SHARKFEST '08 Developer Track Session Abstracts and Speaker Bios Page 1 of 3

MONDAY, March 31st

Hackathon Kickoff with Gerald Combs, Director of Open Source Projects, CACE Technologies
Until now, Wireshark development has been distributed, with each developer Gerald Combs is the original developer of Wireshark. He started the project in 1998 (under the
working alone in his or her corner of the world. The Wireshark Hackathon provides name Ethereal) while working at an ISP. Since then many bright and talented people have
an opportunity for Wireshark developers to meet face to face and code in real time. contributed to the project, making it the world's premier network protocol analyzer. He currently
10:30am – 12:00pm Open to any Wireshark developer wishing to participate. works with the developers of WinPcap at CACE Technologies as the Director of Open Source
Projects, and is the lead developer of Wireshark. In a past life he has worked as a consultant
for firms in a variety of industries, ranging from telecommunications to pharmaceuticals to
finance. In 2003 he was the recipient of a UMKC Alumni Achievement Award for his
contributions to the field of computer science.
12:00pm – 12:45pm LUNCH
D01: Advanced Scripting and Command Line Usage with tshark and Related Utilities Instructor: Sake Blok, Wireshark Core Developer
Did you ever want to filter out all http-traffic of a certain user of your web- Sake Blok, a Wireshark/Ethereal devotee since 1999, works as a Research & Development
application? Or merge two capture files that were taken at the same time, but on Engineer for ion-ip in the Netherlands. His company provides solutions to customers who want
systems with their clocks not in sync? Yes, then this is a session for you. You will to deliver their applications to users in a fast, secure, efficient and scalable manner. Sake's
learn how to integrate Tshark with standard linux/unix (or cygwin) commands to get main focus is to take new products for a spin in their test environment, design custom solutions
12:45pm – 2:00pm exactly the information you need out of each tracefile. For even more advanced for customers and troubleshoot the problems customers might encounter while using ion-ip
information needs, integration into a scripting language will be covered too. solutions. Two years ago, Sake started to add the functionality he was missing to Wireshark.
He also started to fix Wireshark-bugs that were reported on Bugzilla. This work on Wireshark
resulted in an invitation from Gerald Combs to join the Core Development Team. Apart from
enjoying his work and involvement with Wireshark, Sake also likes to go scuba-diving, go to
arthouse movies and spend time with friends
2:00pm – 2:15pm BREAK
D02: Writing Your Own Wireshark Packet Dissectors INTRODUCTION Instructor: Gerald Combs, CACE
The creator of Wireshark will take you from zero to a complete, working Wireshark Gerald Combs is the original developer of Wireshark. He started the project in 1998 (under the
2:15pm – 3:30pm dissector over the course of this session. The class will focus on developing name Ethereal) while working at an ISP. Since then, many bright and talented people have
Wireshark in a Windows environment, but will touch on other platforms as well. contributed to the project, making it the world's premier network protocol analyzer.

3:30pm – 3:45pm BREAK

D03: Writing Your Own Wireshark Packet Dissectors ADVANCED Instructor: Guy Harris, Wireshark Core Developer
This session will cover topics such as: Guy Harris has been a Wireshark/Ethereal developer for almost 10 years, and has also been a
- reassembly of packets fragmented across multiple low-layer packets libpcap and tcpdump developer for almost 8 years. His day jobs for the past 20 years have
3:45pm – 5:00pm - processing encrypted or compressed data involved development work on NFS and SMB servers, SMB clients, and system code to
- keeping track of transport-layer conversations and other packet flows support them.
- attaching "expert analysis" information to packets
- providing higher-level analysis, such as protocol statistics
- adding protocol preference settings for your dissector
SHARKFEST '08 Developer Track Session Abstracts and Speaker Bios Page 2 of 3

TUESDAY, April 1st

D04: Writing your own Packet Capture Tool with WinPcap and AirPcap Instructor: Gianluca Varenni, Developer and WinPcap Maestro, CACE Technologies
This session, as the title states, will demonstrate how to use both the WinPcap and Gianluca Varenni has worked for CACE Technologies as a lead development engineer since
9:00am – 10:15am
AirPcap drivers to write your own packet capture tool from scratch. Anyone who the company's inception. When he's not punishing his body on the ski slopes, Gianluca is
would like to have expert instruction and reduce the lead time for the development managing the WinPcap development project, writing reams of code, creating new products, and
process should attend. solving all driver-related support issues for the company.
10:15am – 10:30am BREAK
D05: Analysing WLAN 802.11N MIMO with AirPcap N Instructor: Rolf Leutert, Leutert NetServices
802.11n is a major next step in the evolution of WLAN technology and represents Rolf Leutert, a native of Switzerland, founded Leutert Net Services to provide network training,
more than just a new physical layer. First enterprise-class access point to support network troubleshooting, and consulting in 1988. Since then, the company has delivered
10:30am – 12:00pm the IEEE 802.11n draft 2.0 standard are available and deployed. In this session the hundreds of trainings for Sniffer University and other training organizations, and Rolf has
new 802.11n MIMO technology is analysed by using the AirPcap N adapter. You attained both Certified Network Expert (CNX) and Sniffer Certified Master status.
will learn about spatial multiplexing techniques, channel bonding, frame
aggregation and block ACK, high throughput (HT) mode, backwards compatibility
to a/b/g devices etc.
12:00pm – 12:45pm LUNCH
D06: 802.11 Packet Dissection with AirPcap and WinPcap Instructor: Dustin Johnson, Developer, CACE Technologies
12:45pm – 2:00pm
ABSTRACT BIO
2:00pm – 2:15pm BREAK
D07: Programming and Extending the Wireshark User Interface Presenter: Ulf Lamping, Wireshark Core Developer
Do you ever wanted to know more about the Wireshark internals and the User Since 1996, Ulf has been developing network protocols for factory automation systems in
Interface implementation? Maybe even how to enhance the GUI to better suit your Germany. In the last few years, his work has focused on the (Ethernet based) PROFINET
needs? As the documentation in this area is sparse, this session might be for you! fieldbus protocol family. His first experience with Wireshark was around 1999 while
The talk will cover the following topics: developing/troubleshooting factory automation networks and, since 2003, he has spent much of
- Wireshark and the underlying GIMP ToolKit (GTK+) his free time intensively developing Wireshark. His main work with Wireshark is on the GUI,
2:15pm – 3:30pm - Wireshark's internal structure and data model (overview) its usability, the documentation, and the PROFINET protocol dissector. However, he has also
- how's the Wireshark GUI working? implemented various other Wireshark feature changes as well. Currently, Ulf is working on a
- interaction of Wireshark's GUI code and it's data model new extensable file format for Wireshark (pcapng) to have a flexible basis for future
- add your own (context) menu entry improvements, like user-editable comments: "captured on plant 3" and much more.
- add your own protocol statistics
... and a bit of GUI/GTK+ development in general!

3:30pm – 3:45pm BREAK

Birds of a Feather Session WinPcap Do’s and Don’ts Moderator: Gianluca Varenni, CACE
Gianluca Varenni, WinPcap maestro, will lead a discussion of best practices for Gianluca Varenni has worked for CACE Technologies as a lead development engineer since
incorporation of WinPcap in your application. A "must-attend" session for all the company's inception. When he's not punishing his body on the ski slopes, Gianluca is
3:45pm – 5:00pm
WinPcap developers and WinPcap Pro licensees, or those contemplating the managing the WinPcap development project, writing reams of code, creating new products, and
incorporation of either the open source WinPcap or the Professional version in their solving all driver-related support issues for the company.
general or commercial applications.
SHARKFEST '08 Developer Track Session Abstracts and Speaker Bios Page 3 of 3

WEDNESDAY, April 2nd

Roundtable R01: Trace File Formats and Packet Meta Information Moderator: Gianluca Varenni, CACE Technologies
Capturing packets from a single network interface is a concept of the past. We are Gianluca Varenni has worked for CACE Technologies as a lead development engineer since
now facing the problem of storing packets coming from multiple sources, and the company's inception. When he's not punishing his body on the ski slopes, Gianluca is
appending additional information to each captured frame like location and absolute managing the WinPcap development project, writing reams of code, creating new products, and
GPS time references. Given the limits of the current libpcap file format, several solving driver-related support issues for the company.
vendors have adopted proprietary trace file formats, causing major headaches
9:00am – 10:15am when such traces need to be processed by multiple network applications.

This session will discuss some approaches to saving meta-information in a network

trace file, as well as present pcap-ng, the new extensible file format that is in the
process of being adopted by the Wireshark and libpcap projects.

10:15am – 10:30am BREAK

Roundtable R02: Wireshark Roadmap Moderator: Gerald Combs, Director, Open Source Projects, CACE Technologies
The Wireshark Hackathon will close with a round table discussing the results of the Gerald Combs is the original developer of Wireshark. He started the project in 1998 (under the
10:30am – 12:00pm
past three days, with a look forward to the next major additions to Wireshark. - name Ethereal) while working at an ISP. Since then many bright and talented people have
Open to everyone. contributed to the project, making it the world's premier network protocol analyzer.
12:00pm – 12:45pm LUNCH
Panel Discussion R03: The Future of Open Source Network Tools - Panel Moderator: Mike Pennachi, Network Protocol Specialists, LLC Panel Participants: Fyodor,
Founder, insecure.org; Steve Goodman, CEO, PacketTrap; Scott Haugdahl, CEO, BitCricket
Mike Pennacchi will lead a distinguished panel of industry pundits and experts in a Mike Pennacchi is the owner and Executive Network Analyst for Network ProtocolSpecialists,
lively discussion of the future of open source applications vs. commercial IP. LLC in Seattle, WA. He has over 10 years experience as a full-time troubleshooting consultant
and trainer, and uses Wireshark extensively in his work. At Interop 2005 Las Vegas, Mike led
the team of networking professionals responsible for patching and troubleshooting the event
network. Fyodor runs the Internet security resource sites Insecure.org, SecLists.Org, and
SecTools.org, is a best-selling author, founding member of the Honeynet Project, and serves
12:45pm – 2:00pm
on the Board of the Computer Professionals for Social Responsibility. Steve Goodman is the
CEO of PacketTrap, a company that provides affordable enterprise-class network management
tools and solutions to manage networks from a single, centralized dashboard. PacketTrap is
100% committed to the open source community, working to bridge commercial solutions and
open source projects. Scott Haugdahl is a network industry veteran with over 25 years of
experience as a consultant, author of the popular "Network Analysis and Troubleshooting" must-
read book for network engineers, and entrepreneur.

2:00pm – 2:15pm BREAK

D09: File & Disk-Sharing Protocols Presenter: Richard Sharpe, Wireshark Core Developer
2:15pm – 3:30pm
ABSTRACT BIO
CONFERENCE ENDS