Eddi Blenkers
For over 20 years, Eddi has been looking at network protocols to find (or rule out) network problems, vulnerabilities, ongoing hacking attacks or just for fun.
Working for the Swiss train company BLS as IT security analyst, he is reviewing the configuration of a multitude of systems to improve the overall security of the domain. Wireshark is one of the tools to verify the outcome of a configuration change.
Shameless promotion: Visit https://www.bls.ch/en/freizeit-und-ferien/ausflug to find some of the best destinations in Switzerland.
Sessions
SMB is the bread and butter protocol used to access file shares in virtually every company and home network. Since Windows Vista / Server 2008, the "classic" SMB has been replaced by SMB2 and later SMB3. Since legacy systems running Windows XP / Server 2003 are increasingly rare, we focus on the newer version.
This class will enable students to investigate functional issues and performance problems. Topics covered are
-
SMB Handshake, selection of a dialect version and user authentication
-
General process of mounting a share and accessing files
-
Tracking SMB sessions over multiple interfaces or IP-addresses
-
SMB functions beyond file sharing (IPC, Named Pipes)
-
Investigating error codes
-
Decryption of SMB traffic (not for the faint-hearted)
-
Understanding the service response time feature for SMB
-
identification of performance bottlenecks in the network, application logic, client or server