Protocol Analysis, Data Recorder, CALEA, Lawful Intercept, Application Performance, User Experience, Industrial Ethernet, Data Loss Prevention, Deep Packet Inspection, NetFlow, SOX, HIPAA and PCI Compliance, Switching and Routing, Forensics, VoIP, IPTV ... etc.
Network analysis experts, Wireshark instructors and Wireshark core developers from all over the world gather in Berkeley to teach you about packet analysis, security and troubleshooting. During the breaks and the evening events you will have a change to talk to the instructors and ask them all the questions you always wanted to ask.
Last but not least it’s great to catch up with returning visitors and meet new ones.
This session was recorded at Sharkfest 2012 - UC Berkely, CA
Over the years of doing network troubleshooting on large and small customer sites a lot of interesting cases and problems have come up, and of course Wireshark software was the most important tool to find out what was really happening. We will take a look at various trace files taken from those real world analysis jobs, and work our way through them to identify the cause of the problem.
Jasper Bongertz is a Senior Technical Consultant at the Fast Lane Institute for Knowledge Transfer GmbH, an international training and services company. Jasper has worked on countless network analysis projects which resulted in the creation of a large training portfolio with a special focus on Wireshark software. Jasper is certified Sniffer Certified Expert (SCE), VMware Certified Professional (VCP3-5) and VMware Certified Instructor (VCI).
This session was recorded at Sharkfest 2012 - UC Berkely, CA
A customer is paying for a bandwidth of 45 Mbps but achieving a throughput of only around 1 Mpbs. Does the bandwidth provider limit the rate; is the server or the client not performing? With Wireshark software you can answer these questions and pinpoint the cause of the bottleneck. Windows Vista/7 has the TCP auto-tuning option enabled by default. But this does not deliver best performance under any circumstances. Using Wireshark's TCP Stream Graph you learn how to optimize TCP sessions and the impact of Window Scaling, Selective Acknowledges, TCP Chimney Offloading, Congestion Control etc. By analyzing trace files you will be able to find the TCP settings for an optimal transmission.
Rolf Leutert, a native of Switzerland, founded Leutert NetServices to provide network training, network troubleshooting, and consulting in 1988. Since then, the company has delivered hundreds of trainings for Sniffer University and other training organizations, and Rolf has attained both Certified Network Expert (CNX) and Sniffer Certified Master status.
This session was recorded at Sharkfest 2012 - UC Berkeley, CA
Tim Poth, Sr. Priority Response Analyst, Bentley Systems
This interactive presentation looks at a number of pcap files to show both interesting "network" issues as well as the techniques used to find the problems. We will cover situations that gave our users trouble such as:
A switch that went dumb
A cluster that wasn't setup correctly
SMB response that lied to us
A scanner that won't scan an SMB share
Vanishing packets in the middle of a file download
Peer to peer music downloads
Tim Poth currently works for Bentley Systems, Inc. (www.bentley.com) as a Senior Priority Response Analyst primarily supporting ProjectWise, Bentley's document management system.
This session was recorded at Sharkfest 2012 - UC Berkeley, CA.
Herbert Grabmayer, Network Analyst, Schoeller Network Control
In this session, you will learn to identify problems of faulty or misconfigured Firewalls, Packet shapers, and Web browsers. The source of the problemwill be made visible with Cascade Pilot software Views, customized Summary Panels in Wireshark software and the Wireshark software TCP Stream Graph. There are a lot more then switches and routers in the network that break the end to end TCP connection and cause issues.
Editor's Note: This session was recorded at Sharkfest 2012 - UC Berkeley, CA.
Vulnerability scanning - that is, remotely determining the security posture of a network-connected computer system - is one of the foundations of Internet security. These scans are based on thousands of individual vulnerability checks, each of which is carefully written to uniquely find a single vulnerability with minimal errors. This talk will take a deep look at how Nessu and Nmap vulnerability scans are written, demonstrating a combination of packet sniffing, reverse engineering, and trial and error!
Ron Bowes works as a vulnerability research engineer for Tenable Network Security. He is best known for his contributions to open source security software including the Nmap Security Scanner, for which he has written dozens of scripts covering a number of complex protocols.
Presenter Profile - Hansang Bae currently leads the Network/Application Performance Engineering Team with direct responsibility for Packet Capture Infrastructure at Citi. He brings a unique perspective with his broad knowledge of protocol analysis in a complex enterprise infrastructure.
As one of his colleagues puts it, “Hansang is one of the most outstanding individuals in the industry. His technical expertise is second to none. He is also an amazing leader, mentor, and a highly ethical, sincere person. Hansang possesses the unique ability to explain highly complex topics to a broad audience, which earned him the trust and respect from every person he encountered within Citigroup. ”
Editor's note - This presentation was recorded at Sharkfest 2012 - UC Berkely, CA - June 24th-27th.
This presentation was recorded at the Sharkfest 2012 User and Developer Conference, held at UC Berkeley, CA on June 24th-27th.
In this video, Hansang dives deep into a complex performance problem using the Wireshark analyzer.
Hansang Bae currently leads the Network/Application Performance Engineering Team, with direct responsibility for Packet Capture Infrastructure, at Citi. He brings a unique perspective with his broad knowledge of protocol analysis in a complex enterprise infrastructure.
Let me just start off by saying that I have used almost every commercial capture-to-disk appliance on the market. Ranging from a 2 TB appliance that I built with open source software to the 96 TB commercial products. Some of the biggest annoyances have always been mining the data out of this huge ring buffer. The other annoyance has been with the vendor claims. Capture boxes that have multiple 10 Gb interfaces and “claim” that they support 10 Gbps, sustained line rate. As we know, it typically is an over committing marketing department that makes these claims and not the engineers that design these products. So I guess we can cut the a little slack.
The 10 Gigabit myth:
As I have mentioned, a number of vendors claim that they handle 10 Gbps with ease, but how do you know unless you test them? As Tim O’Neil says, “Don't trust them, test them”! That is exactly what we did.
Riverbed Cascade Shark:
I recently was able to get my hands on a Cascade Shark Appliance. I suspect many of you have seen my reviews on Cascade Pilot and know how much I love this product for slicing and dicing extremely large trace files. Pilot has truly changed my life when it comes to mining out data from large packet traces. Naturally, I was very excited to see if the Shark Appliance could live up to my huge expectations.
Recent Comments