2025-11-06 –, Grand Ballroom Salons CDE
Language: English
Every once in a while there is a need to share actual capture files with others. Maybe a technical support person at a vendor needs packets to troubleshoot a device your company bought. Or you want to ask a more seasoned network analyst for help (the packet doctors at Sharkfest, for example ;)) In many cases it is necessary to remove sensitive information from the capture file first, for example IP addresses or even meta information about the capture itself. There are different ways to achieve the goal of a sanitized capture file, but there are pros and cons to all of them. In this session we'll take a look at the various option so that you know how to share your capture files without exposing sensitive information.
Jasper Bongertz is a network security expert with focus on network forensics and incident response at Airbus Defence and Space CyberSecurity. He started working freelance in 1992 while he was studying computer science at the Technical University of Aachen. In 2009, Jasper became a Senior Consultant and Trainer for Fast Lane, where he created a large training portfolio with a special focus on Wireshark and network hacking. In 2013, he joined Airbus Defence and Space CyberSecurity, before moving on to G Data Advanced Analytics in 2019 where he is now the head of the CyberSecurity Incident Response Team (CSIRT).
Jasper is the creator of the packet analysis tool TraceWrangler, which can be used to convert, edit and sanitize PCAP files. His blog regarding network analysis, network forensics and general security topics can be found at blog.packet-foo.com.