SharkFest’17 Retrospective

June 19th - 22nd, 2017
Carnegie Mellon University | Pittsburgh, PA

Keynote Presentations

The Past, Present & Future of the Wireshark Project
Gerald Combs

Experience with the eXpressive Internet Architecture
Peter Steenkiste

SharkFest’17 US Attendee Feedback

“It’s a wonderful time to have the privilege to participate with such talent and good will as that which is found in the Wireshark community. I believe that as the risks present within the Internet increase, Wireshark and the Wireshark community stand poised at the intersection of the Internet nexus to identify, mitigate, and secure network resources everywhere.

Thank you again for all that you do to bring together the Wireshark community annually for SharkFest!”

“Thank you for organizing a fabulous event for everyone. It was a great experience and I learned a lot.”

“In my humble opinion, Sharkfest is a great success. Many of the presentations show common case issues, and how Wireshark helps to identify them in their own ways. Most of the people I met at Sharkfest are small to medium size companies. We all have similar issues, but sometimes we just don’t know how and where to begin tackling the issue. It looks so easy when the experts present, trust me it’s not quite similar in real life. This conference helps us to navigate through these obstacle courses and helps us to do our job better.”

“Thank you for the great SharkFest’ 17 US conference in Pittsburgh, Pennsylvania for the past days. All of you – and don’t forget the guys behind the scenes - have done a great job again and we all together survived.”

Blogs

SharkFest’17 US Recap by Jasper Bongertz

SharkBytes

Tuesday Classes

• 01: Practical Tracewrangling: Exploring Capture File Manipulation/Extraction Scenarios - Part 1 by Jasper Bongertz

• Presentation Video (1:12:42)

• 02: An Introduction to Wireshark: Rookie to Vet in 75 Minutes by Betty DuBois

• 03: Using Wireshark to Solve Real Problems for Real People: Step-by-Step Real-World Case Studies in Packet Analysis by Kary Rogers

• 04: Practical Tracewrangling: Exploring Capture File Manipulation/Extraction Scenarios - Part 2 by Jasper Bongertz

• Presentation Video (1:14:11)

• 05: Network Security…Haven’t We Solved It Yet? by Mike Kershaw

• 06: Workflow-based Analysis of Wireshark Traces: Now we can all be Experts by Paul Offord

• Presentation Video (1:04:26)

• 07: Undoing the Network Blame Game and Getting to the Real Root Cause of Slow Application Performance by Chris Greer

• Presentation Video (1:14:06)

• 08: Command Line Review of Wireshark CLI Tools, tshark & more by Christian Landström

• 09: Designing a Requirements-Based Packet Capture Strategy by John Pittle

• 10: Knowing the Unknown: How to Monitor & Troubleshoot an Unfamiliar Network by Luca Deri

• Presentation Video (1:18:28)

• 11: HANDS-ON TCP Analysis by Jasper Bongertz

• 12: Baselining with Wireshark to Identify & Stop Unwanted Communications by Jon Ford

Wednesday Classes

• 13: Augmenting Packet Capture with Contextual Meta-Data: the What, Why & How by Dr. Stephen Donnelly

• Presentation Video (1:06:37)

• 14: Wireshark Case Study Exploration by Sake Blok

• 15: Wireshark & Time: Accurate Handling of Timing When Capturing Frames by Werner Fischer

• 16: Hands-On Analysis of Multi-Point Captures – Part 1 by Jasper Bongertz and Christian Landström

• Presentation Video (1:16:37)

• 17: WiFiBeat…Visualize Data with Kibana & ElasticSearchby Thomas d’Otreppe

• 18: Analyzing Exploit Kit Traffic with Wireshark by Bradley Duncan

• 19: Hands-On Analysis of Multi-Point Captures – Part 2 by Jasper Bongertz and Christian Landström

• Presentation Video (1:08:02)

• 20: Work-Shmerk/Mirai-Shmiraii: What are Those Evil Little IoT Devices Doing & How Can You Control Them? by Brad Palm

• 21: Analysis Visualizations: Creating charts inside and outside of Wireshark to speed up your Analysis by Robert Bullen

• 22: Understanding Throughput & TCP Windows: A Walk-Through of the Factors that can limit TCP Throughput Performance by Kary Rogers

• Presentation Video (1:07:08)

• 23: Top 10 Wireshark TIPS & Tricks by Megumi Takeshita

• 24: Undoing the Network Blame Game and Getting to the Real Root Cause of Slow Application Performance by Chris Greer

• Presentation Video (1:14:06)

Thursday Classes

• 25: Workflow-based Analysis of Wireshark Traces: Now we can all be Experts by Paul Offord

• Presentation Video (1:04:26)

• 26: Network Security…Haven’t We Solved it Yet? by Mike Kershaw

• 27: Network Forensics with Wireshark by Laura Chappell

• 28: The Doctor is In! Packet Trace Reviews with the Experts by Hansang Bae, Jasper Bongertz, Christian Landström, Sake Blok

• 29: A Web-Based Approach to Enhance Network Packet Capture & Decode Analysis Techniques using the Wireshark Command Line Tools by Ronald Henderson

• 30: Using the Python/Django Web Framework to Build a Remote Packet Capture Portal with tshark by Kevin Burns

• 31: SMB/CIFS Analysis: Using Wireshark to Efficiently Analyze & Troubleshoot SMB/CIFS by Betty DuBois

• 32: Writing a Wireshark Dissector: 3 Ways to Eat Bytes by Graham Bloice

• 33: Wireshark & Time: Accurate Handling of Timing When Capturing Frames by Werner Fischer

• 34: How tshark saved my SDN Forensics: Hands-on tshark Usage with a Minor Python Connection by Mike McAlister, Joseph Bull

• 35: My Life as a Troubleshooter: So what did you do today, Dad? by Graeme Bailey

• 36: Validating Your Packet Capture: How to be sure you’ve captured correct & complete data for analysis by Scott Haugdahl, Mike Canney

• 37: Back to the Packet Trenches (Part 1) by Hansang Bae

• 38: Wireshark Tips & Tricks by Laura Chappell

• 39: Knowing the Unknown: How to Monitor & Troubleshoot an Unfamiliar Network by Luca Deri

• Presentation Video (1:18:28)

• 40: Back to the Packet Trenches (Part 2) by Hansang Bae

• 41: Analyzing Exploit Kit Traffic with Wireshark by Bradley Duncan

• 42: TCP SACK Overview & Impact on Performance by John Pittle

A Word of Thanks

SharkFest’17 US, the tenth anniversary of the conference, was a roaring success thanks to the highly engaged community of core developers and Wireshark users in attendance. Special thanks to Gerald Combs for tirelessly, fearlessly guiding the Wireshark open source project and maintaining its relevancy, to core developers for traveling long distances and braving severe storm-related delays to advance Wireshark code together, to Laura Chappell for delivering another excellent troubleshooting class, jumping in at the last minute to replace presenters unable to keep their commitments due to travel complications, and for creating another highly-anticipated Packet Challenge, to Dr. Peter Steenkiste for his provocative keynote, to Sake Blok for the many man-hours dedicated to creating a thrilling group packet competition, to a staff and volunteer crew who went far beyond caring to serve attendees during the conference, to instructors who voluntarily shuffled lives and schedules to educate participants and learn from one another, to sponsors who so generously provided resources that made the conference possible, to the CMU social hosts who made our social events truly social, and to the Carnegie Mellon Conference Events team for working through months of minutiae to help stage the conference on the rare and beautiful CMU campus.

Host Sponsors

Angel Shark Sponsors

Wireshark Group Packet Challenge Sponsor

Welcome Gift Sponsor

Breaks Sponsor

In Absentia Sponsors

Honorary Sponsors