0.39 sharkfest-25-europe-2025 2025-11-03 2025-11-07 5 00:05 https://conference.wireshark.org Europe/Warsaw Grand Ballroom Salons AB Pre Conference Class 2025-11-03T09:00:00+01:00 09:00 08:00 Level up your Wireshark skills and get ready for Sharkfest! This hands-on course will provide core Wireshark skills for IT pros of all experience levels. Participants will gain a solid understanding of how to use Wireshark to capture, analyze, and troubleshoot network traffic. The course is designed with beginners in mind, but even seasoned packet people will pick up new tips and tricks. sharkfest-25-europe-2025-137-0-pre-conference-class-i-essential-wireshark-skills-practical-packet-analysis-2-day-class Pre-conference class Ross Bagurdes en Topics Covered: Introduction to network analysis and the role of Wireshark Installing and configuring Wireshark Analyzing captured packets, understanding protocol structures, and identifying network issues Utilizing powerful filtering techniques to isolate specific traffic and find the packets that matter Deep Dive into ARP, IP, ICMP, DNS, DHCP, TCP, UDP, QUIC, HTTP, TLS, and much more! Working with command-line tools like TShark true https://conference.wireshark.org/sharkfest-25-europe-2025/talk/RKPHN8/ https://conference.wireshark.org/sharkfest-25-europe-2025/talk/RKPHN8/feedback/ Grand Ballroom Salons CDE Pre Conference Class 2025-11-03T09:00:00+01:00 09:00 08:00 Analyzing TCP connections is one of the biggest topics in network analysis in general, especially when troubleshooting applications or even multi-tiered deployments of servers. How TCP works and detecting problems is one of the 'easy to learn, hard to master' skills that is always in demand. Most Wireshark classes only touch the basics and do not go into the more complex scenarios, especially when it comes to multi point captures to track packet loss and timing issues. In this masterclass you will learn how to troubleshoot TCP in seemingly simple as well as complex and quite challenging cases. sharkfest-25-europe-2025-145-pre-conference-class-ii-tcp-analysis-masterclass Pre-conference class Jasper Bongertz en false https://conference.wireshark.org/sharkfest-25-europe-2025/talk/D8UHZY/ https://conference.wireshark.org/sharkfest-25-europe-2025/talk/D8UHZY/feedback/ Grand Ballroom Salons AB Pre Conference Class 2025-11-04T09:00:00+01:00 09:00 08:00 Level up your Wireshark skills and get ready for Sharkfest! This hands-on course will provide core Wireshark skills for IT pros of all experience levels. Participants will gain a solid understanding of how to use Wireshark to capture, analyze, and troubleshoot network traffic. The course is designed with beginners in mind, but even seasoned packet people will pick up new tips and tricks. sharkfest-25-europe-2025-137-1-pre-conference-class-i-essential-wireshark-skills-practical-packet-analysis-2-day-class Pre-conference class Ross Bagurdes en Topics Covered: Introduction to network analysis and the role of Wireshark Installing and configuring Wireshark Analyzing captured packets, understanding protocol structures, and identifying network issues Utilizing powerful filtering techniques to isolate specific traffic and find the packets that matter Deep Dive into ARP, IP, ICMP, DNS, DHCP, TCP, UDP, QUIC, HTTP, TLS, and much more! Working with command-line tools like TShark true https://conference.wireshark.org/sharkfest-25-europe-2025/talk/RKPHN8/ https://conference.wireshark.org/sharkfest-25-europe-2025/talk/RKPHN8/feedback/ Grand Ballroom Salons AB Dinner 2025-11-04T17:30:00+01:00 17:30 03:00 Let's kick-off the conference in style! sharkfest-25-europe-2025-138-sharkfest-25-europe-welcome-dinner-sponsor-showcase Organization en SharkFest'25 EUROPE Welcome Dinner & Sponsor Showcase false https://conference.wireshark.org/sharkfest-25-europe-2025/talk/VENMYF/ https://conference.wireshark.org/sharkfest-25-europe-2025/talk/VENMYF/feedback/ Grand Ballroom Salons CDE Pre Conference Class 2025-11-04T08:30:00+01:00 08:30 09:00 SMB is the bread and butter protocol used to access file shares in virtually every company and home network. Since Windows Vista / Server 2008, the "classic" SMB has been replaced by SMB2 and later SMB3. Since legacy systems running Windows XP / Server 2003 are increasingly rare, we focus on the newer version. This class will enable students to investigate functional issues and performance problems. Topics covered are * SMB Handshake, selection of a dialect version and user authentication * General process of mounting a share and accessing files * Tracking SMB sessions over multiple interfaces or IP-addresses * SMB functions beyond file sharing (IPC, Named Pipes) * Investigating error codes * Decryption of SMB traffic (not for the faint-hearted) * Understanding the service response time feature for SMB * identification of performance bottlenecks in the network, application logic, client or server sharkfest-25-europe-2025-146-pre-conference-class-iii-smb-masterclass-starting-at-08-30 Pre-conference class Eddi Blenkers en Please note that class will start at 08:30 and end at 17:30. false https://conference.wireshark.org/sharkfest-25-europe-2025/talk/MF8XDP/ https://conference.wireshark.org/sharkfest-25-europe-2025/talk/MF8XDP/feedback/ Grand Ballroom Salons AB Organization 2025-11-05T09:00:00+01:00 09:00 01:00 Gerald Combs & Friends talk about the new developments over the past year sharkfest-25-europe-2025-142-keynote-what-s-new-in-wireshark-4-6 Organization en false https://conference.wireshark.org/sharkfest-25-europe-2025/talk/ULU3WK/ https://conference.wireshark.org/sharkfest-25-europe-2025/talk/ULU3WK/feedback/ Grand Ballroom Salons AB Presentation 2025-11-05T10:15:00+01:00 10:15 01:00 Cloud computing is often described in a very abstract way, but in reality relies on the same networking technologies and protocols we use every day. How can we get visibility into Cloud networks to troubleshoot and secure them? What are the differences between traditional On-premise and Cloud networking and architectures, and what does this tell us about attitudes towards network based security and trouble-shooting? In this talk we will look at Cloud networking from the user perspective, and what some common Cloud architectures look like. We will review options for Packet Capture and network based tools in Cloud compared to On-prem environments, and discuss whether it is practical, beneficial, and necessary. sharkfest-25-europe-2025-170-introduction-to-cloud-packet-capture Beginner Stephen Donnelly en false https://conference.wireshark.org/sharkfest-25-europe-2025/talk/QGAT79/ https://conference.wireshark.org/sharkfest-25-europe-2025/talk/QGAT79/feedback/ Grand Ballroom Salons AB Presentation 2025-11-05T11:30:00+01:00 11:30 01:00 Scanning wireless to find devices with Wireshark sharkfest-25-europe-2025-119-wireless-with-wireshark Intermediate Megumi Takeshita en Wireshark is a tool for analyzing both wireless and wired networks. In this session, Megumi will show you how to find devices on your wireless network. With various scanning tools, we can explore different standards of WiFi networks and Bluetooth using Wireshark. Additionally, tshark and other Wireshark command-line interface (CLI) tools are useful for collecting and summarize device information. Use Wireshark to manage your wireless environment and enhance your wireless security!! false https://conference.wireshark.org/sharkfest-25-europe-2025/talk/87EHWR/ https://conference.wireshark.org/sharkfest-25-europe-2025/talk/87EHWR/feedback/ Grand Ballroom Salons AB Presentation 2025-11-05T13:30:00+01:00 13:30 01:00 Modern industrial networks pose unique challenges for packet analysis. This talk will introduce Wireshark users to the world of Operational Technology (OT) networks – the networks that control physical equipment in factories, power plants, and critical infrastructure – and explain how they differ from traditional Information Technology (IT) networks. We will explore how OT networks prioritize deterministic, time-critical communication in a way that IT networks do not, and why capturing and analyzing packets in OT environments is often more challenging. Attendees will learn about the distinct network architectures and protocols used in OT (from fieldbus and PLC communications to SCADA systems), and how factors like cycle times and real-time scheduling shape traffic patterns. We’ll discuss why OT traffic tends to be highly regular and cyclic (enabling whitelisting of expected flows) in contrast to the bursty, ad-hoc traffic of IT networks . The talk will also highlight security implicat sharkfest-25-europe-2025-178-bridging-the-it-ot-divide-analyzing-operational-technology-networks-with-wireshark Beginner Roland Knall en Key Takeaways: • Fundamental differences in purpose and design between IT and OT networks (priorities of safety/up-time vs. data-centric goals ). • How OT network traffic is deterministic and cycle-driven rather than ad-hoc, with strict timing requirements  . • Awareness of legacy systems and security challenges in OT (long device lifecycles, rare patches, focus on network segregation over frequent updates  ). • Practical tips for using Wireshark on OT protocols, including recognizing industrial protocol traffic and analyzing communication patterns over time. • Examples of diagnosing OT network issues by examining packet timing and sequence instead of just packet content. By the end of this talk, attendees will have a clear understanding of what makes packet capture and analysis in OT environments unique, and how to leverage Wireshark to troubleshoot and monitor industrial network traffic effectively. Expect to gain insight into a fascinating area where networking meets the physical world, and pick up tips that you can apply when you encounter OT protocols in the wild. false https://conference.wireshark.org/sharkfest-25-europe-2025/talk/EUDWFA/ https://conference.wireshark.org/sharkfest-25-europe-2025/talk/EUDWFA/feedback/ Grand Ballroom Salons AB Presentation 2025-11-05T14:45:00+01:00 14:45 01:00 In this talk we will get an overview of networking setup in Kubernetes on the example of Openshift. We will also see how application traffic can be captured and analysed. sharkfest-25-europe-2025-168-let-s-use-wireshark-to-better-understand-kubernetes Intermediate Sergey Guzenkov en false https://conference.wireshark.org/sharkfest-25-europe-2025/talk/P3EFQN/ https://conference.wireshark.org/sharkfest-25-europe-2025/talk/P3EFQN/feedback/ Grand Ballroom Salons AB Presentation 2025-11-05T16:00:00+01:00 16:00 01:00 You’ve wiretapped a suspect’s internet connection. You have the entire packet capture — but not a single clue about what’s relevant, or even what you’re trying to find. In this session, we walk through a real-life criminal investigation involving the forensic analysis of a standard residential internet connection. The task: uncover evidence of illegal online activity, without prior knowledge of the services used, IP addresses involved, or even the nature of the communication. Using only Wireshark and patience, the investigator faced hundreds of thousands of packets, countless domains, and protocols ranging from common to obscure. There were no predefined indicators of suspicious communication—just raw traffic and a hunch that something was hidden within. This talk will demonstrate how targeted filtering, temporal analysis, and a dose of good old-fashioned intuition led to the successful identification of suspicious communication. Starting with nothing but a massive stream of packet sharkfest-25-europe-2025-160-from-full-capture-to-criminal-evidence-a-real-world-case-of-lawful-interception Intermediate Daniel Spiekermann en false https://conference.wireshark.org/sharkfest-25-europe-2025/talk/3SQLN9/ https://conference.wireshark.org/sharkfest-25-europe-2025/talk/3SQLN9/feedback/ Grand Ballroom Salons AB Presentation 2025-11-05T17:15:00+01:00 17:15 01:00 This session offers a practical, Wireshark-driven approach to understanding and troubleshooting MPLS. The goal is to articulate the control plane and data plane's inner workings through packet analysis. We'll deep-dive into packet structures, label exchange mechanisms, and eventually explore some traffic engineering scenarios. This session begins with a quick review of MPLS fundamentals, then dives into real-world use cases and potentially explores related technologies and advancements like SR-MPLS. sharkfest-25-europe-2025-157-level-up-your-mpls-skills-a-wireshark-driven-approach Intermediate Pierre BesombesJuan Pablo Azar Ricciardi en false https://conference.wireshark.org/sharkfest-25-europe-2025/talk/K3QZUJ/ https://conference.wireshark.org/sharkfest-25-europe-2025/talk/K3QZUJ/feedback/ Grand Ballroom Salons AB Dinner 2025-11-05T18:30:00+01:00 18:30 03:00 Join us for a fun night with an opportunity to enjoy wonderful conversations and win some nice prizes! sharkfest-25-europe-2025-139-sponsor-technology-showcase-reception-dinner Organization en false https://conference.wireshark.org/sharkfest-25-europe-2025/talk/ANX98U/ https://conference.wireshark.org/sharkfest-25-europe-2025/talk/ANX98U/feedback/ Grand Ballroom Salons CDE Presentation 2025-11-05T10:15:00+01:00 10:15 01:00 _To be the network or not to be the network, that's the question!_ This is a question we face a lot. The network is blamed by default, but is it really the network. During this session a couple of real life cases will be presented. What was the problem, how was it analyzed, what can we learn about the process and off course the answer to the question: was it the network? sharkfest-25-europe-2025-132-packet-stories Expert / Developer Sake Blok en false https://conference.wireshark.org/sharkfest-25-europe-2025/talk/HUB3MR/ https://conference.wireshark.org/sharkfest-25-europe-2025/talk/HUB3MR/feedback/ Grand Ballroom Salons CDE Presentation 2025-11-05T11:30:00+01:00 11:30 01:00 DNS is a foundational part of the Internet - but also a prime target for attackers. In this talk, we dive into common DNS attack vectors like spoofing, command-and-control traffic via DNS, or DNS tunnelling. We'll explore modern defence mechanisms such as DNSSEC, DNS-over-HTTPS (DoH), and DNS-over-TLS (DoT), and how they help protect DNS integrity and privacy. You'll also get insights into leveraging threat intel and malware feeds to detect malicious domains, plus a look at useful tools for DNS troubleshooting and analysis. sharkfest-25-europe-2025-161-secure-dns-attacks-and-defenses Security Johannes Weber en false https://conference.wireshark.org/sharkfest-25-europe-2025/talk/8UKP7Z/ https://conference.wireshark.org/sharkfest-25-europe-2025/talk/8UKP7Z/feedback/ Grand Ballroom Salons CDE Presentation 2025-11-05T13:30:00+01:00 13:30 01:00 Unlock a groundbreaking approach to packet analysis with "Talk with Your Packets," where cutting-edge AI and Large Language Models (LLMs) meet the world of .pcap and .pcapng files. This session explores how natural language, combined with artificial intelligence and a Retrieval Augmented Generation (RAG) pipeline, can transform traditional packet analysis. We’ll dive into how packets are converted into JSON representations via the CLI, chunked for efficient processing, embedded as vectors, and stored in ChromaDB for retrieval. Democratizing access to advanced packet analysis and making it easier for users to ask meaningful questions about their packet captures. While this solution augments Wireshark by aiding in the filtering and crafting of high-value .pcaps (garbage in, garbage out), it does not replace Wireshark. Instead, it empowers analysts with a more intuitive and streamlined way to interpret packet data. sharkfest-25-europe-2025-163-talk-with-your-packets-ai-powered-natural-language-interaction-with-packet-captures-part-1 Expert / Developer John Capobianco en This will be a mix of slides and live demonstrations as well as Q&A and interactivity with the audience false https://conference.wireshark.org/sharkfest-25-europe-2025/talk/HW7QGN/ https://conference.wireshark.org/sharkfest-25-europe-2025/talk/HW7QGN/feedback/ Grand Ballroom Salons CDE Workshop 2025-11-05T14:45:00+01:00 14:45 02:15 A hands on lab that goes with the lecture. People will be using AI and NL to 'talk to their packets' 2 hour lab sharkfest-25-europe-2025-164-talk-with-your-packets-ai-powered-natural-language-interaction-with-packet-captures-part-2-lab Expert / Developer John Capobianco en A hands on lab that goes with the lecture. People will be using AI and NL to 'talk to their packets' 2 hour lab false https://conference.wireshark.org/sharkfest-25-europe-2025/talk/B3QNQ7/ https://conference.wireshark.org/sharkfest-25-europe-2025/talk/B3QNQ7/feedback/ Grand Ballroom Salons CDE Presentation 2025-11-05T17:15:00+01:00 17:15 01:00 We'll walk through packets captured from a cell phone acquiring a tower, and follow the packet all the way out to the internet. Show filters used when troubleshooting 4G/5G, as well as some real world problems. sharkfest-25-europe-2025-174-lte-5g-packet-flow-explained Intermediate Mark Stout en false https://conference.wireshark.org/sharkfest-25-europe-2025/talk/7YAQ3C/ https://conference.wireshark.org/sharkfest-25-europe-2025/talk/7YAQ3C/feedback/ Grand Ballroom Salons AB Presentation 2025-11-06T09:00:00+01:00 09:00 00:45 Open-source software is everywhere—from network security tools like Wireshark and Suricata to the critical infrastructure enterprises rely on daily. Yet, when OSS enters the corporate conversation, it’s often met with "Isn’t it free? Why should we invest in it?" or “Won’t the community just take care of everything.” or "Who’s responsible if something goes wrong?" Instead of treating OSS as a strategic asset, these misconceptions create barriers to security, sustainability, and innovation. This session will help you shift the OSS conversation—moving from passive consumption to active engagement. Drawing from real-world experience leading OISF (Suricata), we’ll explore how to make the business case for OSS, advocate for responsible adoption, and integrate due diligence into enterprise processes. Attendees will leave with strategies to foster internal support and transform OSS from an afterthought into a competitive advantage. sharkfest-25-europe-2025-128-keynote-shift-the-conversation-open-source-is-free-but-not-free-free Intermediate Kelley Misata en false https://conference.wireshark.org/sharkfest-25-europe-2025/talk/VPBRDM/ https://conference.wireshark.org/sharkfest-25-europe-2025/talk/VPBRDM/feedback/ Grand Ballroom Salons AB Presentation 2025-11-06T10:15:00+01:00 10:15 01:00 Gerald has been working on a new tool that has just been released to the public: Stratoshark. It has the same look and feel of Wireshark (as it shares quite a bit of common code), but you can analyze (linux) system calls and (cloud) logs with it. As per www.stratoshark.org: _Stratoshark lets you explore and investigate the application-level behavior of your systems. You can capture system call and log activity and use a variety of advanced features to troubleshoot and analyze that activity. If you've ever used Wireshark, Stratoshark will look very familiar! It's a sibling application that shares the same dissection and filtering engine and much of the same user interface. It supports the same file format as Falco and Sysdig CLI, which lets you pivot seamlessly between each tool. As an added bonus, it's open source, just like Wireshark and Falco._ This talk will give you an introduction to Stratoshark and some hints to get started your Stratoshark journey. sharkfest-25-europe-2025-131-new-kid-on-the-block-stratoshark Intermediate Sake Blok en false https://conference.wireshark.org/sharkfest-25-europe-2025/talk/NMUBR7/ https://conference.wireshark.org/sharkfest-25-europe-2025/talk/NMUBR7/feedback/ Grand Ballroom Salons AB Presentation 2025-11-06T11:30:00+01:00 11:30 01:00 According to their documentation, modern WebRTC based conferencing solutions require literally thousands of open ports to hundreds of thousands IP addresses to play. How come they still work in todays super restrictive corporate networks - when they were conceived at a time were the Internet was still an idyllic place and a firewall just a clean cut packet filter. And how you can fix them, in case they don't cooperate I invite you to my journey of finding this out and I'll show you my implements ;-) sharkfest-25-europe-2025-158-making-webrtc-work-in-times-of-locked-down-networks-a-hands-on-session-on-how-to-find-out-what-your-favorite-web-conferencing-tool-really-needs Intermediate Robert Hess en **We will look at the big players** • Zoom Web • Teams • Google Meet • Webex • GotoWebinar (not big, but what my company does) What do the specs say wrt IPS/Ports/Domains ? What is the (tested) minimum ? **How do we find out what network requirements they really have?** • Run Wireshark capture in unrestricted network to get a first idea • Have browser export TLS keys so you can read the setup messages • Step by step restrict protocols, address ranges, domains to see what still works. • Live demonstration of test setup **Short sidenote:** How WebRTC finds connections - diagrams of the different configurations **Tests** How do they deal with • Explicit Proxies (SNI) • No local DNS / DNS sinkholes • DPI (Fallback from QUIC to force proxies) • Zscaler connections (split routing) • Non corporate VPN solutions (wireguard based) • How many connections are used in total • IP ranges/domains used **What to do if things fail** common workarounds • WebRTC fallbacks • Exclude Signaling from DPI • Open UDP • TURN server to rescue • Faking DNS false https://conference.wireshark.org/sharkfest-25-europe-2025/talk/8N8MES/ https://conference.wireshark.org/sharkfest-25-europe-2025/talk/8N8MES/feedback/ Grand Ballroom Salons AB Packetdoctors Session 2025-11-06T13:30:00+01:00 13:30 01:30 The experts on this panel have been asked to look at a trace file and help find a reason for certain behaviors by attendees at many SharkFests. Based on this, they’ve decided to create a public forum for examining individual trace files with a broader audience for a collective learning experience. Trace files will be gathered from attendees prior to SharkFest and only given to the panel members during the session so that the “not- knowing what to expect and whether it can be solved” experience of working through an unknown trace file can be preserved. Come to this session and learn to ask the right questions and look at packets in different ways. PLEASE SEND PERPLEXING TRACE FILES FOR ANALYSIS BY THE PANEL TO jasper@packet-foo.com PRIOR TO SHARKFEST! sharkfest-25-europe-2025-143-the-packet-doctors-are-in-packet-trace-examinations-with-the-experts Beginner en true https://conference.wireshark.org/sharkfest-25-europe-2025/talk/CHKWHN/ https://conference.wireshark.org/sharkfest-25-europe-2025/talk/CHKWHN/feedback/ Grand Ballroom Salons AB Presentation 2025-11-06T15:15:00+01:00 15:15 01:00 Network packet analysis remains a cornerstone in both education and research. In this session, we will present a series of practical examples that illustrate its continued relevance and versatility. Our proven format remains unchanged from previous years—expect an interactive, engaging experience enhanced by gamification elements that create a dynamic learning environment. As technology and methodologies evolve, so does our content. We will explore and demonstrate new insights, and approaches that have emerged over the past year. Whether you're new to packet analysis or looking to deepen your expertise, this session will leave you with fresh perspectives and actionable ideas to take away. sharkfest-25-europe-2025-159-wireshark-in-action-empowering-education-and-research Beginner Tom CordemansVille Haapakangas en false https://conference.wireshark.org/sharkfest-25-europe-2025/talk/HREGSB/ https://conference.wireshark.org/sharkfest-25-europe-2025/talk/HREGSB/feedback/ Grand Ballroom Salons AB Presentation 2025-11-06T16:30:00+01:00 16:30 01:00 • You want to reproduce a network problem for specific frames? • You want to test a Wireshark dissector you’ve developed but a sample capture is missing? • You want to test whether an application reacts to all defined commands? • You do a penetration test and want to see how a network device handles undefined data (e.g. with TCP MSS=0) For all these cases, Scapy can help you build the packets you need. In this talk, I will show you how to do it. Scapy is a packet manipulation tool written in Python. It can forge or decode packets, send them on the wire, capture them, and match requests and replies. At the end of the session, we can assemble packages together in a hands-on session. => Bring your laptop with you. sharkfest-25-europe-2025-173-handcrafted-packets-build-network-packets-with-scapy Intermediate Uli Heilmeier en false https://conference.wireshark.org/sharkfest-25-europe-2025/talk/GWBY8A/ https://conference.wireshark.org/sharkfest-25-europe-2025/talk/GWBY8A/feedback/ Grand Ballroom Salons AB Presentation 2025-11-06T17:45:00+01:00 17:45 01:00 In the past HTTP was just used for websites. Today many applications depend on APIs, using HTTP(S) as communication protocol as well. So, when troubleshooting there is a big change that you have to investigate HTTP traffic. With HTTP/2 and HTTP/3 becoming more popular that may require a different approach. This session is not only about how to use Wireshark, but especially about understanding the protocol. What the HTTP status codes really mean, quirks of cookies, caching done the right way, compression and more. sharkfest-25-europe-2025-162-http-deep-dive Beginner André Luyer en false https://conference.wireshark.org/sharkfest-25-europe-2025/talk/DE8KZY/ https://conference.wireshark.org/sharkfest-25-europe-2025/talk/DE8KZY/feedback/ Grand Ballroom Salons AB Dinner 2025-11-06T18:45:00+01:00 18:45 03:00 Sake's esPCAPe Group Packet Challenge is back! sharkfest-25-europe-2025-140-sponsor-technology-showcase-reception-espcape-group-packet-challenge-and-dinner Organization en Sake's esPCAPe Group Packet Challenge is back! false https://conference.wireshark.org/sharkfest-25-europe-2025/talk/WHU9VP/ https://conference.wireshark.org/sharkfest-25-europe-2025/talk/WHU9VP/feedback/ Grand Ballroom Salons CDE Presentation 2025-11-06T10:15:00+01:00 10:15 01:00 The SMB masterclass (available as pre-conference training) throws students into the network of a fictitious company. With the limited time of a one-day class, I had prepared few use cases that did not make it into the class. Here is an extra hour of SMB analysis with a focus on performance analysis. sharkfest-25-europe-2025-172-smb-masterclass-outtakes-and-lessons-learned Beginner Eddi Blenkers en The lab environment for the class includes a Windows domain, multiple servers, workstations and applications. The applications were custom-build for this class to show odd behavior from real-world scenarios. This presentation will show, how to go from a user experience ("it's slow"), get around the usual blame ("it's the network") and then identify the root cause. #pcapincluded Please find additional material at https://www.stellar-bluetani.space/sf25eu/ false https://conference.wireshark.org/sharkfest-25-europe-2025/talk/3LRMGH/ https://conference.wireshark.org/sharkfest-25-europe-2025/talk/3LRMGH/feedback/ Grand Ballroom Salons CDE Presentation 2025-11-06T11:30:00+01:00 11:30 01:00 In this talk we'll go over lots of the details that dissector developers have to contend with. Not only will we touch on some of the Epan APIs available to us, but we will go beyond the API's and discuss the way of thinking about packet dissection design. Here we may discover wisdoms which are not only important to dissector developers, but for software development in general. Even though in this talk we will focus on development of C code, Lua dissector developers may take away some deeper insights as well. sharkfest-25-europe-2025-167-dissector-developer-design-notes Expert / Developer Jaap Keuter en As a core developer I get to see a lot of dissector code, in the form of merge requests, during investigation of bugs, or written by myself. While working on this code I often come across designs which are not optimal for the purpose they serve. This may have to do with the use of poor examples, missing insight into how the packet dissection process really works or lack of understanding of the protocols at hand. Either way more knowledge and insight will hopefully help you to create better dissectors. false https://conference.wireshark.org/sharkfest-25-europe-2025/talk/SSSB3Q/ https://conference.wireshark.org/sharkfest-25-europe-2025/talk/SSSB3Q/feedback/ Grand Ballroom Salons CDE Presentation 2025-11-06T15:15:00+01:00 15:15 01:00 Every once in a while there is a need to share actual capture files with others. Maybe a technical support person at a vendor needs packets to troubleshoot a device your company bought. Or you want to ask a more seasoned network analyst for help (the packet doctors at Sharkfest, for example ;)) In many cases it is necessary to remove sensitive information from the capture file first, for example IP addresses or even meta information about the capture itself. There are different ways to achieve the goal of a sanitized capture file, but there are pros and cons to all of them. In this session we'll take a look at the various option so that you know how to share your capture files without exposing sensitive information. sharkfest-25-europe-2025-177-the-art-of-sanitization Security Jasper Bongertz en false https://conference.wireshark.org/sharkfest-25-europe-2025/talk/TUW8JR/ https://conference.wireshark.org/sharkfest-25-europe-2025/talk/TUW8JR/feedback/ Grand Ballroom Salons CDE Presentation 2025-11-06T16:30:00+01:00 16:30 01:00 Modern operating systems ship with native IPv6 support and dual stack configurations enabled by default. While this is essential for comprehensive connectivity, it introduces subtle yet critical security risks - especially in environments still predominantly focusing on IPv4 and IPv4 security. This talk provides an overview of dynamic IPv6 configuration options and explores how attackers can exploit IPv6 capabilities to compromise IPv4 networks. We will demonstrate how IPv6 features - such as SLAAC, Router Advertisements, and DHCPv6 - can be weaponized in dual stack setups. For this, we will use Wireshark to analyze different types of attacks and the corresponding behaviors of the targeted operating systems at the packet level. Finally, we will conclude our talk with recommended mitigation strategies for the identified issues. sharkfest-25-europe-2025-175-attacking-ipv4-networks-with-ipv6-security-implications-of-dual-stack-and-native-ipv6-support Security Gabor ÖsterreicherStefan Machherndl en false https://conference.wireshark.org/sharkfest-25-europe-2025/talk/BEGBHS/ https://conference.wireshark.org/sharkfest-25-europe-2025/talk/BEGBHS/feedback/ Grand Ballroom Salons CDE Presentation 2025-11-06T17:45:00+01:00 17:45 01:00 Nearly every organization is using Voice over IP (VoIP) in their networks. But sometimes Administrators and Engineers are facing complex challenges. At the signalling part they see incompatibilities between vendors from over 100 RFCs regarding SIP or some weird SIP stack implementations. On the audio side, end-users sometimes experience bad quality because of jitter, loss or latency or they have one-way audio effects because of bad media descriptions. All this comes coupled with the increasing use of encryption and NAT by cloud PBX solutions such as Teams Phone or Webex Calling. Attendees will explore the fundamentals of SIP and RTP paired with the use of integrated tools in Wireshark for an effective and efficient troubleshooting. They get some real-world examples and they will be told how these were solved using Wireshark. sharkfest-25-europe-2025-176-troubleshooting-voip-sip-rtp-analysis-with-wireshark Beginner Benjamin Pfister en false https://conference.wireshark.org/sharkfest-25-europe-2025/talk/8WPTVX/ https://conference.wireshark.org/sharkfest-25-europe-2025/talk/8WPTVX/feedback/ Grand Ballroom Salons AB Organization 2025-11-07T09:00:00+01:00 09:00 01:00 Come and enjoy an interesting session with learning interesting stuff about each other! sharkfest-25-europe-2025-144-sharkbytes Organization en SharkBytes are great fun and a highlight of the SharkFest conferences. Each year, attendees offer glimpses into their lives by speaking about a particular interest or hobby (unrelated to Wireshark!) that reveals a side of them that fellow SharkFesters would not otherwise know. If you want to volunteer to present a 5-minute Byte, please send us an email: sharkfest@wireshark.org false https://conference.wireshark.org/sharkfest-25-europe-2025/talk/ENQ77T/ https://conference.wireshark.org/sharkfest-25-europe-2025/talk/ENQ77T/feedback/ Grand Ballroom Salons AB Presentation 2025-11-07T10:15:00+01:00 10:15 01:00 To analyze PCAP files, you have to learn a lot about protocols, processes and typical problems in networks. However, it is just as important to collect the right data at the right place in the network in order to obtain the packet data required for the analysis. Network analysts need clearly defined tasks of what to identify, check, prove or solve. They need to understand the network structure and application behavior at customer sites and finally get permission to capture application traffic with the required equipment. In this presentation, Matthias will discuss the issues network analysts need to address before they start collecting data from customer sites or from their own corporate networks. Using real cases, he will explain what was helpful for a successful analysis, and what was not. sharkfest-25-europe-2025-150-may-i-analyze-your-network-planning-and-preparing-packet-captures Intermediate Matthias Kaiser en false https://conference.wireshark.org/sharkfest-25-europe-2025/talk/NZZFEB/ https://conference.wireshark.org/sharkfest-25-europe-2025/talk/NZZFEB/feedback/ Grand Ballroom Salons AB Presentation 2025-11-07T11:30:00+01:00 11:30 01:00 This talk presents NetCapVis, a visual analytics tool that allows users to easily overview PCAP data and quickly filter to relevant data. While Wireshark excels at data processing, its data presentation is complex, and operating it efficiently requires expertise. NetCapVis is the result of a research project and is under development. New research ideas focus on AI classification of packets and explainable AI visualization. One possible future direction is to collaborate on connecting the visual-interactive dashboard to Wireshark as a plugin. The talk will focus on three core topics. 1. Visual-Interactive Analysis 2. AI Classification and Explainable AI 3. The combination of the visual-interactive dashboard and Wireshark sharkfest-25-europe-2025-181-user-centered-visual-analysis-of-pcap-data Intermediate Dr. Alex Ulmer en false https://conference.wireshark.org/sharkfest-25-europe-2025/talk/RKPTXF/ https://conference.wireshark.org/sharkfest-25-europe-2025/talk/RKPTXF/feedback/ Grand Ballroom Salons AB Organization 2025-11-07T12:30:00+01:00 12:30 02:00 Lunch, Closing Remarks and Farewell reception sharkfest-25-europe-2025-141-lunch-closing-remarks-and-farewell-reception Organization en false https://conference.wireshark.org/sharkfest-25-europe-2025/talk/FCP7CD/ https://conference.wireshark.org/sharkfest-25-europe-2025/talk/FCP7CD/feedback/ Grand Ballroom Salons CDE Presentation 2025-11-07T10:15:00+01:00 10:15 01:00 Ever struggled with capturing traffic from your mobile device or felt stumped by encrypted applications? Dive into this comprehensive session to build your very own wired or wireless traffic sniffer using a Raspberry Pi. sharkfest-25-europe-2025-184-cybershark-3001-capture-and-decrypt-wifi-traffic-from-any-device-the-lessons-learned Intermediate Ross Bagurdes en In this engaging workshop, you'll explore: -Using a Raspberry Pi as a man in the middle to capture and decrypt app data from smart phones and tablets. -How Encryption and Decryption works, in a very simple visual way, so we can understand what the man in the middle proxy is actually doing. -Selecting the right raspberry pi hardware and software. -The lessons learned and why it generally failed. false https://conference.wireshark.org/sharkfest-25-europe-2025/talk/9ACKNM/ https://conference.wireshark.org/sharkfest-25-europe-2025/talk/9ACKNM/feedback/ Grand Ballroom Salons CDE Presentation 2025-11-07T11:30:00+01:00 11:30 00:30 This year was the first time that the election of Wireshark Technical Steering Committee (WTSC) members took place. In this session we want to report how the election went, how it was organised, what we learned for the next time and why "a few emails and validating and counting responses and maybe a couple of online meetings for the EC folks" is not enough. sharkfest-25-europe-2025-156-wtsc-election-report Beginner Uli Heilmeier en false https://conference.wireshark.org/sharkfest-25-europe-2025/talk/NTTZDW/ https://conference.wireshark.org/sharkfest-25-europe-2025/talk/NTTZDW/feedback/ Grand Ballroom Salons CDE Presentation 2025-11-07T12:00:00+01:00 12:00 00:30 Come and talk to us if you have any wishes or requests for the foundation or the WTSC board members. sharkfest-25-europe-2025-185-foundation-and-wtsc-q-a Organization en false https://conference.wireshark.org/sharkfest-25-europe-2025/talk/7KLGGZ/ https://conference.wireshark.org/sharkfest-25-europe-2025/talk/7KLGGZ/feedback/