82 posts categorized "Sharkfest" Feed

Lessons from Sharkfest US 2017 (by Chris Greer)

Sharkfest 2017

Sharkfest turned 10!

Last month, hundreds of Wireshark users, developers, and trainers came together for the 10th annual Sharkfest conference at Carnegie Mellon University in Pittsburgh. Packet-heads from all over the globe could mix and mingle with the likes of Gerald Combs, Laura Chappell, Jasper Bongertz, and Hansang Bae, just to name a few.

For me, Sharkfest is always a highlight of the year. Where else can you ditch the trade-show marketing super-hype and just get down to the wire with the world’s best packet analysts? Network engineers should definitely put this event on their bucket lists, no matter what their experience level with Wireshark and packet analysis.

In recent years, the fine folks who host Sharkfest have approved of having the sessions recorded, making them available on demand. If you have not yet done so, stop by the Sharkfest retrospective page to check out some of the sessions – sharkfest.wireshark.org/sf17

Suggested sessions:

  1. Hansang Bae always does a great job of showing real-world scenarios of how to packet dig. In his session he goes into some case studies of rare packet-level issues that engineers face today. His session video is not yet on the page but I’m sure it soon will be.
  2. Kary Rogers from Packetbomb did a practical session on Understanding Throughput and TCP Windows. Be sure to check that one out – recording available.
  3. Betty DuBois did a very nice session for newbies entitled “Rookie to Vet in 75 minutes”. Although the session recording is not yet available, she did an awesome job on her presentation – definitely check it out!

My notes:

Continue reading "Lessons from Sharkfest US 2017 (by Chris Greer)" »

Network Troubleshooting Tip - Using Markers to Cut Trace Analysis Time (by Paul Offord)

When we get to the point in an investigation where we are about to break out Wireshark, the complexity of the packet analysis can seem quite daunting. And yet, by covering a few key points, we can dramatically cut the time needed to analyze any diagnostic data.

In my previous post we looked at the importance of a basic understanding of the topology of the system under investigation. In this blog I'll cover the use of markers; a ridiculously simple, but amazingly powerful, concept.  A marker places a distinctive packet in network packet trace data that we can easily find with Wireshark.

The RPR manual contains six pages of information on markers, covering suggested markers and what to use them for.  If you haven't used markers before you are in for a real treat.  Once you get the hang of them, you'll wonder how you ever did without them.

Let's imagine you've been investigating an intermittent slow response time problem for a bunch of users.  Nobody is quite sure what's causing the problem, although the application and platform teams insist it's not them.  You know the drill; if the cause isn't obvious it must be the network, right?


Luckily, a user experienced the problem this morning, and you had packet traces running.  The bad news is that you have 500 GB of trace data (about 5 billion packets) and the user is vague about the time of the problem.

The first strategy ...

Continue reading "Network Troubleshooting Tip - Using Markers to Cut Trace Analysis Time (by Paul Offord)" »

Sharkfest 2016 | TCP Tips and Tricks - What Makes Applications Crawl? (by Chris Greer)

This session was presented at SharkFest 2016 in Mountain View, California. 

TCP is a great protocol. The fact that this decades-old delivery mechanism is still responsible for our business critical applications today is quite impressive. Those guys knew what they were doing. 

It's true though that TCP has its bad days and can bring applications to a crawl. Or, when TCP itself isn't to blame, we can use it's behavior to isolate the real root cause of slow apps - network, client, or server. 

So, armed with Wireshark, some demo trace files, and a little bit of TCP know-how, we're going to do some packet digging to demonstrate TCP Tips and Tricks that are useful when troubleshooting slow applications. 



Chris Greer Packet Pioneer Logo

Author Profile - Chris Greer is a Network Analyst for Packet Pioneer LLC and a Certified Wireshark Network Analyst. Chris regularly assists companies in tracking down the source of network and application performance problems using a variety of protocol analysis and monitoring tools including Wireshark. Chris also delivers training and develops technical content for several analysis vendors.

Snapshots from Sharkfest - TCP ACKFor Column (by Chris Greer)

Screen Shot 2016-06-14 at 2.49.47 PM

(Thanks to Hansang Bae for showing this quick tip at Sharkfest!)

Once again, Sharkfest is here. Attendees are crunching packets, digging through traces, and refining their art of protocol analysis - If packets are your thing, there is no better place to be.

Within the first three minutes of the first packet analysis session I attended this morning, my appreciation for the Sharkfest Wireshark Users conference was renewed. Where else in the world can you get packet-level analysis tips from people who have been doing this for decades? Where else do you see instructors finishing their sessions then sitting down as students of the next one?

A quick tip I learned on day 1.

Hanging Bae was busy doing his thing, showing some of the custom filters he uses in one of his TCP analysis profiles. One of the columns he uses is called ACKFor. On any TCP ACK, this column shows the frame number of the packet that is being acknowledged.

Continue reading "Snapshots from Sharkfest - TCP ACKFor Column (by Chris Greer)" »

Sharkfest 2016 with Wireshark 2.0.4 – The Founder - Gerald Combs - A fun perspective and history! (by Tim The Oldcommguy)

Sharkfest 2016 with Wireshark 2.0.4 – A fun perspective and history!

Everyone knows of Gerald Combs the founder of Wireshark, previously Ethereal, but few really know much about this smart, dedicated, kind, gentle and giving person.

Wireshark is a world class network capture and analysis tool, but it is much more as it is the dream of Gerald Combs.

Gerald Unsorted 18Gerald has always been a dreamer and always wanted to do something cool. He got his wish when in the late 90’s he decided that we, the network industry needed a tool that could be shared by everyone. In reality he was tired of having to hunt down and “borrow” the Sniffer. So he started Ethereal mainly for decoding the packets that had been captured with the NGC Sniffer!

So Ethereal was born with the help of some super social and technical friends that had the same vision and wanted to do something about the need!

Those friends were Richard Sharpe, Guy Harris and Gilbert Ramirez who with Gerald started the path of Ethereal to Wireshark. Of course there are many developers that have contributed to Wireshark over the years!

Continue reading "Sharkfest 2016 with Wireshark 2.0.4 – The Founder - Gerald Combs - A fun perspective and history! (by Tim The Oldcommguy)" »