Europe got its own Sharkfest in October and the inaugural Wireshark Developer and User Conference was a great success with strong attendance from the user and developer community across Europe. Congratulations to Sharkfest Europe for a great launch to what is sure to be a fantastic annual event.
There was a great program of speakers over the three days. Kicking things off with the pre-conference course was Wireshark University’s Laura Chappell. Her Troubleshooting with Wireshark tutorial was well attended and included invaluable tips for working with Wireshark using workflows which make optimal use of Wireshark to quickly highlight potential issues.
In How to Profitably Use Wireshark for Analyzing Large Traces and High-Speed Links (PDF), Luca Deri from nTop talked about using n2disk on PF_RING – which is supported by Endace DAG cards – to capture from high speed links for offline analysis later.
Jasper Bongertz (Packet-Foo) spoke on False Positives (PDF) in network captures and the importance of using professional packet capture equipment.
He also covered the challenges of working with large trace files in his Tackling the Haystack (PDF) talk. Since Wireshark can’t open large files, he splits large traces into multiple smaller files, and pre-filters them for specific issues. Simply retrieving and processing the large trace files can take hours.
Core Developer Martin Mathieson’s Snort Alerts in Wireshark (Powerpoint) presentation covered extensions to WireShnork for sending packet traces through Snort, and recording the alert information into the packet dissection in the Wireshark interface.
If didn’t attend Sharkfest Europe you can catch up on what you missed on the Retrospective page, where you’ll find links to most of the presentations and some videos of them too. We look forward to catching up with you at Sharkfest US and Europe in the future.