June 04, 2019 • 5 min read
CloudShark has been a participant in SharkFest for a number of years. We love being a part of the packet analysis community and are excited to be speaking alongside other highly respected experts!
Additionally, we’re proud to sponsor a Peralta College CISE Student, for the “Wireshark Analysis Foundations” Pre-Conference Class! We are always glad to help future network and security experts dive deep into the world of packet capture analysis.
SharkFest™ launched in 2008, is a series of annual educational conferences staged in various parts of the globe and focused on sharing knowledge, experience and best practices among the Wireshark® developer and user communities. The US based meeting for 2019 will be held at UC Berkeley from June 8-13.
SharkFest attendees hone their skills in the art of packet analysis by attending lecture and lab-based sessions delivered by the most seasoned experts in the industry. Wireshark core code contributors also gather during the conference days to enrich and evolve the tool to maintain its relevance in ensuring the productivity of modern networks.
Tom Peterson has been helping shape CS Enterprise with his knowledge and expertise in the complex world of network and security analysis. He joined QA Cafe in 2014 after working at the University of New Hampshire InterOperability Laboratory.
You can see some of his work in our series on TCP or his excellent analysis of microbursts in our training blog.
Here’s Tom’s abstract for the session he’ll be giving at SharkFest US 2019. If you’re attending, find him in the Garden Room at 3:15pm on Tuesday June 11th!
Armed with a pcap file, we can examine and analyze the packets that were sent and how they were responded to on the network. We rely on our tools to show us how a TCP stream was reassembled or to give us a list of HTTP websites accessed in a pcap file.
But what happens when TCP segments overlap or when new options like TCP Fast Open are used? Does every device and tool reassemble TCP exactly the same in all cases? Are the latest TCP options supported by all of the tools we use? Could this be used to disguise malicious behavior?
In this session, we’ll look at how TCP packets are processed by operating systems, including Linux and Windows, and compare this to tools such as Wireshark and Suricata. When these don’t match, we’ll look at the packets themselves and go over ways to test how the packets are really being processed. If you know how TCP reassembly works when packets are received simply out of order you might be surprised to see what happens when we look at packet scenarios during this Session!
Some of CloudShark’s key partners are also sponsoring this year’s SharkFest. You’ll find welcome gifts when arriving at SharkFest from:
CounterFlow.ai - CounterFlow AI is a next-generation network forensics platform that enables overwhelmed SOC teams to take an AI-driven approach to cybersecurity. Their integration with CS Threat Assessment provides a seamless user experience for ThreatEye users with the packet level detail they need when performing retrospective threat hunting. Look for more news on this soon!
Profitap - Profitap’s ProfiShark is a high-speed, portable network capture appliance that takes multi-gigabit rate pcaps and uploads them to your CS Enterprise system. You can read their solution brief about their CloudShark integration for more.
There’s a lot to see and do during SharkFest. Some of our favorite presenters and topics include:
Bradley Duncan - Brad is a cybersecurity expert and manages the extremely useful malware-traffic-analysis.net website that is full of examples and exercises for threat hunting. We featured one of these examples in Tom’s webinar on using packet captures to track down malware.
Sake Blok - Sake describes himself as a “relational therapist for computer systems”. You may have seen him in our popular webinar on the Art of PCAP Challenges that we gave earlier this year. He’s a packet analysis superstar and is part of the “Wireshark Analysis Foundations” class at SharkFest and giving his talk, “Solving packet capture challenges: get exact answers from trace files in an automated way”.
Chris Greer - Chris is an experienced network analyst for Packet Pioneer. In addition to also heading the Foundations class, Chris is speaking on “troubleshooting slow networks”.
Jasper Bongertz - We’re a big fan of Jasper and his in-depth knowledge of TCP. He manages the packet capture anonymization and editing tool call TraceWrangler. He’s also running the Foundations class with Chris and Sake, and giving several talks on merging, editing, and otherwise “wrangling” PCAPs.
Hunt Like a Shark - Tom is most looking forward to a class run by Brad Palm, Ryan Richter, and Brian Greunke. “Hunt Like a Shark” aims to show students how to use the tools and techniques for threat hunting at any business level.
And so much more! Check out the full agenda over on the SharkFest site.
SharkFest records most of its speaking presentations and collates them in their retrospective series. In addition, look for an invitation to a webinar we’ll give after SharkFest where Tom will reprise his talk and you too can learn about some of the problems TCP reassembly may cause in your network, and how it can be used to disguise malicious behavior!