This year’s Sharkfest was a blast. Speakers, attendees, developers, and technology enthusiasts from all over the world came together at UC Berkeley, June 24th-27th for four days of knowledge sharing and collaborating on the world’s most popular protocol analyzer – Wireshark. Over the next week, here on LoveMyTool, we will be posting selected recorded sessions from industry experts on a variety of topics related to Wireshark, including:
· Wireshark in the Large Enterprise
· Trace File Case Files
· Wireshark Troubleshooting from the Field
· Secrets of Vulnerability Scanning
· Using Wireshark as an Applications Engineer
· And more!
Highlights for Me:
Sharkfest was a one-of-a-kind conference. I think the thing I first noticed was that most instructors attended courses of the other instructors. They all brain-dumped and then took a seat to be taught by the next person. It impressed upon me that no matter how much knowledge or experience we have with Wireshark, there is always a new tip or trick to learn! Here were some of my favorites:
1. Profiles, profiles, profiles. I realized after watching a couple speakers flip through different profiles that I was tremendously under-utilizing this feature. Using a different profile targeted for Security, TCP Analysis, HTTP, SMB, and VoIP can greatly speed analysis and can put critical data right where we need it.
2. PCAP-NG is very cool, and is now the default format. The ability to comment on files and individual packets is pretty cool when sharing traces between different analysts – or when saving files for later analysis.
3. Multi-Interface Capture – Woo hoo!! Several interfaces all at once. Great feature with unlimited ways to use it.
This is not a complete list of course, just a few of the highlights that I saw at Sharkfest. What stood out to you? Weren't able to go? No problem! Make sure not to miss out on next year. In the meantime - you can check out the recorded sessions right here on LoveMyTool and catch the packet-level action.
Author Profile - Chris Greer is a Network Analyst for Packet Pioneer. Chris has many years of experience in analyzing and troubleshooting networks. He regularly assists companies in tracking down the source of network and application performance problems using a variety of protocol analysis and monitoring tools including Wireshark. When he isn’t hunting down problems at the packet level, he can be found teaching various analysis workshops at Interop and other industry trade shows. Chris also delivers training and develops technical content for several analysis vendors. He can be contacted at chris (at) packetpioneer (dot) com.