Sharkfest '14 Abstracts and Bios

FULL CONFERENCE ABSTRACTS/BIOS

9:00 am – 12:30 pm

Introduction to Wireshark with Hands-on Labs (FOR NEWBIES ONLY)

Chris Greer

 

Bring your laptop (With the latest version of Wireshark installed, if possible) and spend the day building your Wireshark fundamental skills so you're ready to hit the ground running at Sharkfest 2014. Using a combination of demonstrations and labs, you will look through numerous trace files and be ready for the exciting Sharkfest 2014 sessions that await you!

Topics include:

  • Examine Wireshark functionality and elements
  • Determine the best capture location and method
  • Apply basic capture options and techniques (including capture filters)
  • "Walk" through some sample trace files
  • Apply display filters to focus on traffic of interest
  • Listen to the Expert Info to find traffic problems
  • Build graphs to "paint a picture"
  • Learn when to use command-line tools (such as Tshark and Editcap)

 

Chris Greer specializes in packet analysis and training services, helping clients to resolve network and application performance problems, while training them to do the same on their own. As a Consultant for Packet Pioneer LLC, he provides remote trace file analysis, on-site troubleshooting, and delivers training courses for vendor-supported tools. As a Wireshark Certified Network Analyst, Chris delivers hands-on Wireshark courses and is a certified partner of Wireshark University. Chris is a regular author for lovemytool.com and various vendor-supported blogs.

1:45 pm – 5:00 pm

Introduction to Wireshark with Hands-on Labs (CONTINUED)

Chris Greer

 

Bring your laptop (With the latest version of Wireshark installed, if possible) and spend the day building your Wireshark fundamental skills so you're ready to hit the ground running at Sharkfest 2014. Using a combination of demonstrations and labs, you will look through numerous trace files and be ready for the exciting Sharkfest 2014 sessions that await you!

Topics include:

  • Examine Wireshark functionality and elements
  • Determine the best capture location and method
  • Apply basic capture options and techniques (including capture filters)
  • "Walk" through some sample trace files
  • Apply display filters to focus on traffic of interest
  • Listen to the Expert Info to find traffic problems
  • Build graphs to "paint a picture"
  • Learn when to use command-line tools (such as Tshark and Editcap)

 

Chris Greer specializes in packet analysis and training services, helping clients to resolve network and application performance problems, while training them to do the same on their own. As a Consultant for Packet Pioneer LLC, he provides remote trace file analysis, on-site troubleshooting, and delivers training courses for vendor-supported tools. As a Wireshark Certified Network Analyst, Chris delivers hands-on Wireshark courses and is a certified partner of Wireshark University. Chris is a regular author for lovemytool.com and various vendor-supported blogs.

9:00 am – 10:00 am

Keynote - Vinton Cerf

Recipient of the National Medal of Technology, the Turing Award, and the Presidential Medal of Freedom

 

We are honored and delighted to announce that Vinton Cerf, co-designer of the TCP/IP protocols and the architecture of the Internet, will return to Sharkfest to deliver the opening Keynote.

 

10:15 am – 11:30 am

B1: Wireshark for Beginners - The Art of Packet Analysis

Hansang Bae - Director of Cascade Product Architecture, Riverbed

 

This track is geared towards neophyte packet analysts. We’ll cover the TCP/IP stack from a troubleshooter’s perspective. In addition, protocol interactions in the real world will be examined. Finally, academic concepts of the TCP/IP protocol stack will be overlaid with practical and pragmatic examples so the users can hit the ground running.

 

Hansang Bae led the Network/Application Performance Engineering Team with direct responsibility for Packet Capture Infrastructure at Citi until July, 2012 when he joined Riverbed as Director of Cascade Product Architecture. He brings a unique perspective with his broad knowledge of protocol analysis in a complex enterprise infrastructure.

11:45 am – 1:00 pm

B2: Beginner Tips and Tricks for Efficient Network Analysis

Laura Chappell - Founder, Wireshark University, Protocol Analysis Institute and Chappell University

 

DON’T SCROLL THROUGH PACKETS. There is almost always a better way to locate the cause of performance problems. You need to do some customization to make Wireshark work for you. In this session you will learn 10 key Wireshark tricks to rapidly decrease your problem resolution time.

 

Long-time, well-known Wireshark evangelist and author of the best-selling "Wireshark Network Analysis: Official Wireshark Certified Network Analyst Study Guide" and numerous other industry books, Ms. Chappell began her career as a network analyst in 1991 when Novell acquired the LANalyzer product. She has worked with numerous analyzer products since then but, in 1999, decided to focus her analysis time working exclusively with the open source Ethereal (now known as Wireshark) network and protocol analysis tool. Laura developed the Wireshark Certified Network Analyst Program and manages the Wireshark University Authorized Training Partner Program and the Wireshark University Authorized Instructor Program.

2:15 pm – 3:30 pm

B3: Expert System Analysis of Wireshark Traces: A User Story

Nalini Elkins - CEO & Founder, Inside Products, Inc.

Conrad Sanders - Systems Programmer, US Bank

 

How can rule-based expert systems help with reading and interpreting Wireshark traces? In this session, we will see case studies from a real expert system that is in use at a number of large installations. This session will be co- presented by US Bank which has used the system to help them solve complex SSL and TCP problems.

 

Nalini Elkins, the CEO and Founder of Inside Products, Inc., is a recognized leader in the field of computer performance measurement and analysis. In addition to being an experienced software product designer, developer, and planner, she is a formidable businesswoman. She has been the founder or co- founder of two start-ups in the high-tech arena. Nalini has a strong computer networking background, but specializes in network performance analysis, measurement, monitoring, tuning, and troubleshooting of large enterprise networks including TCP/IP & SNA. Conrad Sanders is currently a systems programmer for Union Bank responsible for networking on a mainframe using TCPIP and SNA protocols and monitoring TCP/IP traffic and reading traces using IPCS and Wireshark.

3:45 pm – 5:00 pm

B4: Fun with Traces

Stuart Kendrick - Sustaining Engineer, EMC Isilon

 

In this session, we’ll review a handful of real-world troubleshooting cases, starting with the fuzzy description of the issue, refining the description into a tighter problem statement and sketching a diagram. Then we’ll turn to the traces and demonstrate techniques to sort through them. Interactivity is encouraged: you'll download the traces, examine them and offer your own tips & suggestions on how to analyze them. Together, we'll slot each case into a Design Pattern – a particular signature which distinguishes this type of case from others.

  • Many Applications Crash
  • HL7 Transfers Interrupted
  • VMWare Cannot Mount SAN
  • Compile Host Aborts
  • The Network is Slow

 

Stuart Kendrick works as a Sustaining Engineer for EMC Isilon, with a particular focus on troubleshooting and total customer experience. Stuart started his career in 1984, writing in FORTRAN on Crays for Science Applications International Corporation. He then worked in help desk, desktop support, system administration and network support for Cornell University in Ithaca and, later, Manhattan. Moving from New York to Seattle, Stuart spent two decades at the Fred Hutchinson Cancer Research Center in a multi-disciplinary role covering transport, network management, root cause analysis, and problem management. He is happiest when correlating packet traces with syslog extracts and writing scripts to query device MIBs. When he pulls his hands away from the keyboard, he spends time at yoga and CrossFit.

9:00 am – 10:00 am

Keynote: Data Analysis - The Past and The Future

Tim O'Neill - Chief Contributing and Technology Editor for LoveMyTool

 

Tim O’Neill, Chief Contributing and Technology Editor for LoveMyTool, Senior IEEE member, and long-time Wireshark and open source reviewer and supporter, will draw upon his 45-year history in the RF, WAN, Analog, ISDN, ATM, SONET and LAN (Arcnet, Token Ring and Ethernet) test and analysis markets to engage and enlighten the Sharkfest’14 attendee body in our second conference Keynote.

 

10:15 am – 11:30 am

B5: TCP Analysis: First Steps

Jasper Bongertz - Sr. Technical Consultant, Airbus Defence and Space CyberSecurity

 

TCP is the most important protocol when it comes to analyzing and troubleshooting application behavior. Even though it looks like there is not much to know about TCP, it is one of those things that are easy to learn and hard to master. In this talk we’re going to start building TCP analysis skills from scratch, but even if you think you know how it works, you still might learn a thing or two. It is also designed to be followed by my second talk regarding TCP, called “Understanding the Wireshark TCP Expert” [Session I9].

 

Jasper Bongertz is a Senior Technical Consultant and started working freelance in 1992 when he began studying computer science at the Technical University of Aachen, before joining Fast Lane GmbH in 2009. In 2013, he joined Airbus Defence and Space CyberSecurity, focusing on IT security and network forensics. During his time with Fast Lane, Jasper created a large training portfolio with a special focus on Wireshark. Jasper is a Sniffer Certified Professional (SCP), VMware Certified Professional (VCP3/4/5) and VMware Certified Instructor (VCI).

11:45 am – 1:00 pm

B6: TCP/IP Analysis: First Steps

Robert Bullen, Engineer, Application Performance Management, Blue Cross Blue Shield Minnesota

HTTP has grown from its humble beginnings of serving only web pages. Big time! It is now the de facto means of distributed application communication and is found in every tier of the data center. This session will explore this ubiquitous protocol for beginner to intermediate Wireshark analysts. It will start with a brief overview of how HTTP fits into the protocol stack and the relevant Wireshark preferences (settings) at each layer, including how to decrypt HTTP over SSL. It will finish with how to customize and leverage Wireshark to work best for HTTP. In addition, it will touch on using other free tools in conjunction with Wireshark to aid in understanding web page performance.

 

Robert Bullen has been in the packet analysis space in one form or another for most of his 15-year career as both a developer and user. For the last five years he’s been an application performance engineer for two Minnesota-based enterprises where he has relied heavily on the Wireshark tool suite, and during which time he contributed enhancements to the Wireshark code base. Robert has attended several Sharkfests and came away from each inspired in one way or another. This year, he’s paying it forward by sharing his expertise as a presenter with hopes to inspire others.

1:45 pm – 3:00 pm

B7: IPv6 Transition Techniques

Nalini Elkins - CEO & Founders, Inside Products, Inc.

 

You can’t convert a good-sized network to IPv6 in one day or even one month. You will need some type of transition technique. In this session, we will cover:

  • Tunneling
  • Translation: 6to4, SLB-PT
  • Teredo, NAT64
  • 6RD, etc.
  • What is deprecated
  • Security Issues
  • What is being discussed at IETF

 

Nalini Elkins, the CEO and Founder of Inside Products, Inc., is a recognized leader in the field of computer performance measurement and analysis. In addition to being an experienced software product designer, developer, and planner, she is a formidable businesswoman. She has been the founder or co- founder of two start-ups in the high-tech arena. Nalini has a strong computer networking background, but specializes in network performance analysis, measurement, monitoring, tuning, and troubleshooting of large enterprise networks including TCP/IP & SNA.

3:15 pm –4:30 pm

B8: Beginner Tips and Tricks for Troubleshooting Time

Laura Chappell, Founder, Wireshark University, Protocol Analysis Institute & Chappell University

 

Time is of the essence. There are two time factors that we watch carefully when troubleshooting slow networks— path latency time and application response time. In this session we will use various Wireshark features to measure time and spot path latency and application response time problems.

 

Long-time, well-known Wireshark evangelist and author of the best-selling "Wireshark Network Analysis: Official Wireshark Certified Network Analyst Study Guide" and numerous other industry books, Ms. Chappell began her career as a network analyst in 1991 when Novell acquired the LANalyzer product. She has worked with numerous analyzer products since then but, in 1999, decided to focus her analysis time working exclusively with the open source Ethereal (now known as Wireshark) network and protocol analysis tool. Laura developed the Wireshark Certified Network Analyst Program and manages the Wireshark University Authorized Training Partner Program and the Wireshark University Authorized Instructor Program.

4:45 pm –6:00 pm

B9: How to Get to the Root Cause of a Problem, Quickly!

Graeme Bailey, Founder, TARCA

 

Finding the root cause of poor performance and intermittent problems is a challenge in the complex infrastructures of modern applications. Virtualization of servers and desktops complicates troubleshooting. Cloud services can be a complete mystery. In many organizations, the troubleshooting process involves many discussions about what might be happening, then making configuration changes or upgrading things to see if that fixes it. Often this doesn’t work. If you know the root cause of a problem, you can fix it and validate the fix. Using his experience from hundreds of successful troubleshooting engagements, Graeme will use client case studies to walk through the process, tools and incredible pace to a resolution that can be achieved when you take a holistic end to end approach to technical troubleshooting. If you want to know how an investigation into Office365 connectivity problems resulted in 2.4TBytes of iSCSI traffic packet analysis, then this is the session for you! And that’s just one job and a ‘normal’ day for a troubleshooter...

 

Graeme is a troubleshooter with over 35 years’ experience in all aspects of system and infrastructure having worked for Burroughs, HP, 3Com and others. He founded TARCA (Troubleshooting and Root Cause Analysis) in 2008, having identified a clear need for an independent consultancy firm with the capability to address end to end performance. Taking network analysis further than the network itself, TARCA encompasses applications, workstations, servers, storage, networks and connectivity, to provide a unique, unbiased insight into issues. TARCA helps to resolve problems for their clients more rapidly, often bringing together a wide variety of third parties and gaining agreement as to the precise cause of the issue. This maximizes productivity potential for both people and equipment, often resulting in huge savings through the improvements they make together.

10:15 am – 11:30 am

B10: Understanding Wireshark’s Reassembly Features

Christian Landström Sr. Consultant, Airbus Defence and Space CyberSecurity

 

Wireshark comes with several features, from which the ability to reassemble data streams is one of the most important to many analysts. While this comes handy for tasks like e.g. data extraction from TCP streams, it can mess up the analysis in total when interfering with time-based analysis and protocol-specific information. With reassembly being enabled by default, it is critical to be aware of the impact this has on several functions like statistics and packet info display order. Beware: Live-Session, bring your 'Shark to join the analysis!

 

Christian Landström works in IT since 2004, with a strong focus on network communications and IT security. After graduating in computer science in 2008 and joining Synerity Systems directly afterwards he moved with the whole Synerity team to work for Fast Lane GmbH in 2009 as a Senior Consultant. Since 2013 he’s working as a Senior Consultant for Airbus Defence and Space CyberSecurity. He is a certified Cisco teacher as well as being an OSCP, working on IT security and network analysis projects.

11:45 am – 1:00 pm

B11: IPv6 Security : Assessment Tools and Infrastructure Mitigation

Jeff Carrell - Network Security Consultant, Network Conversions

 

Similar infrastructure security issues found in IPv4 exist for IPv6. Router Advertisements (RAs) play a key role in IPv6 address auto-configuration operations as the means for host devices obtaining their IPv6 address and default gateway definitions. DHCPv6 may be a key method for assigning hosts their IPv6 addresses as well. In both cases, rogue devices can disrupt network operations, but infrastructure devices (ie, switches and routers) generally have technology to mitigate such attacks - RA Guard, DHCPv6 Snooping, and ND Snooping. Using the latest IPv6 tools, attacks to a demonstration network will be orchestrated, IPv6 "First Hop Security" protection techniques will be implemented on the switches, and verification of the mitigation will be validated.

 

Jeff Carrell is a frequent industry speaker, freelance writer, IPv6 Forum Certified Trainer, network instructor and course developer to major networking manufacturers, and technical lead and co-author on Guide to TCP/IP 4th Edition (contributing IPv6 content). Jeff focuses on IPv6 interoperability and delivers lectures and IPv6 hands-on labs at technical conferences worldwide. As an IPv6 Forum Certified IPv6 Trainer, Jeff offers IPv6 Forum Silver and Gold Certified courses, customized IPv6 training courses, is an IPv6 Instructor for HP Education Services for their IPv6 Foundations course, and an IPv6 Instructor for Nephos6 for their IPv6 Foundations course. Jeff is a featured IPv6 instructor for the gogoNET online community, offering webinars and online workshops on IPv6 technologies via the gogoTRAINING initiative. Jeff is also an "Ask the Wireshark Expert Workshop" facilitator for Riverbed. Jeff has been involved in the computer industry for 35 years and has concentrated his endeavors in the internetworking portion of the industry for over 28 of those years.

2:15 pm –3:30 pm

B12: VoIP Analysis and Troubleshooting

Phill Shade CEO &Founder, Merlion's Keep Consulting

 

VoIP network analysis is a specialized sub-set of traditional Network Analysis and encompasses the skills of not only capturing data, but also the ability to discern unusual patterns hidden within seemingly normal network traffic. This course will provide the student with a set of analysis techniques focusing on the use of vendor-neutral, open source tools to provide insight into the following areas: VoIP network analysis fundamentals using open source tools to recognize traffic patterns associated with VoIP network behavior, and recognition of a variety of issues that affect VoIP- based networks and the quality of the voice data. Factors including, latency, out-of-sequence packets, jitter and quality of service and how the End-User experiences them, will be analyzed and evaluated. Key VoIP related protocols including SIP, MGCP, SCCP, UNISTEM, H.323, and related supporting protocol architectures will be examined.

 

Phillip D. Shade is the CEO and founder of Merlion’s Keep Consulting, a professional services company specializing in all aspects of network and forensics analysis providing a full range of professional training and customized curriculum development. Phill is now a Certified Wireshark University Instructor and Global Knowledge instructor. Drawing from his 30+ years of hands-on, real world experience in network analysis, troubleshooting and cyber forensics/security, Phill's presentations use a highly energetic, knowledgeable and informative style. Phill can be contacted at [email protected] or [email protected]

3:45 pm –5:00 pm

B13: WiFI Direction Finding

Thomas d'Otreppe, Author, Aircrack-ng

 

In a corporate environment, wireless management tools often offer the ability to locate a wireless device. However, precision is variable and depends on the amount of sensors present and sometimes direction finding is necessary to pinpoint the offending device. In this session, you will learn how to do WiFi direction finding (with a practical example) as well as how to choose the hardware. It will also include the basics of wireless networks and the different architectures.

 

Thomas d'Otreppe, Mister X, is a wifi hacker and the author of Aircrack-ng, a Wi-Fi auditing suite. He has designed Offensive- Security WiFu, a proactive wireless security course with Mati Aharoni and also contributes to BackTrack Linux. He works as a software developer for NEK Advanced Securities Group. Twitter: @aircrackng and @openwipsng

9:00 am – 10:00 am

Keynote - Vinton Cerf

Recipient of the National Medal of Technology, the Turing Award, and the Presidential Medal of Freedom

 

We are honored and delighted to announce that Vinton Cerf, co-designer of the TCP/IP protocols and the architecture of the Internet, will return to Sharkfest to deliver the opening Keynote.

 

10:15 am – 11:30 am

I1: Best Practices for Packet Collection, Aggregation & Distribution in the Enterprise

J. Scott Haugdahl Technical Architect, BCBS, MN

 

This session discusses best practices and lessons learned from building an enterprise-wide system to collect and aggregate packets from taps and spans in medium to large data centers. Justifying such an infrastructure and the ROI involves far more than deep dive packet analysis for problem resolution. The speaker will delve into the whole process from inception to implementation including how to “sell” a large packet sharing solution.

 

J. Scott Haugdahl, former CTO of WildPackets where he designed the expert system for Omnipeek (formerly Etherpeek NX), Principal Architect at US Bank where he orchestrated a large effort to build a $5M data center packet monitoring and distribution system, and currently an architect at Blue Cross Blue Shield of Minnesota working on collaborative enterprise monitoring solutions.

11:45 am –1:00 pm

I2: Common Mistakes in Packet Collection – Things that make Traces Harder to Read

Chris Greer Packet Analyst, Packet Pioneer LLC

 

Good trace file analysis begins at the collection stage. If we don’t get the right packets, at the right time, in the right place, with the right collection method, then we may spin our wheels looking through millions of perfectly good packets, behaving exactly as they should. In this session, we will look into the top mistakes in packet collection and how to mitigate them, ensuring that traces are as valid as possible for troubleshooting the root cause of a problem. We will also explore common capture methods such as SPAN, Tap, and laptop vs. hardware-based capture, examining the pros and cons of each.

 

Chris Greer specializes in packet analysis and training services, helping clients to resolve network and application performance problems, while training them to do the same on their own. As a Consultant for Packet Pioneer LLC, he provides remote trace file analysis, on-site troubleshooting, and delivers training courses for vendor-supported tools. As a Wireshark Certified Network Analyst, Chris delivers hands-on Wireshark courses and is a certified partner of Wireshark University. Chris is a regular author for lovemytool.com and various vendor-supported blogs

2:15 pm – 3:30 pm

I3: Maximizing Packet Capture Performance

Andrew Brown Network Engineering Team Lead, BATS Exchange

 

Wireshark is a fantastic tool for packet analysis, but reliable analysis first requires reliable packet capture. In many cases, Wireshark itself is sufficient for this task, but what options are available if Wireshark can no longer keep up with a traffic flow? This session will examine a variety of capture options under Linux and Windows, evaluate their effectiveness, and explore the concept of building a portable capture device using commodity hardware.

 

Andy Brown has worked in information technology since 1997 and has been in the high-performance financial space since 2004. He is a founding employee of BATS Exchange where he leads the U.S. network engineering team. He has used Wireshark to diagnose problems ranging from "creative" vendor interpretations of multicast routing specifications, to switches bugs like a failure to ARP, and incorrect checksum calculation.

3:45 pm – 5:00 pm

I4: How to Troubleshoot the Top 5 Causes for Poor Application Performance with Wireshark/Pilot

Mike Canney Systems Engineer, Riverbed Technology

 

Having worked for and with hundreds of clients over the past 24 years, I have discovered many simple, yet common mistakes/performance issues tend to arise. In this session we'll talk about case studies from the field and how we can shorten “Tiger Teams” from weeks to hours. Topics to include:

  • Getting good data is key, capture to disk on a budget
  • TCP, friend or foe?
  • SQL, did you write that code or did a robot?
  • File transfer woes and how to make data "fly"
  • The load balancer can't possibly be the cause, could it?

 

Before joining Riverbed as a Systems Engineer this year, Mike Canney, well-versed in multiple sniffer technologies, specialized in providing application and network performance consulting services: specifically Application Network-ability Assessments (ANA), network performance troubleshooting, and deep level packet analysis. Over the past 22 years, Mike has helped hundreds of companies identify and resolve their application and network performance issues. Mike has also developed courseware and taught engineers how to identify, remediate, and prevent network and application issues by analyzing traffic flows at the packet level. Mike has been a guest speaker at many industry trade shows (Networld Interop, Cisco Networkers, e.g.) throughout the United States on the topic of application performance analysis.

9:00 am – 10:00 am

Keynote: Data Analysis - The Past and The Future

Tim O'Neill - Chief Contributing and Technology Editor for LoveMyTool

 

Tim O’Neill, Chief Contributing and Technology Editor for LoveMyTool, Senior IEEE member, and long-time Wireshark and open source reviewer and supporter, will draw upon his 45-year history in the RF, WAN, Analog, ISDN, ATM, SONET and LAN (Arcnet, Token Ring and Ethernet) test and analysis markets to engage and enlighten the Sharkfest’14 attendee body in our second conference Keynote.

 

10:15 am – 11:30 am

I5: Monitoring Mobile Network Traffic (3G/LTE)

Luca Deri - Leader, ntop Project

 

Traditional traffic monitoring tools target Internet protocols. The popularity of smartphones and tablets has created a need for tools that monitor mobile traffic. Its nature is different from today’s wireline Internet. The main difference is that user traffic is encapsulated in dynamic tunnels in terms of identifiers, devices and IP addresses. By contrast, existing telecommunication monitoring tools have been extended to support wireline Internet protocols, but they often lack the features of networking monitoring tools. This talk highlights the challenges of monitoring mobile traffic, shows how Wireshark can troubleshoot common issues on mobile networks and demonstrates how open source traffic monitoring tools developed by ntop have been extended to support mobile traffic monitoring. We present real telecom operators’ use cases that address: root cause analysis, accounting, selective protocol detection (e.g. p2p, messaging or undesirable protocols), and non-repudiation.

 

Luca Deri is the leader of the ntop project (www.ntop.org), aimed at developing an open-source monitoring platform for high-speed traffic analysis. He worked for University College of London and IBM Research, prior to receiving his PhD at the University of Berne with a thesis about software components for traffic monitoring applications. Well known in the open-source and Linux community, as well in the industry where he has been appointed in the technical advisory board of several leading companies, he currently shares his time between the ntop project and the University of Pisa where he has been appointed as lecturer at the CS department.

11:45 am – 1:00 pm

I6: Getting the Most out of Your SDN

Steve Riley Technical Director, Office of the CTO, Riverbed

 

Fundamentally, SDN is still mostly about network plumbing. A rigid interpretation of SDN confines it to Layers 2 and 3, and that’s reasonable. But SDN opens opportunities for novel constructions in Layers 4 to 7 that solve real operational problems in data centers. Data is everywhere, constantly on the move, seemingly always overflowing. Networks move data, but not all networks are suitable for all data. Finding (or building) the right network, with the right applications, is still a labor- intensive task. Must it always be this way? No: applications, storage, and networks can together be described by software constructs—let’s call this collection a super-blob—in the hands of skilled developers. Freed from their dependence on any given location, super-blobs can move around as necessary, resting on any physical fabric that can satisfy their requirements. As requirements change, locations may change—while preserving all application states. To be most effective, orchestration tools for these super-blobs must have full visibility into the complete stack, and should use that information for closed-loop feedback and analysis. Indeed, much of the interesting innovation in SDNs is actually taking place above and outside the plumbing itself.

 

Steve Riley is a Technical Director in the Office of the CTO at Riverbed Technology. His specialties include the performance and security aspects of enterprise and cloud computing. Steve has a long career of public speaking, having participated in hundreds of events around the world. He is co-author of Protect Your Windows Network, contributed a chapter to Auditing Cloud Computing, has published numerous articles, and conducted technical reviews of several data networking and telecommunications books. At Riverbed, Steve concentrates on high-performance architectures that span multiple clouds, public and private; advises field teams and customers about secure deployments; and contemplates the future of networking. Before Steve joined Riverbed, he was the cloud security strategist at Amazon Web Services and a security consultant and advisor at Microsoft. In both capacities, he developed patterns and practices for secure deployments and operations. Steve is a member of the Kubuntu Team (which maintains Ubuntu’s KDE-flavored distribution) and is a global moderator of its community forum. Besides lurking in the Internet's dark alleys and secret passages, he enjoys freely sharing his opinions about the intersection of technology and culture.

1:45 pm – 3:00 pm

I7: [PANEL] Whales & Sharks: Will Commercial Packet Analyzers Survive Alongside Wireshark in the Enterprise?

J. Scott Haugdahl (Moderator)

 

Wireshark continues to enjoy runaway success as it continues to get better and better with each release. Join this panel of experts in a lively discussion and debate as to why we continue to snap up commercial (and pricey) big box analyzers for our data centers. What are the best coexistence practices today? What do real users see as the direction and survival for commercial offerings? How critical is training, support, integration, virtualization, security?

Panelists: Laura Chappell (WSU), Mike Canney (Riverbed), Brad Drake (US Bank), Kevin Burns (Comcast)

 

J. Scott Haughdahl has taught thousands of professionals the fine art of protocol analysis, wrote the book “Network Analysis and Troubleshooting”, founded Net3 Group to create an expert system and then sold it to WildPackets, becoming their CTO. Scott was then asked to join US Bank as a Principal Architect where he gained a deep inside knowledge of large Enterprise systems and founded the Network Application Analysis (NAA) team. He provided the leadership and vision to create a dream network analysis infrastructure for the bank’s new state-of-the-art data center. The dream became reality as a $5+ million Shared Data Access Network (known as the SDAN) deployed across multiple US Bank data centers. Mission accomplished, Scott was then hired at Blue Cross Blue Shield to do it all over again! Scott loves to spend time “up north” at his cabin and enjoys reading, photography, and travel.

3:15 pm – 4:30 pm

I8: Wireshark in the Large Enterprise

Hansang Bae - Director of Cascade Product Architecture, Riverbed

 

Analyzing enterprise-level traffic can be exponentially more difficult than analyzing the small business network. Learn the latest tips and tricks for using Wireshark in the large enterprise in this session.

 

Hansang Bae led the Network/Application Performance Engineering Team with direct responsibility for Packet Capture Infrastructure at Citi until July, 2012 when he joined Riverbed as Director of Cascade Product Architecture. He brings a unique perspective with his broad knowledge of protocol analysis in a complex enterprise infrastructure.

4:45 pm –6:00 pm

I9: Understanding the Wireshark TCP Expert

Jasper Bongertz, Senior Technical Consultant, Airbus Defence & Space CyberSecurity

 

Wireshark comes with a software module that analyzes the flow of TCP conversations and offers diagnostic messages that often help pinpoint a problem. Unfortunately, there are some situations where this “TCP expert” gets confused or isn’t looking at the packets hard enough. It is important to know the strengths and weaknesses of the TCP expert to be able to tell where it is doing things right, and where it needs a little help.

 

Jasper Bongertz is a Senior Technical Consultant and started working freelance in 1992 when he began studying computer science at the Technical University of Aachen, before joining Fast Lane GmbH in 2009. In 2013, he joined Airbus Defence and Space CyberSecurity, focusing on IT security and network forensics. During his time with Fast Lane Jasper created a large training portfolio with a special focus on Wireshark. Jasper is certified Sniffer Certified Professional (SCP), VMware Certified Professional (VCP3/4/5) and VMware Certified Instructor (VCI).

10:15 am – 11:30 am

I10: Anatomy of a Cyber Attack

Tim O'Neill - Co-Founder, LoveMyTool.com

 

It’s not a question of if you will be attacked, it’s a question of when and how you will be attacked and what info can be used against you! This session will cover the methods and motivation for starting a cyber- attack, including personal and corporate attack profiles and the intelligence-gathering methods of cyber criminals. We’ll also share pointers on how can you make yourself a smaller and more difficult target.

 

Tim “The OldcommguyTM” O’Neill has been in the communications world for more than a few years. From his start as an amateur radio operator at age 13, he moved on to helping design and bringing to market many diagnostic tools for a variety of vendors. Tim continues to help corporations define and test tools and solutions that address today’s complex networks and forensic needs. A published, degreed and patent- holding engineer, firm supporter of open source technology (especially Wireshark), and certified Cyber Forensic and Cyber Safety Instructor, Tim instructs and is a sought-after speaker for Cyber Security and Network conferences. Tim is also a Senior IEEE, ISSA and Digital Forensics Association member and the co- founder and Chief Technology Editor of www.lovemytool.com, which covers a wide variety of subjects advocating real and full network visibility. In simple terms, Tim is a network and cyber geek who, after almost 50 years in technology, still looks forward to every opportunity to delve deeper.

11:45 am – 1:00 pm

I11: Visualizing Problems through Packets

Kevin Burns - Principal Engineer, Comcast Data Center Engineering

 

One of the most challenging problems for a network engineer is the ability to bridge their knowledge of the network and protocol operation in troubleshooting unfamiliar applications and systems. In this presentation, we propose methods an engineer can use to address this problem. Specifically, we illustrate how to leverage knowledge of the network and protocols in combination with tools such as Wireshark to reveal how problems manifest themselves in the packets we collect and analyze. We will present real- world case studies to illustrate techniques to quickly gather the details necessary to identify and solve complicated application-network interaction problems.

itional dissector in C.

 

Kevin Burns is a Principal Engineer with Comcast and the author of "TCP/IP Analysis and Troubleshooting Toolkit". He has been performing and teaching protocol analysis for 18 years at various companies and the last 11 years with Comcast. Kevin began his career in protocols and complex troubleshooting back in 1995 when he attended a course taught by Scott Haugdahl and has had a passion for analyzing difficult problems ever since.

2:15 pm – 3:30 pm

I12: Capturing a packet - from Ether and Wire to Wireshark

Joerg Mayer - Wireshark Core Developer

 

When performing a capture, quite a few things can cause unexpected results. This talk explains the capture process for both wired and wireless media to be able to avoid surprises when looking at the capture results. The first part of this talk covers the path of a packet from the wire and cooked wireless through hardware, driver, kernel and libraries until it becomes visible in Wireshark. The second part covers some of the additional surprises raw and cooked wireless capture have to offer, explains their causes and how to mitigate them.

 

Jörg Mayer studied computer science at the University of Kaiserslautern for almost 10 years. As side jobs, he started working as a Unix systems administrator in 1992 and as a network administrator in 1995, where he worked with routers and network services such as news, mail and DNS. After getting his diploma, he started work in a company providing router and firewall support. In 2000, he founded his own company and has been working as a trainer, consultant and network troubleshooter for products from Cisco, Enterasys and ExtremeNetworks ever since. Network analysis has long been a beloved hobby which started with etherfind in 1993 followed by tcpdump, snoop and Ethereal. Jörg is a Wireshark Core developer.

3:45p –5:00p

I13: Analysis and Visualization

Robert Bullen - Engineer, Application Performance Management, Blue Cross Blue Shield, MN

 

They say a picture is worth 1,000 words. So how many packets is one worth? This session will discuss several practical visualizations that can help you hunt like a shark in a sea of packets. You’ll learn about Wireshark’s built-in visualizations, e.g. its I/O graph and tcptrace, that are immensely useful. But you’ll also learn that tshark and Excel can be combined to produce custom visualizations appropriate for the task at hand.

This session demonstrates steps to isolate different causes of WLAN problems by using Wireshark and AirPcap Adapters.

 

Robert Bullen has been in the packet analysis space in one form or another for most of his 15-year career as both a developer and user. For the last five years he’s been an application performance engineer for two Minnesota-based enterprises where he has relied heavily on the Wireshark tool suite, and during which time he contributed enhancements to the Wireshark code base. Robert has attended several Sharkfests and came away from each inspired in one way or another. This year, he’s paying it forward by sharing his expertise as a presenter with hopes to inspire others.

IDIAN CyberSecurity. He is a certified Cisco teacher as well as being an OSCP, working on IT security and network analysis projects.

9:00 am – 10:00 am

Keynote - Vinton Cerf

Recipient of the National Medal of Technology, the Turing Award, and the Presidential Medal of Freedom

 

We are honored and delighted to announce that Vinton Cerf, co-designer of the TCP/IP protocols and the architecture of the Internet, will return to Sharkfest to deliver the opening Keynote.

 

10:15 am –11:30 am

A1: Writing a Wireshark Dissector

Graham Bloice - Wireshark Core Developer

 

Learn how to write a Wireshark Dissector from a master core developer! This session is for anyone who would like to add their own dissectors to Wireshark for proprietary use or to share with the community. The options for writing a dissector will be presented: text-based using WSGD, script-based using Lua, and a traditional C dissector.

 

For the past 16 years, Graham has been a Windows C++ developer and member of the R&D Department at Trihedral, a company that produces a SCADA/HMI toolkit (www.trihedral.com). He first contributed code to Wireshark in 2000 and was made a Core Developer shortly after. His early commits were minor things such as enabling real-time captures on Windows and allowing the hex bytes display to use inverse video. More recent work has been mostly in the DNP3 dissector and Windows build environment.

11:45 am –1:00 pm

A2: Defending the Network

Jasper Bongertz & Christian Landström - Senior Consultants, Airbus Defence & Space CyberSecurity

 

When looking at the last year in network security, we’re seeing an alarming number of serious threats to our networks. This talk is going to be about network security/network forensics/intrusion detection topics, and will take a look at how bad guys abuse computer networks from home to enterprise level. We will also show how we can spot malicious traffic and identify compromised systems. Plus we’re going to get rid of the myth that looking for downloads of executable files and IRC traffic is the way to do it.

 

Jasper Bongertz is a Senior Technical Consultant and started working freelance in 1992 when he began studying computer science at the Technical University of Aachen, before joining Fast Lane GmbH in 2009. In 2013, he joined Airbus Defence and Space CyberSecurity, focusing on IT security and network forensics. During his time with Fast Lane Jasper created a large training portfolio with a special focus on Wireshark. Jasper is certified Sniffer Certified Professional (SCP), VMware Certified Professional (VCP3/4/5) and VMware Certified Instructor (VCI). Christian Landström has worked in IT since 2004, with a strong focus on network communications and IT security. After graduating in computer science in 2008 and joining Synerity Systems directly afterwards, he moved with the whole Synerity team to work for Fast Lane GmbH in 2009 as a Senior Consultant. Since 2013 he’s worked as a Senior Consultant for Airbus Defence and Space CyberSecurity. He is a certified Cisco teacher as well as being an OSCP, working on IT security and network analysis projects.

2:15 pm – 3:15 pm

A3: Custom Packet Analysis and Visualization with SteelScript Application Framework

Christopher White - Senior Director, Riverbed Technical Council

 

Packets don't lie, as the saying goes. That doesn't mean teasing the truth out of thousands or hundreds of thousands of packets is easy. In this session we'll examine packet analysis in Python using the SteelScript application framework. This framework combines the power of tshark to extract fields of interest with the fast and powerful data analysis library Python Pandas and puts it into a Django- based web interface for visualization. I'll walk through a few complete examples including: identifying gaps in a multicast stream, computing statistics such as 95th percentile, computing bi-directional statistics from uni- directional streams, and graphing multiple time-series statistics on the same graph.

 

Chris White is the Sr. Director of the Riverbed Technology Council and focuses on cross-product strategy and collaboration. Recently Chris has been working on developing open REST APIs across the product set and building the SteelScript Python SDK and Application Framework to enable rapid custom application development in the network operations and monitoring space.

2:15 pm – 3:15 pm

A4: PANEL: How Intelligent Can/Should We Make Our Out-of-Band Packet Matrix Switching Fabric? Can Open Source Compete?

J. Scott Haugdahl (Moderator)

 

This panel of experts and vendors will address burning questions such as:

  • What if our out-of-band packet switching offered us features such as SSL decryption, or intelligent content based packet scrubbing for PCI, PHI, and other sensitive data?
  • Can commercial vendors successfully support an “open” API into their platform?
  • Will Packet Sharing as a Service (PSaaS) become a reality in data centers?
  • Could an open source community based on the OpenFlow protocol (a key element of SDN) be as wildly successful as Wireshark?

Invited Panelists: John Calderon (Arista), Rony Kay (cPacket), Andy Huckridge (Gigamon), John Delfeld (Ixia), Justin Scott (Microsoft), and Hansang Bae (Riverbed).

 

J. Scott Haughdahl has taught thousands of professionals the fine art of protocol analysis, wrote the book “Network Analysis and Troubleshooting”, founded Net3 Group to create an expert system and then sold it to WildPackets, becoming their CTO. Scott was then asked to join US Bank as a Principal Architect where he gained a deep inside knowledge of large Enterprise systems and founded the Network Application Analysis (NAA) team. He provided the leadership and vision to create a dream network analysis infrastructure for the bank’s new state-of-the-art data center. The dream became reality as a $5+ million Shared Data Access Network (known as the SDAN) deployed across multiple US Bank data centers. Mission accomplished, Scott was then hired at Blue Cross Blue Shield to do it all over again! Scott loves to spend time “up north” at his cabin and enjoys reading, photography, and travel.

9:00 am – 10:00 am

Keynote: Data Analysis - The Past and The Future

Tim O'Neill - Chief Contributing and Technology Editor for LoveMyTool

 

Tim O’Neill, Chief Contributing and Technology Editor for LoveMyTool, Senior IEEE member, and long-time Wireshark and open source reviewer and supporter, will draw upon his 45-year history in the RF, WAN, Analog, ISDN, ATM, SONET and LAN (Arcnet, Token Ring and Ethernet) test and analysis markets to engage and enlighten the Sharkfest’14 attendee body in our second conference Keynote.

 

10:15 am – 11:30 am

A5: Diagramming IT Environments

Stuart Kendrick - Sustaining Engineer, EMC Isilon

 

If I can't draw it, I don't understand it. And understanding, of course, plays quite the role in troubleshooting. In this session, I provide you with electronic templates, practical techniques, and real-world examples to get you started on this project. We review dozens of diagrams: networks, storage systems, applications – critiquing them and accumulating a list of tips & traps. From this review, I propose deeper lessons around how sustainability and supportability interact with design and architecture and how to use diagramming to share your troubleshooting strategies with your peers, as well as to communicate the costs of business decisions upward.

 

Stuart Kendrick works as a Sustaining Engineer for EMC Isilon, with a particular focus on troubleshooting and Total Customer Experience. He started his career in 1984, writing in FORTRAN on Crays for SAIC; then worked in help desk, desktop support, system administration, and network support for Cornell University in Ithaca and later Manhattan. He spent 2 decades at the Fred Hutchinson Cancer Research Center in Seattle in a multi-disciplinary role covering transport, network management, root cause analysis, and Problem Management. He is happiest when correlating packet traces with syslog extracts and writing scripts to query device MIBs. When he pulls his hands away from the keyboard, he spends time at yoga and CrossFit.

11:45 am – 1:00 pm

A6: Large-Scale Passive Network Monitoring using Ordinary Switches

Justin Scott Sr. Network Engineer, Microsoft & Rich Groves, Principal Architect, A10 Networks

 

Large networks come with costly and time consuming problems. Secondary monitoring networks, fed by taps and/or spans can assist in collecting telemetry data that are needed to solve complex production issues. These networks are commonly nonstarters due to the cost associated with deploying in a large enterprise data center. A little help from openflow, SDN, and a mass of ordinary switches make this solution not just feasible at scale but very effective.

 

Justin Scott started working at Microsoft in 2007 as a network operations engineer. His team’s primary responsibility was investigating all service-impacting network outages and addressing common problems like “my file transfer is slow” or “my application is experiencing latency”. Turning to Wireshark helped cut through ambiguous problem statements and quickly isolated networking versus application issues. Knowing how to perform packet analysis has proven to be a huge time saver. Rich Groves was a Principal Network Architect for Microsoft for 6 years, responsible for data center architecture and innovation for Internet facing systems and cloud services, working on Openflow, security, and deeper network visibility before joining A10 Networks as Principal Network Architect in 2012.

1:45 pm – 3:00 pm

A7: Dive Even Deeper - Capturing, Analyzing and Filtering System Events

Loris Degioanni, Co-Founder and CEO, and Davide Scheira, Engineering Manager, Draios, Inc.

 

Are you a packet capture fan? Do you think that packets never lie? Then you should attend this session in which Loris, a Sharkfest and packet capture veteran, showcases an open source tool called sysdig that captures, decodes, and filters operating system events in similar ways to tcpdump and Wireshark. Loris will demonstrate how to make a capture file that contains not only the requests that Apache receives, but also the files it touches and the commands it runs. Loris will provide tips and tricks and include examples of how sysdig can be used in real-world scenarios.

 

Mr. Loris Degioanni co-founded CACE Technologies, Inc. in 2005 and served as its Chief Technology Officer and Chief Engineer. Mr. Degioanni Co-Founded Draios Inc. in 2013 and serves as its Chief Executive Officer. During his time as a graduate student, he developed the WinPcap packet capture library which became the base for tools like nMap, Snort, Ethereal/Wireshark and many others. Mr. Degioanni got his PhD in Computer Science from Politecnico di Torino in 2003.

3:15 pm– 4:30 pm

A8: Old and Busted: C-code... New Hotness: Lua!

Hadriel Kaplan - Principal Architect, Communications GBU, Oracle

 

Forget writing C-code, use Lua instead! This session discusses using Lua in Wireshark, as well as the new things Lua scripts can do in the latest Wireshark release.

 

Hadriel is a Principal Architect in the Communications GBU at Oracle (through an acquisition of Acme Packet). Prior to Acme Packet, he worked for the University of New Hampshire's InterOperability Lab, Bay Networks, Nortel Networks, and an IP router startup named Avici Systems. He's spent the past 10 years at Acme Packet in the Voice over IP market. At Acme, he worked in the office of the CTO in various roles in architecture, software development, standards, and customer interface. He is an active member of the IETF, has written numerous SIP-related drafts, and is an author of RFCs as well as being a member of the Board of Directors of the SIP Forum. He's contributed some code for Wireshark as well, mostly to improve the Lua API.

4:45 pm – 6:00 pm

A9: Wi-Fi Threats and Counter Measures

Gopinath KN - VP of Engineering, AirTight Networks

 

Wi-Fi has evolved drastically since the first IEEE 802.11 (legacy) standard was released in 1997 – higher bandwidth, ubiquitous availability and support for mission critical applications. However, Wi-Fi security continues to be a hot topic. The nature of threats may have changed, but threats still remain. This session presents the main Wi-Fi threats that are relevant today and the best practices that users and enterprises can take to protect against them. Wi-Fi Threats can be broadly classified as AP-based threats, client-based threats and denial of service (DoS) attacks. With the help of Wireshark packet captures, we will cover several examples of Wi-Fi threats seen in real-life:

  • AP-based threats, e.g. accidental or malicious misconfiguration of an AP, unauthorized APs in enterprise WLANs
  • Client threats, e.g. insecure smartphones, accidental connection to evil-twin APs
  • DoS attacks, e.g.RF level jammers and 802.11 MAC protocol level attacks

Once we lay out the threat landscape, we will provide best practices to combat these threats – from user education, to defining enterprise security policies, to implementing right IEEE 802.11 standards and, finally, to employing the right set of tools to enforce security policies automatically.

 

Gopi has more than 16 years of experience in systems, networks and security. He has devoted the previous eight years to understanding wireless security issues and building cutting-edge security systems. Gopi is also a speaker, instructor, and an author with several patents and technical publications to his credit. He speaks at popular international conferences such as RSA, Interop, and CSI and contributes to several influential technology publications. He has been a member of Bell Labs Research, and is currently VP of Engineering at Airtight Networks. Gopi holds a Master of Technology (MTech.) degree from IIT Kanpur, India.

10:15 am – 11:30 am

A10: Introduction to Software-Defined Radio

Mike Kershaw - Chief Architect, Blackphone

 

A software defined radio captures raw signals and uses software to process the radio information, allowing it to receive anything it's possible to tune to. Recently software defined radios have drastically dropped in price but the software to use them hasn't yet gotten simpler. This is an intro to the hardware available and the software possibilities.

 

Mike Kershaw is the creator of the Kismet wireless sniffer tool, as well as several other open source software and hardware projects. He is currently the Chief Architect of Blackphone.

11:45 am – 1:00 pm

A11: Definitive Diagnostic Data: A Rapid Problem Resolution Perspective

Stuart Kendrick - Sustaining Engineer, EMC Isilon

 

There's a lot of data flying through the air that doesn't have simple hardware to decode it. A software- defined radio captures raw signals and uses software to process the radio information, allowing it to receive anything it's possible to tune to. Recently software- defined radios have drastically dropped in price, but the software to use them hasn't yet gotten simpler. This is an introduction to the hardware available and the software possibilities. Definitive Diagnostic Data: An RPR Perspective DDD is a salient characteristic of the Rapid Problem Resolution methodology that Paul Offord and Advance7 have developed and that provides the framework for the Root Cause Analysis seminars I offer at conferences. Using case studies, I describe the symptoms, review the network diagram, and then illustrate how we instrumented the path from client through network to server and application, sometimes successfully, sometimes not. I encourage interactivity: bring your own techniques and share them. You will leave with a catalogue of specific tools & approaches, both quick and dirty as well as thorough and complete, for instrumenting your own Root Cause Analysis efforts.

 

Stuart Kendrick works as a Sustaining Engineer for EMC Isilon, with a particular focus on trouble-shooting and Total Customer Experience. He started his career in 1984, writing in FORTRAN on Crays for Science Applications International Corporation; he worked in help desk, desktop support, system administration, and network support for Cornell University in Ithaca and later Manhattan. He spent two decades at the Fred Hutchinson Cancer Research Center in Seattle in a multi-disciplinary role covering transport, network management, root cause analysis, and Problem Management. He is happiest when correlating packet traces with syslog extracts and writing scripts to query device MIBs. When he pulls his hands away from the keyboard, he spends time at yoga and CrossFit.

2:15 pm –3:30 pm

A12: (Not So) False Positives in Application Performance Analysis

Christian Landström - Senior Consultant, Airbus Defence and Space CyberSecurity

 

One of the finest moments in an analysis project is when you finally find the needle in the haystack and drill down into the very event causing your customers network problem. But there are "needles" that are perfectly valid and just draw an analysts attention because they look so fishy and yet they are partially or completely non-related to the job. This session will show and analyze some real-world scenarios, where you can get caught into misleading statements and talk about how to avoid these situation.
Beware: Live-Session, bring your 'Shark to join the analysis!

 

Christian Landström works in IT since 2004, with a strong focus on network communications and IT security. After graduating in computer science in 2008 and joining Synerity Systems directly afterwards he moved with the whole Synerity team to work for Fast Lane GmbH in 2009 as a Senior Consultant. Since 2013 he’s working as a Senior Consultant for Airbus Defence and Space CyberSecurity. He is a certified Cisco teacher as well as being an OSCP, working on IT security and network analysis projects.

3:45 pm –5:00 pm

A13: Old and Busted: C-code...New Hotness: Lua!

Hadriel Kaplan - Principal Architect, Communications GBU, Oracle

 

Forget writing C-code, use Lua instead! This session discusses using Lua in Wireshark, as well as the new things Lua scripts can do in the latest Wireshark release.

 

Hadriel is a Principal Architect in the Communications GBU at Oracle (through an acquisition of Acme Packet). Prior to Acme Packet, he worked for the University of New Hampshire's InterOperability Lab, Bay Networks, Nortel Networks, and an IP router startup named Avici Systems. He's spent the past 10 years at Acme Packet in the Voice over IP market. At Acme, he worked in the office of the CTO in various roles in architecture, software development, standards, and customer interface. He is an active member of the IETF, has written numerous SIP-related drafts, and is an author of RFCs as well as being a member of the Board of Directors of the SIP Forum. He's contributed some code for Wireshark as well, mostly to improve the Lua API.

9:00 am – 10:00 am

Keynote - Vinton Cerf

Recipient of the National Medal of Technology, the Turing Award, and the Presidential Medal of Freedom

 

We are honored and delighted to announce that Vinton Cerf, co-designer of the TCP/IP protocols and the architecture of the Internet, will return to Sharkfest to deliver the opening Keynote.

 

10:00 am – 5:00 pm

FULL-DAY DROP-IN HACKATHON WITH WIRESHARK CORE DEVELOPERS

9:00 am – 10:00 am

Keynote: Data Analysis - The Past and The Future

Tim O'Neill - Chief Contributing and Technology Editor for LoveMyTool

 

Tim O’Neill, Chief Contributing and Technology Editor for LoveMyTool, Senior IEEE member, and long-time Wireshark and open source reviewer and supporter, will draw upon his 45-year history in the RF, WAN, Analog, ISDN, ATM, SONET and LAN (Arcnet, Token Ring and Ethernet) test and analysis markets to engage and enlighten the Sharkfest’14 attendee body in our second conference Keynote.

 

10:00 am – 6:00 pm

FULL-DAY DROP-IN HACKATHON WITH WIRESHARK CORE DEVELOPERS

10:00 am – 6:00 pm

FULL-DAY DROP-IN HACKATHON WITH WIRESHARK CORE DEVELOPERS