Last week saw the 10th Annual SharkFest conference held in Pittsburgh at Carnegie Mellon University.
SharkFest is a conference for developers and users of the open-source Wireshark application, and draws a varied audience including people from NetOps, SecOps, Telcos, Government, industrial plant operators and manufacturers as well as vendors.
One of the real strengths of SharkFest is that it’s not too big. While large enough to attract Wireshark users and developers from around the world, SharkFest still remains intimate enough for the attendees to have plenty of opportunity to engage with Wireshark’s creator and lead developer, Gerald Combs, and core Wireshark developers and to have input into the future direction of Wireshark.
Amongst all attendees there was general recognition of the growing importance of packet history in providing ground truth for investigating security events and troubleshooting network problems. There was also recognition of the growing importance of continuous – as opposed to ad-hoc – packet capture in providing evidence for security investigations, and a number of presentations referenced the challenges of multi-point packet capture.
Endace CTO, Dr Stephen Donnelly, spoke about augmenting packet capture with contextual metadata – which becomes especially critical when implementing multi-point continuous packet capture solutions. Metadata allows packet history to be self-describing, so its context can be carried along with the data wherever that data may be consumed. Stephen’s SharkFest presentation is online and can be viewed below.
SharkFest is always a very interesting and valuable conference. It is a great opportunity to be part of helping to shape what has become an incredibly important tool for our industry.
Endace was very pleased to be a sponsor at SharkFest 2017, and we’re looking forward to SharkFest Europe later in the year too. Thanks to the SharkFest team (and the fantastic Janice Spampinato) for all your help. Great job!