To see our schedule with full functionality, like timezone conversion and personal scheduling, please enable JavaScript and go here.
08:00
08:00
60min
Breakfast and badge pick-up
Grand Ballroom Salon E
09:00
09:00
480min
Pre-conference class II: TCP Analysis Masterclass
Jasper Bongertz

Analyzing TCP connections is one of the biggest topics in network analysis in general, especially when troubleshooting applications or even multi-tiered deployments of servers. How TCP works and detecting problems is one of the 'easy to learn, hard to master' skills that is always in demand. Most Wireshark classes only touch the basics and do not go into the more complex scenarios, especially when it comes to multi point captures to track packet loss and timing issues. In this masterclass you will learn how to troubleshoot TCP in seemingly simple as well as complex and quite challenging cases.

Pre-conference class
Grand Ballroom Salon E
09:00
480min
Pre-conference class III: SSL/TLS Troubleshooting with Wireshark
Sake Blok

The applications of today depend more and more on secure communication channels. For most internet applications the TLS protocol (still mostly referred to as SSL) is providing the secure channel to communicate over. To be able to troubleshoot problems with Applications that use (mutual) TLS, one must understand how TLS sessions are set up, how certificates and certificate authorities come into play and how you can look inside the encrypted traffic to analyse the (cleartext) application data. In this session you will gain a better understanding of the operation of the TLS protocol and more importantly, you will learn how to troubleshoot TLS based communications when things don't work as expected.

Pre-conference class
Grand Ballroom Salons A-D
17:30
17:30
180min
SharkFest'25 US Welcome Dinner & Sponsor Showcase

Let's kick off the conference in style

Organization
Grand Ballroom Salon E
08:00
08:00
60min
Breakfast
Grand Ballroom Salon E
09:00
09:00
60min
Keynote: Things I Love About Wireshark (and maybe a couple of things I don't)
Gerald Combs

Gerald Combs & Friends talk about the new developments over the past year

Organization
Grand Ballroom Salon E
10:00
10:00
15min
Break
Grand Ballroom Salon E
10:00
15min
Break
Grand Ballroom Salons A-D
10:15
10:15
60min
Are You Ready for Post Quantum Encryption?
Larry Greenblatt

While many people like Ray Kurzweil and Sabine Hossenfelder point out that that we have not really seen any real cause for concern that quantum computing is about to actually work, much less crack the world’s encryption technologies, there are regulations in the works such as FIPS 203 (as well as FIPS 204 & FIPS 205), to migrate to quantum safe algorithms. In this talk, I plan to use Wireshark to sniff out TLS handshakes using Microsoft Edge and Google Chrome to see the algorithms negotiated, which are threatened by quantum computing “Shor’s Algorithm” and why it may actually be faster anyway to migrate.

Security
Grand Ballroom Salons A-D
10:15
60min
New kid on the block: Stratoshark
Sake Blok

Gerald has been working on a new tool that has just been released to the public: Stratoshark. It has the same look and feel of Wireshark (as it shares quite a bit of common code), but you can analyze (linux) system calls and (cloud) logs with it.

As per www.stratoshark.org:
Stratoshark lets you explore and investigate the application-level behavior of your systems. You can capture system call and log activity and use a variety of advanced features to troubleshoot and analyze that activity. If you've ever used Wireshark, Stratoshark will look very familiar! It's a sibling application that shares the same dissection and filtering engine and much of the same user interface. It supports the same file format as Falco and Sysdig CLI, which lets you pivot seamlessly between each tool. As an added bonus, it's open source, just like Wireshark and Falco.

This talk will give you an introduction to Stratoshark and some hints to get started your Stratoshark journey.

Intermediate
Grand Ballroom Salon E
11:15
11:15
15min
Break
Grand Ballroom Salon E
11:15
15min
Break
Grand Ballroom Salons A-D
11:30
11:30
60min
Sharkmon - Packet Monitoring using Tshark
Andreas Diedrich

Using Sharkmon - Wireshark User can now finally start monitoring - using same syntax, same core technology - but for 1000s of pcap files - data over hours, days, months

Intermediate
Grand Ballroom Salon E
11:30
60min
Talk with Your Packets: AI-Powered Natural Language Interaction with Packet Captures
John Capobianco

Unlock a groundbreaking approach to packet analysis with "Talk with Your Packets," where cutting-edge AI and Large Language Models (LLMs) meet the world of .pcap and .pcapng files. This session explores how natural language, combined with artificial intelligence and a Retrieval Augmented Generation (RAG) pipeline, can transform traditional packet analysis.

We’ll dive into how packets are converted into JSON representations via the CLI, chunked for efficient processing, embedded as vectors, and stored in ChromaDB for retrieval. Democratizing access to advanced packet analysis and making it easier for users to ask meaningful questions about their packet captures.

While this solution augments Wireshark by aiding in the filtering and crafting of high-value .pcaps (garbage in, garbage out), it does not replace Wireshark. Instead, it empowers analysts with a more intuitive and streamlined way to interpret packet data.

Expert / Developer
Grand Ballroom Salons A-D
12:30
12:30
60min
Lunch
Grand Ballroom Salon E
12:30
60min
Lunch
Grand Ballroom Salons A-D
13:30
13:30
60min
Chase the latency
Megumi Takeshita

End users and application teams complain to you about the latency, but we want to prove it is not network, how about that? The latency lies everywhere, not only in the network round trip time.

Intermediate
Grand Ballroom Salon E
13:30
60min
walk through 3GPP packet flow
Mark Stout

In this talk we will go over the packet flow when your cell phone acquires a LTE network, and what the packets look like once you are connected. We will also cover how wireshark tools can be used to look at traffic with tunneling protocols used in LTE.

Intermediate
Grand Ballroom Salons A-D
14:30
14:30
15min
Break
Grand Ballroom Salon E
14:30
15min
Break
Grand Ballroom Salons A-D
14:45
14:45
135min
Detecting Evil with Network Traffic Analysis
Marcelle Lee

Learn how to recognize and detect malicious activity on the wire.

Security
Grand Ballroom Salons A-D
14:45
60min
Wireshark Packet Capture is like Real Estate: Location Matters
George Cragg

Wireshark and packet analysis shows us what happened but to understand the why behind what we see, we apply our expectation of what should happen to what we actually observe. To set the proper expectation, how we actually capture and the location of our diagnostic tool is important. This is a discussion of how we can determine where and how a capture is taken based on what we observe in our pcap files.

Beginner
Grand Ballroom Salon E
15:45
15:45
15min
Break
Grand Ballroom Salon E
16:00
16:00
60min
"I'm exploiting Your IPv4 Network with IPv6"
Jeff Carrell

26 years after the initial release of IPv6 we observe that many networks are not formally implementing IPv6, however, most modern desktop, server, and network OS's have had IPv6 enabled for 15+ years. That means many IT departments and technologists don't understand that IPv6 is in fact all over their networks nor what the potential implications are.

This session will encompass the access/recon/exploit of an "IPv4 only" network using IPv6...and yes, Wireshark will be used!

Intermediate
Grand Ballroom Salon E
17:00
17:00
15min
Break
Grand Ballroom Salon E
17:00
15min
Break
Grand Ballroom Salons A-D
17:15
17:15
60min
From Power Lines to Packets: Network Troubleshooting in the Power Grid
Daniel Lopez

Did you know that communication networks play a critical role in the power grids reliability and safety? In this session, we will look at the power grid from a bird’s eye view, highlighting its key components: generation, transmission, distribution, and consumers. Each area is interconnected through various networks, which play a crucial role in the efficient operation of the power grid. We will then focus on the devices that are essential for safeguarding the power grid and communicating critical information to other devices and SCADA systems. To bring these concepts to life, we will walk through a real customer issue and highlight the critical role Wireshark played in troubleshooting and determining root cause.

Beginner
Grand Ballroom Salon E
17:15
60min
The Making of the Wireshark Certified Analyst (WCA) Exam
Chris Greer, Ross Bagurdes

The Wireshark Certified Analyst exam is here. This is an exciting step for the Wireshark Community!

In this session, Chris and Ross, who helped to develop the WCA, go into the steps that were taken to create, develop and deliver the exam. Beyond sharing the objectives, we will explore the intended audience, how to prepare, sample labs, and what types of jobs this certification will support. Time will be taken for live training labs that feature exam objectives, as well as for Q+A about the certification.

Come learn more about the certification and find out if you are ready to become one of the first WCA’s in the world!

Organization
Grand Ballroom Salons A-D
18:30
18:30
180min
Sponsor Technology Showcase Reception, Treasure Hunt & Dinner

Join us for a fun night with an opportunity to enjoy wonderful conversations and win some nice prizes!

Organization
Grand Ballroom Salon E
08:00
08:00
45min
Breakfast
Grand Ballroom Salon E
08:45
08:45
60min
Cloud doesn’t have Packets!
Stephen Donnelly

It’s easy to laugh at the apocryphal executive quote “Cloud doesn’t have Packets!”, but is there something to it? What might they have meant?

What are the differences between traditional On-premise and Cloud networking and architectures, and what does this tell us about attitudes towards network based security and trouble-shooting?

In this talk we will look at how Cloud differs from On-prem networking, what common Cloud architectures look like, and how they can confound established practice. We will review options for Packet Capture and network based tools in Cloud compared to On-prem environments, and discuss whether it is practical, beneficial, and necessary.

Beginner
Grand Ballroom Salon E
08:45
60min
Solving Cybersecurity with JA4+ Network Fingerprinting
John Althouse

In this presentation I will explain how JA4+ network fingerprinting works and show you how to use it to detect malware clients, their c2 servers, reverse SSH shells, connections from proxies and VPNs, estimating the location of the true client behind the proxy or VPN, and a lot more, all just by passively looking at the network traffic with JA4+ and without the need to break encryption.

JA4+ is free and available across a wide range of open source and vendor tools you already use including Wireshark, Zeek, Arkime, Suricata, Censys, Vectra, etc.

Security
Grand Ballroom Salons A-D
09:45
09:45
15min
Break
Grand Ballroom Salon E
09:45
15min
Break
Grand Ballroom Salons A-D
10:00
10:00
60min
Building support for an in-house performance engineering team
Tim DeLamatre

While many companies have a network engineer that becomes the de facto packet analyst, building a full performance engineering (PE) team takes time and effort, as well as support from upper management. This talk will chronicle one team's experience with building and maintaining a high-achieving PE team over the past 13 years.
This is designed to be an interactive discussion of what Performance Engineering is and what the future is for packet experts. Come ready to share your stories and challenges.

Beginner
Grand Ballroom Salon E
10:00
60min
Packet Stories
Sake Blok

To be the network or not to be the network!

This is a question we face a lot. The network is blamed by default, but is it really the network. During this session a couple of real life cases will be presented. What was the problem, how was it analyzed, what can we learn about the process and off course the answer to the question: was it the network?

Expert / Developer
Grand Ballroom Salons A-D
11:00
11:00
15min
Break
Grand Ballroom Salon E
11:00
15min
Break
Grand Ballroom Salons A-D
11:15
11:15
60min
Vint Cerf Keynote: The Good, the Bad, the Ugly: Internet from 2025 on...
Vint Cerf

RFC 3271 spoke about the Internet being for everyone. Even today, in 2025, it isn't. Its functionality keeps growing and changing - new protocols are created - a good reason that Wireshark has a future! Despite its penetration, the Internet is not yet reliably for everyone. In this talk, I will review technical and policy considerations that must be treated to overcome to achieve an Internet that really is for everyone. Will AI help? A question worthy of exploration.

Organization
Grand Ballroom Salon E
12:15
12:15
60min
Lunch
Grand Ballroom Salon E
12:15
60min
Lunch
Grand Ballroom Salons A-D
13:15
13:15
90min
The Packet Doctors are in! Packet trace examinations with the experts

The experts on this panel have been asked to look at a trace file and help find a reason for certain behaviors by attendees at many SharkFests. Based on this, they’ve decided to create a public forum for examining individual trace files with a broader audience for a collective learning experience. Trace files will be gathered from attendees prior to SharkFest and only given to the panel members during the session so that the “not-
knowing what to expect and whether it can be solved” experience of working through an unknown trace file can be preserved.
Come to this session and learn to ask the right questions and look at packets in different ways.
PLEASE SEND PERPLEXING TRACE FILES FOR ANALYSIS BY THE PANEL TO [email protected] PRIOR TO SHARKFEST!

Grand Ballroom Salon E
14:45
14:45
15min
Break
Grand Ballroom Salon E
14:45
15min
Break
Grand Ballroom Salons A-D
15:00
15:00
60min
How do you know Wi-Fi Device is the Problem?
Eva Santos

Wireless environments are complicated. Sometimes devices do not behave the way we expect. When these strange situations occur, how do you know whether your client device, AP, or other server resource is the issue? This presentation will review how to determine if devices are following the IEEE 802.11 standard and how to approach Wi-Fi issue resolution between client device and AP vendors.

Intermediate
Grand Ballroom Salon E
15:00
135min
Tales of a System Call Spelunker - Using sysdig and Stratoshark to examine system internals
Josh Clark

Ahead of time, please ensure you have both Wireshark (www.wireshark.org) and Stratoshark (www.stratoshark.org) installed, and download the session resources from Github: https://github.com/je-clark/sharkfest-25-us-stratoshark

With the recent release of Stratoshark, we finally have a familiar tool that helps us understand how the internals of servers and operating systems function. This talk will walk through some basic examples of how to set up and run sysdig to gather system call captures, and how to use Stratoshark to gain a deeper understanding of what runs on our networks.

From this talk, expect:
- Detailed sysdig and Stratoshark capture information
- Examples showing how packet data from Wireshark shows up in a Stratoshark capture
- Examples of real life troubleshooting with Stratoshark

Expert / Developer
Grand Ballroom Salons A-D
16:00
16:00
15min
Break
Grand Ballroom Salon E
16:15
16:15
60min
The Next Gen Network Engineer
Scott Robohn

Being a network engineer today requires much more than an understanding of subnets, spanning tree, and packet capture decodes. All the traditional skills matter, but many more are required in today's increasingly software-centric world. You can add on many of the new skills desired, and this presentation takes you through new topics for your consideration, and approaches to learning and acquiring skills in ways that fit your interest and job needs.

Intermediate
Grand Ballroom Salon E
17:15
17:15
15min
Break
Grand Ballroom Salon E
17:15
15min
Break
Grand Ballroom Salons A-D
17:30
17:30
60min
Containerlab - a Modern way to Design, Deploy, and Test Network Labs
Saju Salahudeen

Containerlab is a modern open source tool to orchestrate and manage container based labs. During this session, we will provide an introduction to Containerlab and its features, deployment examples with container and VM based images followed by packet capture methods using Wireshark and Edgeshark.

Beginner
Grand Ballroom Salon E
17:30
60min
CyberShark 3001 - Capture and Decrypt Wifi Traffic from any device
Ross Bagurdes

Ever struggled with capturing traffic from your mobile device or felt stumped by encrypted applications? Dive into this comprehensive session to build your very own wired or wireless traffic sniffer using a Raspberry Pi.

Intermediate
Grand Ballroom Salons A-D
18:30
18:30
180min
Sponsor Technology Showcase Reception, esPCAPe Group Packet Challenge and Dinner

Sake's esPCAPe Group Packet Challenge is back!

Organization
Grand Ballroom Salon E