SHARKFEST'14 AGENDA

FULL CONFERENCE AGENDA


+ MONDAY, JUNE 16TH

INTRODUCTORY DAY for WIRESHARK NEWBIES HACKATHON
8:00 am - 9:00 am BREAKFAST - Caleruega Dining Hall
8:00 am - 9:00 pm Badge Pick up and Registration - Angelico Concert Hall
9:00 am - 12:30 pm Introduction to Wireshark with Hands-on Labs (FOR NEWBIES ONLY)
Bring your laptop* and spend the day building your Wireshark fundamental skills so
you’re ready to hit the ground running at Sharkfest 2014.

Topics include:
• Examine Wireshark functionality and elements
• Determine the best capture location and method
• Apply basic capture options and techniques (including capture filters)
• “Walk” through some sample trace files
• Apply display filters to focus on traffic of interest
• Listen to the Expert Info to find traffic problems
• Build graphs to “paint a picture”
• Learn when to use command-line tools (such as Tshark and Editcap)

Using a combination of demonstrations and labs, you will look through numerous trace
files and be ready for the exciting Sharkfest 2014 sessions that await you!

* With the latest version of Wireshark installed, if possible.


Angelico Concert Hall
Chris Greer
Instructor: Chris Greer, Packet Analyst, Packet Pioneer LLC

Chris Greer specializes in packet analysis and training services, helping clients to resolve
network and application performance problems, while training them to do the same on their
own. As a Consultant for Packet Pioneer LLC, he provides remote trace file analysis, on-site
troubleshooting, and delivers training courses for vendor-supported tools. As a Wireshark
Certified Network Analyst, Chris delivers hands-on Wireshark courses and is a certified partner
of Wireshark University. Chris is a regular author for lovemytool.com and various vendor-supported
blogs.
FULL-DAY DROP-IN HACKATHON WITH WIRESHARK CORE DEVELOPERS
Edgehill Legacy
12:30 - 1:45 pm LUNCH - Calereuga Dining Hall
1:45 pm - 5:00 pm Introduction to Wireshark with Hands-on Labs - CONTINUED (FOR NEWBIES ONLY)

Angelico Concert Hall
Chris Greer
6:00 pm - 8:00 pm WELCOME DINNER - Caleruega Dining Hall
8:0 pm - 9:30 pm Dessert Social - Calereuga Dining Hall Lawn and Terrace

+ TUESDAY, JUNE 17TH

BEGINNER INTERMEDIATE ADVANCED HACKATHON
Guzman Hall Angelico Concert Hall Edgehill Garden Room Edgehill Legacy Room
8:00 am - 9:00 am BREAKFAST - Caleruega Dining Hall
8:00 am - 6:00 pm Badge Pick-up, Registration & InfoDesk – Angelico Concert Hall
9:00 am - 10:00 am KEYNOTE: Vinton Cerf
Speaker: Vinton Cerf, co-designer of the TCP/IP protocols and the architecture of the Internet
- Angelico Concert Hall
10:00 am - 10:15 am SESSION TRANSITION
10:15 am - 11:30 am B1: Wireshark for Beginners - The Art of Packet Analysis
This track is geared towards neophyte packet analysts. We’ll cover the TCP/IP stack
from a troubleshooter’s perspective. In addition, protocol interactions in the real world
will be examined. Finally, academic concepts of the TCP/IP protocol stack will be overlaid
with practical and pragmatic examples so the users can hit the ground running.
I1: Best Practices for Packet Collection, Aggregation & Distribution in the Enterprise
This session discusses best practices and lessons learned from building an enterprise-wide
system to collect and aggregate packets from taps and spans in medium to large data centers.
Justifying such an infrastructure and the ROI involves far more than deep dive packet
analysis for problem resolution. The speaker will delve into the whole process from
inception to implementation including how to “sell” a large packet sharing solution.
A1: Writing a Wireshark Dissector
Learn how to write a Wireshark Dissector from a master core developer!
This session is for anyone who would like to add their own dissectors to Wireshark
for proprietary use or to share with the community. The options for writing
a dissector will be presented: text-based using WSGD, script-based using Lua,
and a traditional C dissector.
FULL-DAY DROP-IN HACKATHON WITH WIRESHARK CORE DEVELOPERS
Hangsang Bae
Instructor: Hansang Bae, Dir. of Cascade Product Architecture, Riverbed

Hansang Bae led the Network/Application Performance Engineering Team with direct
responsibility for Packet Capture Infrastructure at Citi until July, 2012 when he joined
Riverbed as Director of Cascade Product Architecture. He brings a unique perspective
with his broad knowledge of protocol analysis in a complex enterprise infrastructure.
J. Scott Haugdahl
Instructor: J. Scott Haugdahl, Technical Architect, BCBS, MN

J. Scott Haugdahl, former CTO of WildPackets where he designed the expert system
for Omnipeek (formerly Etherpeek NX), Principal Architect at US Bank where he
orchestrated a large effort to build a $5M data center packet monitoring and
distribution system, and currently an architect at Blue Cross Blue Shield of
Minnesota working on collaborative enterprise monitoring solutions.
Graham Bloice
Instructor: Graham Bloice, Wireshark Core Developer

For the past 16 years, Graham has been a Windows C++ developer
and member of the R&D Department at Trihedral, a company
that produces a SCADA/HMI toolkit (www.trihedral.com). He
first contributed code to Wireshark in 2000 and was made a Core
Developer shortly after. His early commits were minor things
such as enabling real-time captures on Windows and allowing the hex
bytes display to use inverse video. More recent work has been mostly
in the DNP3 dissector and Windows build environment.
11:30 am - 11:45 am SESSION TRANSITION
11:45 am - 1:00 pm B2: Beginner Tips and Tricks for Efficient Network Analysis
DON’T SCROLL THROUGH PACKETS. There is almost always a better way to locate the
cause of performance problems. You need to do some customization to make Wireshark
work for you. In this session you will learn 10 key Wireshark tricks to rapidly decrease
your problem resolution time.
I2: Common Mistakes in Packet Collection - Things that make Traces Harder to Read
Good trace file analysis begins at the collection stage. If we don’t
get the right packets, at the right time, in the right place, with the
right collection method, then we may spin our wheels looking
through millions of perfectly good packets, behaving exactly as
they should. In this session, we will look into the top mistakes
in packet collection and how to mitigate them, ensuring that traces
are as valid as possible for troubleshooting the root cause of
a problem. We will also explore common capture methods such as
SPAN, Tap, and laptop vs. hardware-based capture, examining the
pros and cons of each.
A2: Defending the Network
When looking at the last year in network security, we’re
seeing an alarming number of serious threats to our
networks. This talk is going to be about network
security/network forensics/intrusion detection topics, and
will take a look at how bad guys abuse computer networks
from home to enterprise level. We will also show how we
can spot malicious traffic and identify compromised systems.
Plus we’re going to get rid of the myth that looking for
downloads of executable files and IRC traffic is the way to do it.
Chris Greer
Instructor: Chris Greer, Packet Analyst, Packet Pioneer LLC

Chris Greer specializes in packet analysis and training services, helping
clients to resolve network and application performance problems, while
training them to do the same on their own. As a Consultant for Packet
Pioneer LLC, he provides remote trace file analysis, on-site
troubleshooting, and delivers training courses for vendor-supported tools.
As a Wireshark Certified Network Analyst, Chris delivers hands-on
Wireshark courses and is a certified partner of Wireshark University. Chris
is a regular author for lovemytool.com and various vendor-supported blogs.
Jasper Bongertz/Christian Landström
Instructors: Jasper Bongertz & Christian Landström
Senior Consultants, Airbus Defence & Space CyberSecurity


Jasper Bongertz is a Senior Technical Consultant and started
working freelance in 1992 when he began studying computer
science at the Technical University of Aachen, before joining
Fast Lane GmbH in 2009. In 2013, he joined Airbus Defence and
Space CyberSecurity, focusing on IT security and network forensics.
During his time with Fast Lane Jasper created a large training
portfolio with a special focus on Wireshark. Jasper is certified
Sniffer Certified Professional (SCP), VMware Certified
Professional (VCP3/4/5) and VMware Certified Instructor (VCI).

Christian Landström has worked in IT since 2004, with a strong
focus on network communications and IT security. After
graduating in computer science in 2008 and joining Synerity
Systems directly afterwards, he moved with the whole Synerity
team to work for Fast Lane GmbH in 2009 as a Senior Consultant.
Since 2013 he’s worked as a Senior Consultant for Airbus Defence
and Space CyberSecurity. He is a certified Cisco teacher as
well as being an OSCP, working on IT security and network analysis
projects.
Laura Chappell
Instructor: Laura Chappell, Founder, Wireshark U, Protocol Analysis Institute & Chappell U

Laura Chappell is the founder of Chappell University and Wireshark University. Long-time, well
-known Wireshark evangelist and author of the best-selling "Wireshark Network Analysis: Official
Wireshark Certified Network Analyst Study Guide" and numerous other industry books, Ms.
Chappell began her career as a network analyst in 1991 when Novell acquired the LANalyzer
product. She has worked with numerous analyzer products since then but, in 1999, decided to
focus her analysis time working exclusively with the open source Ethereal (now known as
Wireshark) network and protocol analysis tool. Laura developed the Wireshark Certified Network
Analyst Program and manages the Wireshark University Authorized Training Partner Program and
the Wireshark University Authorized Instructor Program.
1:00 pm - 2:00 pm LUNCH - Calereuga Dining Hall
2:15 pm - 3:30 pm B3: Expert System Analysis of Wireshark Traces: A User Story
How can rule-based expert systems help with reading and interpreting
Wireshark traces? In this session, we will see case studies from a real
expert system that is in use at a number of large installations. This
session will be co-presented by US Bank which has used the system to
help them solve complex SSL and TCP problems.
I3: Maximizing Packet Capture Performance
Wireshark is a fantastic tool for packet analysis, but reliable analysis
first requires reliable packet capture. In many cases, Wireshark itself is
sufficient for this task, but what options are available if Wireshark can
no longer keep up with a traffic flow? This session will examine a variety
of capture options under Linux and Windows, evaluate their effectiveness,
and explore the concept of building a portable capture device using commodity
hardware.
A3: Custom Packet Analysis and Visualization with SteelScript Application Framework
Packets don't lie, as the saying goes. That doesn't mean teasing the truth
out of thousands or hundreds of thousands of packets is easy. In this
session we'll examine packet analysis in Python using the SteelScript
application framework. This framework combines the power of tshark to
extract fields of interest with the fast and powerful data analysis library
Python Pandas and puts it into a Django-based web interface for
visualization. I'll walk through a few complete examples including:
identifying gaps in a multicast stream, computing statistics such as 95th
percentile, computing bi-directional statistics from uni-directional
streams, and graphing multiple time-series statistics on the same graph.
Nalini Elkins and Conrad Sanders
Instructors: Nalini Elkins, CEO & Founder, Inside Products, Inc.
and Conrad Sanders, Systems Programmer, US Bank


Nalini Elkins, the CEO and Founder of Inside Products, Inc., is a recognized
leader in the field of computer performance measurement and analysis. In
addition to being an experienced software product designer, developer,
and planner, she is a formidable businesswoman. She has been the founder
or co-founder of two start-ups in the high-tech arena. Nalini has a strong
computer networking background, but specializes in network performance analysis,
measurement, monitoring, tuning, and troubleshooting of large enterprise networks
including TCP/IP & SNA. Conrad Sanders is currently a systems programmer for
Union Bank responsible for networking on a mainframe using TCPIP and SNA
protocols and monitoring TCP/IP traffic and reading traces using IPCS and Wireshark.
Andrew Brown
Instructor: Andrew Brown, Network Engineering Team Lead, BATS Exchange

Andy Brown has worked in information technology since 1997 and has been
in the high-performance financial space since 2004. He is a founding
employee of BATS Exchange where he leads the U.S. network engineering
team. He has used Wireshark to diagnose problems ranging from "creative"
vendor interpretations of multicast routing specifications, to switches bugs
like a failure to ARP, and incorrect checksum calculation.
Christopher White
Instructor: Christopher White, Senior Director, Riverbed Technical Council

Chris White is the Sr. Director of the Riverbed Technology Council and
focuses on cross-product strategy and collaboration. Recently Chris has
been working on developing open REST APIs across the product set and
building the SteelScript Python SDK and Application Framework to enable
rapid custom application development in the network operations and
monitoring space.
3:30 pm - 3:45 pm SESSION TRANSITION
3:45 pm - 5:00 pm B4: Fun with Traces
In this session, we’ll review a handful of real-world troubleshooting cases,
starting with the fuzzy description of the issue, refining the description
into a tighter problem statement and sketching a diagram. Then we’ll
turn to the traces and demonstrate techniques to sort through them.
Interactivity is encouraged: you'll download the traces, examine them
and offer your own tips & suggestions on how to analyze them.
Together, we'll slot each case into a Design Pattern – a particular
signature which distinguishes this type of case from others.

• Many Applications Crash
• HL7 Transfers Interrupted
• VMWare Cannot Mount SAN
• Compile Host Aborts
• The Network is Slow
I4: How to Troubleshoot the Top 5 Causes for Poor Application Performance with Wireshark/Pilot
Having worked for and with hundreds of clients over the past 24 years, I
have discovered many simple, yet common mistakes/performance issues tend to
arise. In this session we'll talk about case studies from the field and how we can
shorten “Tiger Teams” from weeks to hours. Topics to include:

Getting good data is key, capture to disk on a budget.
TCP, friend or foe?
SQL, did you write that code or did a robot?
File transfer woes and how to make data “fly” The load balancer can’t possibly be the cause, could it?
A4: PANEL: How intelligent should we make our packet monitoring fabric? Can open source compete?
This panel of experts and vendors will address burning questions such as:

- What if our out-of-band packet switching offered us features such as SSL decryption, or intelligent
content based packet scrubbing for PCI, PHI, and other sensitive data?
- Can commercial vendors successfully support an “open” API into their platform?
- Will Packet Sharing as a Service (PSaaS) become a reality in data centers?
- Could an open source community based on the OpenFlow protocol (a key element of SDN) be as
wildly successful as Wireshark?
Stuart Kendrick
Instructor: Stuart Kendrick, Sustaining Engineer, EMC Isilon

Stuart Kendrick works as a Sustaining Engineer for EMC Isilon, with a
particular focus on troubleshooting and total customer experience. Stuart
started his career in 1984, writing in FORTRAN on Crays for Science
Applications International Corporation. He then worked in help desk, desktop
support, system administration and network support for Cornell University
in Ithaca and, later, Manhattan. Moving from New York to Seattle, Stuart
spent two decades at the Fred Hutchinson Cancer Research Center in a
multi-disciplinary role covering transport, network management, root cause
analysis, and problem management. He is happiest when correlating packet
traces with syslog extracts and writing scripts to query device MIBs.
When he pulls his hands away from the keyboard, he spends time at yoga and
CrossFit.
Mike Canney
Instructor: Mike Canney, Systems Engineer, Riverbed Technology

Before joining Riverbed as a Systems Engineer this year, Mike Canney, well-
versed in multiple sniffer technologies, specialized in providing
application and network performance consulting services: specifically
Application Network-ability Assessments (ANA), network performance
troubleshooting, and deep level packet analysis. Over the past 22 years,
Mike has helped hundreds of companies identify and resolve their application
and network performance issues. Mike has also developed courseware and
taught engineers how to identify, remediate, and prevent network and
application issues by analyzing traffic flows at the packet level. Mike has
been a guest speaker at many industry trade shows (Networld Interop,
Cisco Networkers, e.g.) throughout the United States on the topic of
application performance analysis.
J. Scott Haugdahl and Guests
Panel Moderator: J. Scott Haugdahl , Technical Architect, BCBS, MN

Invited Panelists: John Calderon (Arista), Rony Kay (cPacket), Andy Huckridge
(Gigamon), John Delfeld (Ixia), Scott Harvey (APCON), Justin Scott (Microsoft), and Hansang
Bae (Riverbed).
5:30 pm - 6:00 pm APPETIZERS AND DINNER - ANNE HATHAWAY LAWN
6:00 pm - 7:30 pm SCAVENGER HUNT
7:30 pm - 8:30 pm DINNER
8:30 pm - 9:30 pm Sharkfest Jeopardy and Dessert Reception - GUZMAN HALL

+ WEDNESDAY, JUNE 18TH

BEGINNER INTERMEDIATE ADVANCED HACKATHON
Guzman Hall Angelico Concert Hall Edgehill Garden Room Edgehill Legacy Room
8:00 am - 9:00 am BREAKFAST - Caleruega Dining Hall
8:00 am - 6:00 pm Badge Pick-up, Registration & Information Desk – Sharkfest Lounge, Creekside Room
9:00 am - 10:00 am KEYNOTE: Data Analysis - The Past & The Future, Tim O'Neill
Speaker: Tim O'Neill, Chief Contributing & Technology Editor, LoveMyTool
10:00 am - 10:15 am SESSION TRANSITION
10:15 am - 11:30 am B5: TCP Analysis: First Steps
TCP is the most important protocol when it comes to analyzing and
troubleshooting application behavior. Even though it looks like there is not
much to know about TCP, it is one of those things that are easy to learn
and hard to master. In this talk we’re going to start building TCP
analysis skills from scratch, but even if you think you know how it works,
you still might learn a thing or two. It is also designed to be followed
by my second talk regarding TCP, called “Understanding the Wireshark TCP
Expert” [Session I9].
I5: Monitoring Mobile Network Traffic (3G/LTE)
Traditional traffic monitoring tools target Internet protocols. The
popularity of smartphones and tablets has created a need for tools that
monitor mobile traffic. Its nature is different from today’s wireline
Internet. The main difference is that user traffic is encapsulated in
dynamic tunnels in terms of identifiers, devices and IP addresses. By
contrast, existing telecommunication monitoring tools have been extended to
support wireline Internet protocols, but they often lack the features of
networking monitoring tools.

This talk highlights the challenges of monitoring mobile traffic, shows how
Wireshark can troubleshoot common issues on mobile networks and
demonstrates how open source traffic monitoring tools developed by ntop
have been extended to support mobile traffic monitoring. We present real
telecom operators’ use cases that address: root cause analysis, accounting,
selective protocol detection (e.g. p2p, messaging or undesirable protocols),
and non-repudiation.
A5: Diagramming IT Environments
If I can't draw it, I don't understand it. And understanding, of course,
plays quite the role in troubleshooting. In this session, I provide you
with electronic templates, practical techniques, and real-world examples
to get you started on this project. We review dozens of diagrams: networks,
storage systems, applications – critiquing them and accumulating a list
of tips & traps. From this review, I propose deeper lessons around how
sustainability and supportability interact with design and architecture
and how to use diagramming to share your troubleshooting strategies with
your peers, as well as to communicate the costs of business decisions
upward.
FULL-DAY DROP-IN HACKATHON WITH WIRESHARK CORE DEVELOPERS
Jasper Bongertz
Instructor: Jasper Bongertz, Sr. Technical Consultant, Airbus Defence
and Space CyberSecurity


Jasper Bongertz is a Senior Technical Consultant and started working
freelance in 1992 when he began studying computer science at the Technical
University of Aachen, before joining Fast Lane GmbH in 2009. In 2013, he
joined Airbus Defence and Space CyberSecurity, focusing on IT security
and network forensics. During his time with Fast Lane, Jasper created a
large training portfolio with a special focus on Wireshark. Jasper is a
Sniffer Certified Professional (SCP), VMware Certified Professional
(VCP3/4/5) and VMware Certified Instructor (VCI).
Luca Deri
Instructor: Luca Deri, Leader, ntop Project

Luca Deri is the leader of the ntop project (www.ntop.org), aimed at
developing an open-source monitoring platform for high-speed traffic
analysis. He worked for University College of London and IBM Research, prior
to receiving his PhD at the University of Berne with a thesis about
software components for traffic monitoring applications. Well known in the
open-source and Linux community, as well in the industry where he has
been appointed in the technical advisory board of several leading
companies, he currently shares his time between the ntop project and the
University of Pisa where he has been appointed as lecturer at the CS
department.
Stuart Kendrick
Instructor: Stuart Kendrick, Sustaining Engineer, EMC Isilon

Stuart Kendrick works as a Sustaining Engineer for EMC Isilon, with a
particular focus on troubleshooting and Total Customer Experience. He
started his career in 1984, writing in FORTRAN on Crays for SAIC; then
worked in help desk, desktop support, system administration, and network
support for Cornell University in Ithaca and later Manhattan. He spent 2
decades at the Fred Hutchinson Cancer Research Center in Seattle in a multi-
disciplinary role covering transport, network management, root cause
analysis, and Problem Management. He is happiest when correlating packet
traces with syslog extracts and writing scripts to query device MIBs. When
he pulls his hands away from the keyboard, he spends time at yoga and
CrossFit.
11:30 am - 11:45 am SESSION TRANSITION
11:45 am - 1:00 pm B6: GET /started/with/ HTTP Analysis
HTTP has grown from its humble beginnings of serving only web pages.
Big time! It is now the de facto means of distributed application communication
and is found in every tier of the data center. This session will explore this
ubiquitous protocol for beginner to intermediate Wireshark analysts. It will
start with a brief overview of how HTTP fits into the protocol stack and the relevant
Wireshark preferences (settings) at each layer, including how to decrypt HTTP over
SSL. It will finish with how to customize and leverage Wireshark to work best for HTTP.
In addition, it will touch on using other free tools in conjunction with Wireshark to aid in
understanding web page performance.
I6: Getting the Most out of Your SDN
Fundamentally, SDN is still mostly about network plumbing. A rigid interpretation
of SDN confines it to Layers 2 and 3, and that’s reasonable. But SDN opens
opportunities for novel constructions in Layers 4 to 7 that solve real operational
problems in data centers. Data is everywhere, constantly on the move, seemingly
always overflowing. Networks move data, but not all networks are suitable
for all data. Finding (or building) the right network, with the right applications,
is still a labor-intensive task. Must it always be this way? No: applications, storage,
and networks can together be described by software constructs—let’s call this
collection a super-blob—in the hands of skilled developers. Freed from their
dependence on any given location, super-blobs can move around as necessary,
resting on any physical fabric that can satisfy their requirements. As requirements
change, locations may change—while preserving all application states. To be most
effective, orchestration tools for these super-blobs must have full visibility into the
complete stack, and should use that information for closed-loop feedback and analysis.
Indeed, much of the interesting innovation in SDNs is actually taking place above and
outside the plumbing itself.
A6: Large-Scale Passive Network Monitoring using Ordinary Switches
Large networks come with costly and time consuming problems. Secondary
monitoring networks, fed by taps and/or spans can assist in collecting
telemetry data that are needed to solve complex production issues. These
networks are commonly nonstarters due to the cost associated with deploying
in a large enterprise data center. A little help from openflow, SDN, and
a mass of ordinary switches make this solution not just feasible at scale
but very effective.
Robert Bullen
Instructor: Robert Bullen, Engineer, Application Performance Management,
Blue Cross Blue Shield Minnesota


Robert Bullen has been in the packet analysis space in one form or another for
most of his 15-year career as both a developer and user. For the last five years
he’s been an application performance engineer for two Minnesota-based enterprises
where he has relied heavily on the Wireshark tool suite, and during which time he
contributed enhancements to the Wireshark code base. Robert has attended several
Sharkfests and came away from each inspired in one way or another. This year, he’s paying
it forward by sharing his expertise as a presenter with hopes to inspire others.
Steve Riley
Instructor: Steve Riley, Technical Director, Office of the CTO, Riverbed

Steve Riley is a Technical Director in the Office of the CTO at Riverbed Technology.
His specialties include the performance and security aspects of enterprise and cloud
computing. Steve has a long career of public speaking, having participated in
hundreds of events around the world. He is co-author of Protect Your Windows
Network, contributed a chapter to Auditing Cloud Computing, has published
numerous articles, and conducted technical reviews of several data networking and
telecommunications books. At Riverbed, Steve concentrates on high-performance
architectures that span multiple clouds, public and private; advises field teams and
customers about secure deployments; and contemplates the future of networking.
Before Steve joined Riverbed, he was the cloud security strategist at Amazon Web
Services and a security consultant and advisor at Microsoft. In both capacities, he
developed patterns and practices for secure deployments and operations. Steve is
a member of the Kubuntu Team (which maintains Ubuntu’s KDE-flavored distribution)
and is a global moderator of its community forum. Besides lurking in the Internet's
dark alleys and secret passages, he enjoys freely sharing his opinions about the
intersection of technology and culture.
Justin Scott and Rich Groves
Instructors: Justin Scott, Sr. Network Engineer, Microsoft & Rich Groves,
Principal Architect, A10 Networks


Justin Scott started working at Microsoft in 2007 as a network operations engineer.
His team’s primary responsibility was investigating all service-impacting network
outages and addressing common problems like “my file transfer is slow” or “my
application is experiencing latency”. Turning to Wireshark helped cut through
ambiguous problem statements and quickly isolated networking versus application
issues. Knowing how to perform packet analysis has proven to be a huge time saver.
Rich Groves was a Principal Network Architect for Microsoft for 6 years, responsible
for data center architecture and innovation for Internet facing systems and cloud
services, working on Openflow, security, and deeper network visibility before joining
A10 Networks as Principal Network Architect in 2012.
1:00pm - 1:45pm LUNCH - Calereuga Dining Hall
1:45 pm - 3:00 pm B7: IPv6 Transition Techniques
You can’t convert a good-sized network to IPv6 in one day or even one month.
You will need some type of transition technique. In this session, we will cover:

• Tunneling
• Translation : 6to4, SLB-PT
• Teredo, NAT64
• 6RD, etc.
• What is deprecated
• Security issues
• What is being discussed at IETF
I7: [PANEL] Whales and Sharks: Will Commercial Packet Analyzers Survive Alongside Wireshark in the Enterprise?
Wireshark continues to enjoy runaway success as it continues to get better
and better with each release. Join this panel of experts in a lively discussion
and debate as to why we continue to snap up commercial (and pricey) big box
analyzers for our data centers. What are the best coexistence practices today?
What do real users see as the direction and survival for commercial offerings?
How critical is training, support, integration, virtualization, security?
A7: Dive Even Deeper - Capturing, Analyzing and Filtering System Events
Are you a packet capture fan? Do you think that packets never lie? Then
you should attend this session in which Loris, a Sharkfest and packet capture
veteran, showcases an open source tool called sysdig that captures, decodes,
and filters operating system events in similar ways to tcpdump and Wireshark.
Loris will demonstrate how to make a capture file that contains not only the
requests that Apache receives, but also the files it touches and the commands it
runs. Loris will provide tips and tricks and include examples of how sysdig
can be used in real-world scenarios.
Nalini Elkins
Instructor: Nalini Elkins, CEO & Founders, Inside Products, Inc.

Nalini Elkins, the CEO and Founder of Inside Products, Inc., is a recognized
leader in the field of computer performance measurement and analysis. In addition
to being an experienced software product designer, developer, and planner,
she is a formidable businesswoman. She has been the founder or co-founder of two
start-ups in the high-tech arena. Nalini has a strong computer networking background,
but specializes in network performance analysis, measurement, monitoring, tuning,
and troubleshooting of large enterprise networks including TCP/IP & SNA.
J. Scott Haugdahl (Moderator)
Expert Panel: J. Scott Haugdahl (Moderator), Laura Chappell (WSU), Mike Canney (Riverbed),
Brad Drake (US Bank), Kevin Burns (Comcast)


J. Scott Haughdahl has taught thousands of professionals the fine art of protocol analysis, wrote
the book “Network Analysis and Troubleshooting”, founded Net3 Group to create an expert system
and then sold it to WildPackets, becoming their CTO. Scott was then asked to join US Bank as a
Principal Architect where he gained a deep inside knowledge of large Enterprise systems and
founded the Network Application Analysis (NAA) team. He provided the leadership and vision
to create a dream network analysis infrastructure for the bank’s new state-of-the-art data center.
The dream became reality as a $5+ million Shared Data Access Network (known as the SDAN)
deployed across multiple US Bank data centers. Mission accomplished, Scott was then hired
at Blue Cross Blue Shield to do it all over again! Scott loves to spend time “up north” at his cabin
and enjoys reading, photography, and travel.
Loris Degioanna/Davide Schiera
Instructors: Loris Degioanni, Co-Founder & CEO and Davide Scheira, Engineering Manager,
Draios, Inc.


Mr. Loris Degioanni co-founded CACE Technologies, Inc. in 2005 and served as its Chief
Technology Officer and Chief Engineer. Mr. Degioanni Co-Founded Draios Inc. in 2013
and serves as its Chief Executive Officer. During his time as a graduate student, he developed
the WinPcap packet capture library which became the base for tools like nMap, Snort,
Ethereal/Wireshark and many others. Mr. Degioanni got his PhD in Computer Science from
Politecnico di Torino in 2003.
3:00 pm - 3:15 pm SESSION TRANSITION
3:15 pm - 4:30 pm B8: Beginner Tips and Tricks for Troubleshooting Time
Time is of the essence. There are two time factors that we watch carefully
when troubleshooting slow networks—path latency time and application
response time. In this session we will use various Wireshark features to
measure time and spot path latency and application response time problems.
I8: Wireshark in the Large Enterprise
In this session, you'll learn how to optimize use of the world's most
popular network and protocol analyzer in a large enterprise from a master
Wireshark veteran.
A8: Old & Busted: C-code… New Hotness: Lua!
Forget writing C-code, use Lua instead! This session discusses using Lua in
Wireshark, as well as the new things Lua scripts can do in the latest Wireshark
release.
Laura Chappell
Instructor: Laura Chappell, Founder, Wireshark U, Protocol Analysis Institute & Chappell U

Laura Chappell is the founder of Chappell University and Wireshark University. Long-time, well
-known Wireshark evangelist and author of the best-selling "Wireshark Network Analysis: Official
Wireshark Certified Network Analyst Study Guide" and numerous other industry books, Ms.
Chappell began her career as a network analyst in 1991 when Novell acquired the LANalyzer
product. She has worked with numerous analyzer products since then but, in 1999, decided to
focus her analysis time working exclusively with the open source Ethereal (now known as
Wireshark) network and protocol analysis tool. Laura developed the Wireshark Certified Network
Analyst Program and manages the Wireshark University Authorized Training Partner Program and
the Wireshark University Authorized Instructor Program.
Hansang Bae
Instructor: Hansang Bae, Dir. of Cascade Product Architecture, Riverbed

Hansang Bae led the Network/Application Performance Engineering Team with direct
responsibility for Packet Capture Infrastructure at Citi until July, 2012 when he joined
Riverbed as Director of Cascade Product Architecture. He brings a unique perspective
with his broad knowledge of protocol analysis in a complex enterprise infrastructure.
Hadriel Kaplane
Instructor: Hadriel Kaplan, Principal Architect, Communications GBU, Oracle

Hadriel is a Principal Architect in the Communications GBU at Oracle (through an
acquisition of Acme Packet). Prior to Acme Packet, he worked for the University of
New Hampshire's InterOperability Lab, Bay Networks, Nortel Networks, and an
IP router startup named Avici Systems. He's spent the past 10 years at Acme Packet
in the Voice over IP market. At Acme, he worked in the office of the CTO in various
roles in architecture, software development, standards, and customer interface.
He is an active member of the IETF, has written numerous SIP-related drafts, and is
an author of RFCs as well as being a member of the Board of Directors of the SIP
Forum. He's contributed some code for Wireshark as well, mostly to improve the Lua
API.
4:30 pm - 4:45 pm SESSION TRANSITION
4:45 pm - 6:00 pm B9: How to Get to the Root Cause of a Problem, Quickly!
Finding the root cause of poor performance and intermittent problems is a challenge
in the complex infrastructures of modern applications. Virtualization of servers and
desktops complicates troubleshooting. Cloud services can be a complete mystery.
In many organisations, the troubleshooting process involves many discussions about
what might be happening, then making configuration changes or upgrading things
to see if that fixes it. Often this doesn’t work. If you know the root cause of a problem,
you can fix it and validate the fix. Using his experience from hundreds of successful
troubleshooting engagements, Graeme will use client case studies to walk through
the process, tools and incredible pace to a resolution that can be achieved when you
take a holistic end to end approach to technical troubleshooting. If you want to know
how an investigation into Office365 connectivity problems resulted in 2.4TBytes of
iSCSI traffic packet analysis, then this is the session for you! And that’s just one job
and a ‘normal’ day for a troubleshooter…
I9: Understanding the Wireshark TCP Expert
Wireshark comes with a software module that analyzes the flow of TCP
conversations and offers diagnostic messages that often help pinpoint a
problem. Unfortunately, there are some situations where this “TCP expert”
gets confused or isn’t looking at the packets hard enough. It is important
to know the strengths and weaknesses of the TCP expert to be able to
tell where it is doing things right, and where it needs a little help.
A9: Wi-Fi Threats and Counter Measures
Wi-Fi has evolved drastically since the first IEEE 802.11 (legacy) standard was
released in 1997 – higher bandwidth, ubiquitous availability and support for
mission critical applications. However, Wi-Fi security continues to be a hot
topic. The nature of threats may have changed, but threats still remain. This
session presents the main Wi-Fi threats that are relevant today and the best
practices that users and enterprises can take to protect against them. Wi-Fi
Threats can be broadly classified as AP-based threats, client-based threats
and denial of service (DoS) attacks. With the help of Wireshark packet captures,
we will cover several examples of Wi-Fi threats seen in real-life:

- AP-based threats, e.g. accidental or malicious misconfiguration of an AP,
unauthorized APs in enterprise WLANs
- Client threats, e.g. insecure smartphones, accidental connection to evil-twin APs
- DoS attacks, e.g.RF level jammers and 802.11 MAC protocol level attacks

Once we lay out the threat landscape, we will provide best practices to combat
these threats – from user education, to defining enterprise security policies, to
implementing right IEEE 802.11 standards and, finally, to employing the right
set of tools to enforce security policies automatically.
Graeme Bailey
Instructor: Graeme Bailey, Founder, TARCA

Graeme is a troubleshooter with over 35 years experience in all aspects of system
and infrastructure having worked for Burroughs, HP, 3Com and others. He founded
TARCA (Troubleshooting and Root Cause Analysis) in 2008, having identified a clear
need for an independent consultancy firm with the capability to address end to end
performance. Taking network analysis further than the network itself, TARCA
encompasses applications, workstations, servers, storage, networks and connectivity,
to provide a unique, unbiased insight into issues. TARCA helps to resolve problems
for their clients more rapidly, often bringing together a wide variety of third parties and
gaining agreement as to the precise cause of the issue. This maximises productivity
potential for both people and equipment, often resulting in huge savings through the
improvements they make together.
Jasper Bongertz
Instructor: Jasper Bongertz, Sr. Technical Consultant, Airbus Defence
and Space CyberSecurity


Jasper Bongertz is a Senior Technical Consultant and started working
freelance in 1992 when he began studying computer science at the Technical
University of Aachen, before joining Fast Lane GmbH in 2009. In 2013, he
joined Airbus Defence and Space CyberSecurity, focusing on IT security
and network forensics. During his time with Fast Lane, Jasper created a
large training portfolio with a special focus on Wireshark. Jasper is a
Sniffer Certified Professional (SCP), VMware Certified Professional
(VCP3/4/5) and VMware Certified Instructor (VCI).
Gopinath KN
Instructor: Gopinath KN, VP of Engineering, AirTight Networks

Gopi has more than 16 years of experience in systems, networks and security.
He has devoted the previous eight years to understanding wireless security
issues and building cutting-edge security systems. Gopi is also a speaker,
instructor, and an author with several patents and technical publications to his
credit. He speaks at popular international conferences such as RSA, Interop,
and CSI and contributes to several influential technology publications. He
has been a member of Bell Labs Research, and is currently VP of Engineering at
Airtight Networks. Gopi holds a Master of Technology (MTech.) degree from IIT
Kanpur, India.
6:00 pm - 7:00 pm RECEPTION - CONLAN POOL
7:00 pm - 9:00 pm SPONSOR SHOWCASE & RECEPTION, DINNER AND TRADE SHOW - CONLAN GYM

+ THURSDAY, JUNE 19TH

BEGINNER INTERMEDIATE ADVANCED HACKATHON
Guzman Hall Angelico Concert Hall Edgehill Garden Room Edgehill Legacy Room
8:00 am - 9:00 am BREAKFAST - Caleruega Dining Hall
8:00 am - 5:00 pm Information Desk – Sharkfest Lounge, Creekside Room
9:00 am - 10:00 am Shark Bytes - ANGELICO CONCERT HALL
Shark Bytes consist of “little crunchy bits of wisdom.” Like the immensely popular
TED Talks, Shark Bytes aim to inform, inspire, surprise and delight as presenters
share their personal perspective on a topic in under 5 minutes. To submit your
Shark Byte title, email shark[email protected] by noon, May 31, 2014 with your
name and email address and we'll add you to the line-up!
10:15 am - 11:30 am B10: Understanding Wireshark's Reassembly Features
Wireshark comes with several features, from which the ability to reassemble
data streams is one of the most important to many analysts.

While this comes handy for tasks like e.g. data extraction from TCP streams,
it can mess up the analysis in total when interfering with time-based analysis
and protocol-specific information. With reassembly being enabled by default,
it is critical to be aware of the impact this has on several functions like statistics
and packet info display order.

Beware: Live-Session, bring your 'Shark to join the analysis!

Target audience: Beginner / Intermediate
I10: Anatomy of a Cyber Attack
It’s not a question of if you will be attacked, it’s a question of when and
how you will be attacked and what info can be used against you! This session
will cover the methods and motivation for starting a cyber-attack, including
personal and corporate attack profiles and the intelligence-gathering methods
of cyber criminals. We’ll also share pointers on how can you make yourself a
smaller and more difficult targe
A10: Introduction to Software-Defined Radio
A software defined radio captures raw signals and uses software to process
the radio information, allowing it to receive anything it's possible to
tune to. Recently software defined radios have drastically dropped in
price but the software to use them hasn't yet gotten simpler. This is an
intro to the hardware available and the software possibilities.
FULL-DAY DROP-IN HACKATHON WITH WIRESHARK CORE DEVELOPERS
Christian Landström
nstructor: Christian Landström, Sr. Consultant, Airbus Defence and
Space CyberSecurity


Christian Landström has worked in IT since 2004, with a strong
focus on network communications and IT security. After
graduating in computer science in 2008 and joining Synerity
Systems directly afterwards, he moved with the whole Synerity
team to work for Fast Lane GmbH in 2009 as a Senior Consultant.
Since 2013 he’s worked as a Senior Consultant for Airbus Defence
and Space CyberSecurity. He is a certified Cisco teacher as
well as being an OSCP, working on IT security and network analysis
projects.
Tim O'Neill
Instructor: Tim O'Neill, Co-Founder, LoveMyTool.com

Tim “The Oldcommguy(tm)” O’Neill has been in the communications world
for more than a few years. From his start as an amateur radio operator at age
13, he moved on to helping design and bringing to market many diagnostic
tools for a variety of vendors. Tim continues to help corporations define and
test tools and solutions that address today’s complex networks and forensic
needs. A published, degreed and patent- holding engineer, firm supporter of
open source technology (especially Wireshark), and certified Cyber Forensic
and Cyber Safety Instructor, Tim instructs and is a sought-after speaker for
Cyber Security and Network conferences. Tim is also a Senior IEEE, ISSA
and Digital Forensics Association member and the co-founder and Chief
Technology Editor of www.lovemytool.com, which covers a wide variety of
subjects advocating real and full network visibility. In simple terms, Tim is a
network and cyber geek who, after almost 50 years in technology, still looks
forward to every opportunity to delve deeper.
Mike Kershaw
Instructor: Mike Kershaw, Chief Architect, Blackphone

Mike Kershaw is the creator of the Kismet wireless sniffer tool,
as well as several other open source software and hardware
projects. He is currently the Chief Architect of Blackphone.
11:30 am - 11:45 am SESSION TRANSITION
11:45 am - 1:00 pm B11: IPv6 Security: Assessment Tools and Infrastructure Mitigation
Similar infrastructure security issues found in IPv4 exist for IPv6. Router
Advertisements (RAs) play a key role in IPv6 address auto-configuration
operations as the means for host devices obtaining their IPv6 address and
default gateway definitions. DHCPv6 may be a key method for assigning
hosts their IPv6 addresses as well. In both cases, rogue devices can disrupt
network operations, but infrastructure devices (ie, switches and routers)
generally have technology to mitigate such attacks - RA Guard, DHCPv6
Snooping, and ND Snooping. Using the latest IPv6 tools, attacks to a
demonstration network will be orchestrated, IPv6 "First Hop Security"
protection techniques will be implemented on the switches, and verification
of the mitigation will be validated.
I11: Visualizing Problems through Packets
One of the most challenging problems for a network engineer is the ability
to bridge their knowledge of the network and protocol operation in trouble-
shooting unfamiliar applications and systems. In this presentation, we
propose methods an engineer can use to address this problem. Specifically,
we illustrate how to leverage knowledge of the network and protocols in
combination with tools such as Wireshark to reveal how problems manifest
themselves in the packets we collect and analyze. We will present real-world
case studies to illustrate techniques to quickly gather the details necessary to
identify and solve complicated application-network interaction problems.
A11: Definitive Diagnostic Data: A Rapid Problem Resolution Perspective
There's a lot of data flying through the air that doesn't have simple
hardware to decode it. A software-defined radio captures raw signals and
uses software to process the radio information, allowing it to receive
anything it's possible to tune to. Recently software-defined radios have
drastically dropped in price, but the software to use them hasn't yet gotten
simpler. This is an introduction to the hardware available and the software
possibilities. Definitive Diagnostic Data: An RPR Perspective DDD is a
salient characteristic of the Rapid Problem Resolution methodology that
Paul Offord and Advance7 have developed and that provides the framework
for the Root Cause Analysis seminars I offer at conferences. Using case
studies, I describe the symptoms, review the network diagram, and then
illustrate how we instrumented the path from client through network to
server and application, sometimes successfully, sometimes not. I
encourage interactivity: bring your own techniques and share them. You will
leave with a catalogue of specific tools & approaches, both quick and dirty
as well as thorough and complete, for instrumenting your own Root Cause
Analysis efforts.
Jeff Carrell
Instructor: Jeff Carrell, Network Security Consultant, Network Conversions

Jeff Carrell is a frequent industry speaker, freelance writer, IPv6 Forum Certified
Trainer, network instructor and course developer to major networking manufacturers,
and technical lead and co-author on Guide to TCP/IP 4th Edition (contributing IPv6
content). Jeff focuses on IPv6 interoperability and delivers lectures and IPv6 hands
on labs at technical conferences worldwide. As an IPv6 Forum Certified IPv6 Trainer,
Jeff offers IPv6 Forum Silver and Gold Certified courses, customized IPv6 training
courses, is an IPv6 Instructor for HP Education Services for their IPv6 Foundations
course, and an IPv6 Instructor for Nephos6 for their IPv6 Foundations course. Jeff is
a featured IPv6 instructor for the gogoNET online community, offering webinars and
online workshops on IPv6 technologies via the gogoTRAINING initiative. Jeff is also
an "Ask the Wireshark Expert Workshop" facilitator for Riverbed. Jeff has been
involved in the computer industry for 35 years and has concentrated his endeavors
in the internetworking portion of the industry for over 28 of those years.
Kevin Burns
Instructor: Kevin Burns, Principal Engineer, Comcast Data Center Engineering

Kevin Burns is a Principal Engineer with Comcast and the author of "TCP/IP Analysis
and Troubleshooting Toolkit". He has been performing and teaching protocol
analysis for 18 years at various companies and the last 11 years with Comcast.
Kevin began his career in protocols and complex troubleshooting back in 1995
when he attended a course taught by Scott Haugdahl and has had a passion
for analyzing difficult problems ever since.
Stuart Kendrick
Instructor: Stuart Kendrick, Sustaining Engineer, EMC Isilon

Stuart Kendrick works as a Sustaining Engineer for EMC Isilon, with a
particular focus on troubleshooting and total customer experience. Stuart
started his career in 1984, writing in FORTRAN on Crays for Science
Applications International Corporation. He then worked in help desk, desktop
support, system administration and network support for Cornell University
in Ithaca and, later, Manhattan. Moving from New York to Seattle, Stuart
spent two decades at the Fred Hutchinson Cancer Research Center in a
multi-disciplinary role covering transport, network management, root cause
analysis, and problem management. He is happiest when correlating packet
traces with syslog extracts and writing scripts to query device MIBs.
When he pulls his hands away from the keyboard, he spends time at yoga and
CrossFit.
1:00 pm - 2:00 pm LUNCH & Birds of a Feather Sessions - Caleruega Dining Hall
2:15 pm - 3:30 pm B12: VoIP Analysis and Troubleshooting
VoIP network analysis is a specialized sub-set of traditional Network Analysis
and encompasses the skills of not only capturing data, but also the ability to discern
unusual patterns hidden within seemingly normal network traffic. This course will
provide the student with a set of analysis techniques focusing on the use of vendor-
neutral, open source tools to provide insight into the following areas:

- VoIP network analysis fundamentals using open source tools to recognize traffic
patterns associated with VoIP network behavior
- Recognition of a variety of issues that affect VoIP-based networks and the quality
of the voice data. Factors including, latency, out-of-sequence packets, jitter and
quality of service and how the End-User experiences them, will be analyzed and
evaluated. Key VoIP related protocols including SIP, MGCP, SCCP, UNISTEM,
H.323, and related supporting protocol architectures will be examined.
I12: Capturing a packet - from Ether and Wire to Wireshark
When performing a capture, quite a few things can cause unexpected results.
This talk explains the capture process for both wired and wireless media to
be able to avoid surprises when looking at the capture results. The first
part of this talk covers the path of a packet from the wire and cooked wireless
through hardware, driver, kernel and libraries until it becomes visible in
Wireshark. The second part covers some of the additional surprises raw and
cooked wireless capture have to offer, explains their causes and how to mitigate
them.
A12: (Not So) False Positives in Application Performance Analysis
One of the finest moments in an analysis project is when you
finally find the needle in the haystack and drill down into the
very event causing your customers network problem. But there
are "needles" that are perfectly valid and just draw an analysts
attention because they look so fishy and yet they are partially
or completely non-related to the job. This session will show
and analyze some real-world scenarios, where you can get
caught into misleading statements and talk about how to avoid
these situation.

Beware: Live-Session, bring your 'Shark to join the analysis!
Phill Shade
Instructor: Phill Shade, CEO & Founder, Merlion's Keep Consulting

Phillip D. Shade is the CEO and founder of Merlion’s Keep Consulting,
a professional services company specializing in all aspects of network and
forensics analysis providing a full range of professional training and
customized curriculum development. Phill is now a Certified Wireshark
University Instructor and Global Knowledge instructor. Drawing from his 30+
years of hands-on, real world experience in network analysis, troubleshooting
and cyber forensics/security, Phill's presentations use a highly energetic,
knowledgeable and informative style. Phill can be contacted at
[email protected] or [email protected]
Joerg Mayer
Instructor: Joerg Mayer, Wireshark Core Developer

Jörg Mayer studied computer science at the University of Kaiserslautern
for almost 10 years. As side jobs, he started working as a Unix systems
administrator in 1992 and as a network administrator in 1995, where he
worked with routers and network services such as news, mail and DNS.
After getting his diploma, he started work in a company providing router
and firewall support. In 2000, he founded his own company and has been
working as a trainer, consultant and network troubleshooter for products
from Cisco, Enterasys and ExtremeNetworks ever since. Network analysis has
long been a beloved hobby which started with etherfind in 1993 followed by
tcpdump, snoop and Ethereal. Jörg is a Wireshark Core developer.
Christian Landström
nstructor: Christian Landström, Sr. Consultant, Airbus Defence and
Space CyberSecurity


Christian Landström has worked in IT since 2004, with a strong
focus on network communications and IT security. After
graduating in computer science in 2008 and joining Synerity
Systems directly afterwards, he moved with the whole Synerity
team to work for Fast Lane GmbH in 2009 as a Senior Consultant.
Since 2013 he’s worked as a Senior Consultant for Airbus Defence
and Space CyberSecurity. He is a certified Cisco teacher as
well as being an OSCP, working on IT security and network analysis
projects.
3:30 pm - 3:45 pm SESSION TRANSITION
3:45 pm - 5:00 pm B13: WiFi Direction Finding
In a corporate environment, wireless management tools often offer the ability
to locate a wireless device. However, precision is variable and depends on the
amount of sensors present and sometimes direction finding is necessary to
pinpoint the offending device. In this session, you will learn how to do WiFi
direction finding (with a practical example) as well as how to choose the hardware.
It will also include the basics of wireless networks and the different architectures.
I13: Analysis and Visualization
They say a picture is worth 1,000 words. So how many packets is one worth?
This session will discuss several practical visualizations that can help
you hunt like a shark in a sea of packets. You’ll learn about Wireshark’s
built-in visualizations, e.g. its I/O graph and tcptrace, that are immensely
useful. But you’ll also learn that tshark and Excel can be combined to
produce custom visualizations appropriate for the task at hand.
A13: Old & Busted: C-code… New Hotness: Lua!
Forget writing C-code, use Lua instead! This session discusses using Lua in
Wireshark, as well as the new things Lua scripts can do in the latest Wireshark
release.
Thomas D'Otreppe
Instructor: Thomas d'Otreppe, Author, Aircrack-ng

Thomas d'Otreppe, Mister X, is a wifi hacker and the author of Aircrack-ng, a Wi-Fi
auditing suite. He has designed Offensive-Security WiFu, a proactive wireless
security course with Mati Aharoni and also contributes to BackTrack Linux. He works
as a software developer for NEK Advanced Securities Group.

Twitter: @aircrackng and @openwipsng
Robert Bullen
Instructor: Robert Bullen, Engineer, Application Performance Management,
Blue Cross Blue Shield, MN


Robert Bullen has been in the packet analysis space in one form or another for
most of his 15-year career as both a developer and user. For the last five
years he’s been an application performance engineer for two Minnesota-based
enterprises where he has relied heavily on the Wireshark tool suite, and during
which time he contributed enhancements to the Wireshark code base. Robert
has attended several Sharkfests and came away from each inspired in one way
or another. This year, he’s paying it forward by sharing his expertise as a presenter
with hopes to inspire others.
Hadriel Kaplane
Instructor: Hadriel Kaplan, Principal Architect, Communications GBU, Oracle

Hadriel is a Principal Architect in the Communications GBU at Oracle (through an
acquisition of Acme Packet). Prior to Acme Packet, he worked for the University of
New Hampshire's InterOperability Lab, Bay Networks, Nortel Networks, and an
IP router startup named Avici Systems. He's spent the past 10 years at Acme Packet
in the Voice over IP market. At Acme, he worked in the office of the CTO in various
roles in architecture, software development, standards, and customer interface.
He is an active member of the IETF, has written numerous SIP-related drafts, and is
an author of RFCs as well as being a member of the Board of Directors of the SIP
Forum. He's contributed some code for Wireshark as well, mostly to improve the Lua
API.
5:00 pm - 5:15 pm SESSION TRANSITION
5:15 pm - 6:00 pm The Future of Wireshark: Inside Wireshark Qt and Parting Remarks

ANGELICO CONCERT HALL


Presenters: Gerald Combs and Laura Chappell
6:30 pm - 8:30 pm FAREWELL DINNER & PACKET CHALLENGE AWARDS - Calereuga Dining Hall & Creekside