest-25-europe-2025/speaker/B9FZJH/"}], "links": [], "feedback_url": "https://conference.wireshark.org/sharkfest-25-europe-2025/talk/NZZFEB/feedback/", "origin_url": "https://conference.wireshark.org/sharkfest-25-europe-2025/talk/NZZFEB/", "attachments": []}, {"guid": "ea910c5d-d0a3-5d30-b3e0-6eca19159212", "code": "RKPTXF", "id": 181, "logo": null, "date": "2025-11-07T11:30:00+01:00", "start": "11:30", "duration": "01:00", "room": "Grand Ballroom Salons AB", "slug": "sharkfest-25-europe-2025-181-user-centered-visual-analysis-of-pcap-data", "url": "https://conference.wireshark.org/sharkfest-25-europe-2025/talk/RKPTXF/", "title": "User-Centered Visual Analysis of PCAP Data", "subtitle": "", "track": "Intermediate", "type": "Presentation", "language": "en", "abstract": "This talk presents NetCapVis, a visual analytics tool that allows users to easily overview PCAP data and quickly filter to relevant data.\r\nWhile Wireshark excels at data processing, its data presentation is complex, and operating it efficiently requires expertise.\r\nNetCapVis is the result of a research project and is under development. New research ideas focus on AI classification of packets and explainable AI visualization.\r\nOne possible future direction is to collaborate on connecting the visual-interactive dashboard to Wireshark as a plugin.\r\nThe talk will focus on three core topics. \r\n1. Visual-Interactive Analysis \r\n2. AI Classification and Explainable AI\r\n3. The combination of the visual-interactive dashboard and Wireshark", "description": "", "recording_license": "", "do_not_record": false, "persons": [{"code": "UVZMXV", "name": "Dr. Alex Ulmer", "avatar": "https://conference.wireshark.org/media/avatars/UVZMXV_PWy5xyt.jpg", "biography": "Alex Ulmer received the master\u2019s degree in computer science and visual computing from Technische Universit\u00e4t Darmstadt, Germany. He completed his PhD degree with the Fraunhofer Institute for Computer Graphics Research and TU Darmstadt. His research interests are focused on visual-interactive\r\nanalysis of cyber security data, progressive visual analytics and explainable AI.", "public_name": "Dr. Alex Ulmer", "guid": "e3cf9161-554f-507c-9a05-ad2a4b993fb7", "url": "https://conference.wireshark.org/sharkfest-25-europe-2025/speaker/UVZMXV/"}], "links": [], "feedback_url": "https://conference.wireshark.org/sharkfest-25-europe-2025/talk/RKPTXF/feedback/", "origin_url": "https://conference.wireshark.org/sharkfest-25-europe-2025/talk/RKPTXF/", "attachments": []}, {"guid": "f269d93a-acfd-580b-9929-cad4e569e684", "code": "FCP7CD", "id": 141, "logo": null, "date": "2025-11-07T12:30:00+01:00", "start": "12:30", "duration": "02:00", "room": "Grand Ballroom Salons AB", "slug": "sharkfest-25-europe-2025-141-lunch-closing-remarks-and-farewell-reception", "url": "https://conference.wireshark.org/sharkfest-25-europe-2025/talk/FCP7CD/", "title": "Lunch, Closing Remarks and Farewell reception", "subtitle": "", "track": "Organization", "type": "Organization", "language": "en", "abstract": "Lunch, Closing Remarks and Farewell reception", "description": "", "recording_license": "", "do_not_record": false, "persons": [], "links": [], "feedback_url": "https://conference.wireshark.org/sharkfest-25-europe-2025/talk/FCP7CD/feedback/", "origin_url": "https://conference.wireshark.org/sharkfest-25-europe-2025/talk/FCP7CD/", "attachments": []}], "Grand Ballroom Salons CDE": [{"guid": "acd4958e-f681-5985-871b-fb3cad63277e", "code": "9ACKNM", "id": 184, "logo": null, "date": "2025-11-07T10:15:00+01:00", "start": "10:15", "duration": "01:00", "room": "Grand Ballroom Salons CDE", "slug": "sharkfest-25-europe-2025-184-cybershark-3001-capture-and-decrypt-wifi-traffic-from-any-device-the-lessons-learned", "url": "https://conference.wireshark.org/sharkfest-25-europe-2025/talk/9ACKNM/", "title": "CyberShark 3001 - Capture and Decrypt Wifi Traffic from any device - The Lessons Learned.", "subtitle": "", "track": "Intermediate", "type": "Presentation", "language": "en", "abstract": "Ever struggled with capturing traffic from your mobile device or felt stumped by encrypted applications? Dive into this comprehensive session to build your very own wired or wireless traffic sniffer using a Raspberry Pi.", "description": "In this engaging workshop, you'll explore:\r\n\r\n-Using a Raspberry Pi as a man in the middle to capture and decrypt app data from smart phones and tablets.  \r\n-How Encryption and Decryption works, in a very simple visual way, so we can understand what the man in the middle proxy is actually doing.\r\n-Selecting the right raspberry pi hardware and software.\r\n-The lessons learned and why it generally failed.", "recording_license": "", "do_not_record": false, "persons": [{"code": "LVXUVN", "name": "Ross Bagurdes", "avatar": "https://conference.wireshark.org/media/avatars/Bagurdes_Headshot_SjVuW0O.jpeg", "biography": "Ross has had a diverse career in engineering, beginning as a structural engineer, then project engineer for a gas utility, Ross was always quickly\r\nassigned the de-facto network administrator, typically after no one else was brave enough to break, and later fix, the network. This lead to working as a network engineer designing and implementing enterprise networks for a major university hospital. Here he worked with\r\nExtreme Networks, HP, Cisco, Tipping Point, among other network technology, as well as honed his Wireshark and protocol analysis skills. Ross\r\nspent 7 years teaching data networking at Madison College, and in 2017 started authoring and producing IT training videos in Wireshark/Protocol\r\nAnalysis, Cisco, and general networking topics for www.Pluralsight.com. In his free time, you'll find Ross and his dog at the beach swimming and\r\nsurfing, traveling, hiking, or snowboarding somewhere in the western US.", "public_name": "Ross Bagurdes", "guid": "0def5250-101e-527e-a22d-2ffc2ecf9ad9", "url": "https://conference.wireshark.org/sharkfest-25-europe-2025/speaker/LVXUVN/"}], "links": [], "feedback_url": "https://conference.wireshark.org/sharkfest-25-europe-2025/talk/9ACKNM/feedback/", "origin_url": "https://conference.wireshark.org/sharkfest-25-europe-2025/talk/9ACKNM/", "attachments": []}, {"guid": "a2313391-15ea-50c7-8c46-f834328cb944", "code": "NTTZDW", "id": 156, "logo": null, "date": "2025-11-07T11:30:00+01:00", "start": "11:30", "duration": "00:30", "room": "Grand Ballroom Salons CDE", "slug": "sharkfest-25-europe-2025-156-wtsc-election-report", "url": "https://conference.wireshark.org/sharkfest-25-europe-2025/talk/NTTZDW/", "title": "WTSC election report", "subtitle": "", "track": "Beginner", "type": "Presentation", "language": "en", "abstract": "This year was the first time that the election of Wireshark Technical Steering Committee (WTSC) members took place.\r\nIn this session we want to report how the election went, how it was organised, what we learned for the next time and why \"a few emails and validating and counting responses and maybe a couple of online meetings for the EC folks\" is not enough.", "description": "", "recording_license": "", "do_not_record": false, "persons": [{"code": "ZWZAC8", "name": "Uli Heilmeier", "avatar": "https://conference.wireshark.org/media/avatars/telefonbuch_uhei_neu_YZK2f7y.png", "biography": "Uli has been working somewhere between IT/OT infrastructure and IT/OT security for more than two decades. His current position is \u2018IT Security Architect\u2019 at Krones AG. He has been a member of the Core Developer Team since 2021.", "public_name": "Uli Heilmeier", "guid": "12e614d0-36da-5dfd-b33a-b0facc8db520", "url": "https://conference.wireshark.org/sharkfest-25-europe-2025/speaker/ZWZAC8/"}], "links": [], "feedback_url": "https://conference.wireshark.org/sharkfest-25-europe-2025/talk/NTTZDW/feedback/", "origin_url": "https://conference.wireshark.org/sharkfest-25-europe-2025/talk/NTTZDW/", "attachments": []}, {"guid": "9b440360-25c5-5848-8818-2ba61d1020a7", "code": "7KLGGZ", "id": 185, "logo": null, "date": "2025-11-07T12:00:00+01:00", "start": "12:00", "duration": "00:30", "room": "Grand Ballroom Salons CDE", "slug": "sharkfest-25-europe-2025-185-foundation-and-wtsc-q-a", "url": "https://conference.wireshark.org/sharkfest-25-europe-2025/talk/7KLGGZ/", "title": "Foundation and WTSC Q&A", "subtitle": "", "track": "Organization", "type": "Presentation", "language": "en", "abstract": "Come and talk to us if you have any wishes or requests for the foundation or the WTSC board members.", "description": "", "recording_license": "", "do_not_record": false, "persons": [], "links": [], "feedback_url": "https://conference.wireshark.org/sharkfest-25-europe-2025/talk/7KLGGZ/feedback/", "origin_url": "https://conference.wireshark.org/sharkfest-25-europe-2025/talk/7KLGGZ/", "attachments": []}]}}]}}}