11 Basic Track Session Abstracts and Speaker Biographies

Basic Track
Session Abstracts
and Speaker Biographies
Published May 13th, 2011

SHARKFEST '11 Basic Track Session Abstracts and Speaker Biographies Page 1 of 6
TUESDAY, June 14th
9:15 am – 10:00 am
KEYNOTE: The Architecture & Optimization Methodology of
the libpcap Packet Capture Library
In 1988, I embarked on a research collaboration with Van Jacobson at the
Lawrence Berkeley National Laboratory, where we sought to improve the state of
the art in packet capture systems of that era. This work with Van culminated in
the open-source releases of the network monitoring tool tcpdump, the BSD
packet filter BPF, and the packet capture library libpcap.
In this talk, I will describe in detail the architecture that embodies libpcap as well
as reminisce a bit on my work from 20 years ago by sketching some of the
history around tcpdump and BPF. With that context established, I will then
discuss the libpcap compiler and optimization system and walk through a
detailed example of how a high-level filter is translated into an efficient BPF
program. Finally, I will discuss the evolution of libpcap beyond my early work,
and compare my compiler-based approach to subsequent developments in
research and in industry. Despite these more modern developments, libpcap’s
pervasiveness across Linux, Windows, and MacOS as well as its use by the
widely deployed wireshark protocol analyzer seems to indicate that the libpcap
packet capture model has withstood the test of time.
Presenter: Steve McCanne, co-creator tcpdump, co-founder and
CTO, Riverbed
Steve McCanne earned his bachelor’s degree and PhD from the Electrical
Engineering and Computer Science department at U.C. Berkeley. While a student,
he conducted research in the areas of packet capture, multicast protocols, signal
compression, multimedia, IP telephony, and video conferencing. As part of his
research, Steve co-authored several widely-used open-source software projects,
including the BSD packet filter, libpcap, tcpdump, the ns network simulator, and the
MBone tools. Steve also holds an obscure claim to fame that he authored the first
implementation of the modern-day VoIP protocol. After completing his PhD in
1996, he joined the faculty of computer science at U.C. Berkeley and served as an
assistant professor. In 1998, he took a leave from his faculty job to co-found
FastForward Networks, where he thrived on developing technology products and
decided to leave the academic paper writing behind. After he sold FastForward to
Inktomi Corporation in 2000, he served as chief technology officer of Inktomi, until
2002, when he co-founded Riverbed Technology. At Riverbed, Steve developed a
novel solution to enterprise WAN performance problems, work which led to the
creation of a new enterprise product category and to the emergence of the multibillion
dollar WAN acceleration market. Steve is currently serving as chief
technology officer at Riverbed and is a member of their board of directors.
10:00 am – 10:15 am
10:15 am - 11:30 am
11:30 am - 11:45 am
11:45 am – 1:00 pm
BREAK
B-1: I've Downloaded Wireshark…Now What
Instructor: Betty DuBois, Wireshark U Instructor, Founder,
DuBois Consulting LLC
This is the perfect course to obtain a foundation in Wireshark analysis
Betty DuBois has been a networking instructor and consultant for over twenty
functionality. This introductory course defines tap-in points and methods, and years. Currently, Betty is a Wireshark University Instructor, creator of the "Network
covers capture options and capture filters used to reduce the amount of traffic to Mystery" series of videos featured on the wireshark.org site, and network
review. Betty provides an overview of key Wireshark areas including the trainer/consultant for hire.
Summary Information, Protocol Hierarchy, Conversations/Endpoints, and basic
Display Filtering.
BREAK
B-2: Mobile Application Analysis with Wireshark
Instructor: Joe Bardwell, President, Connect802, Inc.
Joe Bardwell will walk you through and explain a real-world troubleshooting
scenario where Wireshark was used to analyze WiFi mobile roaming and
connectivity problems. The expected 802.11 behavior will be explained and the
deviations from the norm will be called out in Wireshark traces and statistics.
You’ll see the techniques used for efficient evaluation of mobile roaming and
connectivity.
Mr. Bardwell is the President of Connect802 Corporation, a national wireless
system solution provider. Mr. Bardwell was the founding engineer and program
manager for the Certified Network Expert (CNX) professional certification program.
His professional career, which spans over 30 years, includes technical
management and executive positions with a number of network industry leaders,
including WildPackets and Network General.

SHARKFEST '11 Basic Track Session Abstracts and Speaker Biographies Page 2 of 6
1:00 pm - 1:55 pm
2:00 pm - 3:15 pm
LUNCH
B-3: Discovering IPv6 with Wireshark
Instructor: Rolf Leutert, Leutert NetServices
According to the Internet Assigned Numbers Authority, the IPv4 address range Rolf Leutert, a native of Switzerland, founded Leutert Net Services to provide
will be exhausted soon, i.e., no new IPv4 addresses will be available anymore network training, network troubleshooting, and consulting in 1988. Since then, the
later this year. Even if you have reserved plenty of IPv4 addresses for your company has delivered hundreds of trainings for Sniffer University and other
environment, what about your customers or your strategic partners They may training organizations, and Rolf has attained both Certified Network Expert (CNX)
ask you for IPv6 support soon, so it’s time to get IPv6 ready. It’s not only the and Sniffer Certified Master status.
huge address space that differentiates IPv6 from IPv4, there’s a lot more like:
new address allocation process, the absence of broadcasts on layers 2 and 3,
the better support for mobility and much more. Wireshark is the ideal tool to
discover the main protocol differences. During this introduction, you will learn
about new IPv6 fields, address allocation and neighbor discovery processes and
get ready to discover more yourself.
3:15pm – 3:30pm
3:30 pm - 4:45 pm
BREAK
B-4: Visualizing RF
Instructor: Ryan Woodings, Chief Geek, MetaGeek
It's impossible to troubleshoot what you can't see, which is why RF visualization Ryan Woodings is Chief Geek and Founder of MetaGeek, LLC, the creators of the
tools are so vital for keeping your WiFi networks up and running efficiently. This first truly affordable spectrum analyzer. As MetaGeek has grown, Ryan has worn a
presentation will use several techniques to visually examine signals from a variety of hats. These days, now that he is a new father of a gorgeous baby girl, he
variety of 2.4 and 5 GHz devices, showing the interaction of these devices with spends more time around the house and less time running the marathons that
WiFi networks. Pay attention, a pop quiz may be administered!
previously occupied most of his spare time.

SHARKFEST '11 Basic Track Session Abstracts and Speaker Biographies Page 3 of 6
WEDNESDAY, June 15th
9:00 am - 10:30 am
B-5: Eliminate Your Monitoring Headaches
Network engineers struggle with limited access points, expensive and underutilized
tools and complicated monitoring devices. In this session you’ll see firsthand
how to simplify the management and monitoring of expansive networks.
Instructor: Charles Webb, CTO, Anue Systems
Charles Webb, a founder, is the CTO of Anue Systems and led the development of
the network emulation platform for Anue. He has more than 20 years of experience
in the design and architecture of high-speed networking products. Mr. Webb
presents regularly at conferences such as WSTS and ITSF and contributes to
standards development at ITU-T, TIA and IEEE. Prior to starting Anue Systems, Mr.
Webb was a distinguished member of technical staff at Bell Laboratories, where he
led teams developing fiber optic networks, HDTV and wireless communications.
Mr. Webb holds a master’s degree from Columbia University in electrical
engineering, and a bachelor’s degree, with honors, from Rensselaer Polytechnic
Institute. He has co-authored five technical papers and has been granted twelve
patents, with seven more pending.
10:30 am - 10:45 am
10:45 am – 12:15 pm
12:15 pm – 1:15 pm
1:15 pm – 2:45 pm
BREAK
B-6: Network Mysteries and How To Solve Them
Instructor: Betty DuBois, Wireshark U Instructor and Principal
(Mystery #1)
Consultant, DuBois Consulting, LLC
In this session, Detective Betty DuBois will review one of the elusive network Betty DuBois has been a networking Instructor and Consultant since 1997.
cases she has solved using Wireshark and Pilot. There will be plenty of forensics Currently, Betty is a Wireshark University Instructor, and creator of the "Network
evidence provided, and lots of practical information to help you solve your own Mystery" series of videos featured on the wireshark.org site, and network
network mysteries. This session will be a deep dive into the "Case of the Slow trainer/consultant for hire.
Network". Betty will walk the attendees through how the data was captured
(tshark & AirPcap), the methods used to isolate the problem (SMTP relay
infection), and which users were infected. A trace file of the issue will be
provided so attendees can follow along.
LUNCH
B-7: Discovering WLAN 802.11n MIMO
Instructors: Rolf Leutert, Leutert NetServices
This session will focus on the ease at which VoIP traffic can be examined, and
quality of service issues addressed with Wireshark and the Pilot UI.
Troubleshooting WLANs is a challenging task already, but understanding all the
extensions of the new 802.11n MIMO standard is even more demanding.
This session will provide you with the necessary theoretical background and
demonstrate the major changes and improvements of this high-throughput
standard by using Wireshark trace files captured with the AirPcap Nx adapter.
You will learn technical details about spatial multiplexing techniques, channel
bonding, frame aggregation, block ACK etc. and the issues with backwards
compatibility to 802.11a/b/g devices.
Rolf Leutert, a native of Switzerland, founded Leutert Net Services to provide
network training, network troubleshooting, and consulting in 1988. Since then, the
company has delivered hundreds of trainings for Sniffer University and other
training organizations, and Rolf has attained both Certified Network Expert (CNX)
and Sniffer Certified Master status.

SHARKFEST '11 Basic Track Session Abstracts and Speaker Biographies Page 4 of 6
2:45 pm – 3:00 pm
B-8: Wireshark Certification - What It is and How to Get It
BREAK
Instructor: Laura Chappell, Founder, Wireshark & Chappell U
3:00 pm – 4:30 pm
Learn about the 33 areas of study for the WCNA Certification and the best
methods to prepare for the testing-center proctored or online proctored Exam.
Laura Chappell is the founder of Chappell University and the co-founder of
Wireshark University with Gerald Combs. Long-time, well-known Wireshark
evangelist and author of the best-selling "Wireshark Network Analysis: Official
Wireshark Certified Network Analyst Study Guide" and numerous other industry
books, Ms. Chappell began her career as a network analyst in 1991 when Novell
acquired the LANalyzer product. She has worked with numerous analyzer products
since then but, in 1999, decided to focus her analysis time working exclusively with
the open source Ethereal (now known as Wireshark) network and protocol analysis
tool.
Recently, Laura developed the Wireshark Certified Network Analyst Program and
manages the Wireshark University Authorized Training Partner Program and the
Wireshark University Authorized Instructor Program.

SHARKFEST '11 Basic Track Session Abstracts and Speaker Biographies Page 5 of 6
THURSDAY, June 16th
B-9: Mobile Application Analysis with Wireshark
Instructor: Joe Bardwell, Founder, Connect802
9:00 am – 10:30 am
10:30 am – 10:45am
10:45 am – 12:15pm
12:15 pm – 1:15 pm
1:30 pm – 3:00 pm
3:00 pm – 3:15 pm
In this session, Joe Bardwell will walk you through and explain a real-world
troubleshooting scenario where Wireshark was used to analyze WiFi mobile
roaming and connectivity problems. The expected 802.11 behavior will be
explained and the deviations from the norm will be called out in Wireshark traces
and statistics. You’ll see the techniques used for efficient evaluation of mobile
roaming and connectivity.
Mr. Bardwell is the President of Connect802 Corporation, a national wireless
system solution provider. Mr. Bardwell was the founding engineer and program
manager for the Certified Network Expert (CNX) professional certification program.
His professional career, which spans over 30 years, includes technical
management and executive positions with a number of network industry leaders,
including WildPackets and Network General.
BREAK
B-10 Using Wireshark to Support the Application Instructor: Tim Poth, Sr. Priority Response Analyst, Bentley
Systems
This presentation will take an interactive look at a number of pcap files to show Tim Poth currently works for Bentley Systems, Inc. (www.bentley.com) as a Senior
both interesting "network" issues as well as the technique used to find the Priority Response Analyst primarily supporting ProjectWise, Bentley's document
problem. The files presented show situations that gave our users trouble, such management system.
as:
• Proxies injecting code to http cookies
• Spotting proxy log-in failures
• Unexpected client-side firewall failovers
• Non-intuitive ICMP packets as a result of slow DNS responses
• Peer-to-peer music downloads
LUNCH
B-11: Network Mysteries and How To Solve Them
Instructor: Betty DuBois, Wireshark U Instructor and Principal
(Mystery #2)
Consultant, DuBois Consulting, LLC
In this session, Detective Betty DuBois will review one of the elusive network Betty DuBois has been a networking Instructor and Consultant since 1997.
cases she has solved using Wireshark and Pilot. There will be plenty of forensics Currently, Betty is a Wireshark University Instructor, and creator of the "Network
evidence provided, and lots of practical information to help you solve your own Mystery" series of videos featured on the wireshark.org site, and network
network mysteries. This session will be a deep dive into the "Case of the trainer/consultant for hire.
Missing Download". Betty will walk attendees through how the data was
captured (tap & Wireshark), the methods used to isolate the problem (Thin client
who could not download its OS), and how to prove whose fault it was. A trace
file of the issue will be provided so attendees can follow along. Note: The trace
has been edited to protect the innocent.
BREAK

SHARKFEST '11 Basic Track Session Abstracts and Speaker Biographies Page 6 of 6
3:15 pm - 4:15 pm
B-12: Network Access Security - It's Broken - Now What Instructor: Jeff Carrell, Network Systems and Security
Consultant
This presentation will focus on controlling access to the network by requiring Jeff is a network systems and security instructor on HP ProCurve Networking
users of computers to authenticate with appropriate credentials and devices products, delivering technical courseware through North America. In addition, he
such as Voice over IP (VoIP) phones to also authenticate with credentials, by provides network consulting services with an emphasis on security in wired,
implementing the IEEE 802.1X standard on the LAN infrastructure. If the wireless, and VoIP networks. His 30-year involvement in the computer industry
provided credentials don't pass authentication, the port of the LAN switch includes specific concentration in the internetworking sphere for over 22 of those
remains "closed" so that the network is inaccessible. In addition, policy access years.
controls can also be implemented and enforced at the network layer so that once
a user has authenticated on the network, the access granted
can be further refined to only provide access to the systems specifically needed
for the user, and also potentially control the time of day/day of week and location
(ie., office/desk, conference room, break room, etc.) that the users can have the
access. With this type of user authentication capability, not only can employee
users have the access needed, but guest-type users can be authenticated on the
network and be provided only with access that doesn't expose the company's
data assets to increased risk.
The presentation will include a live demonstration.
4:30 pm - 6:00 pm
Wireshark Core Developer Closing Roundtable and
SHARKFEST Wrap-Up: Looking Ahead to the Next 10 Years –
ROOM 200
Gerald Combs and a representative group of Wireshark Core Developers will
discuss the Wireshark Road Map and take suggestions from attendees for future
product direction during this closing session.
This time will also be used to summarize our collective experience and
impressions of our 3 days together and to socialize one last time before parting
company.
Moderator: Gerald Combs
Gerald Combs is founder and lead developer at Wireshark development team.

Hands-On Lab: Building an IPv6 Network from the Ground Up: Session Dates and Times
MONDAY, June 13th
1:00 pm – 2:15 pm
Building an IPv6 Network - Part One
Instructor: Jeff Carrell, Network Systems and Security Consultant
By attending this lab, attendees will configure a network system of several Jeff is a network systems and security instructor on HP ProCurve Networking products,
different brands of equipment, utilizing only IPv6, DHCPv6, and IPv6 routing. delivering technical courseware through North America. In addition, he provides network
Attendees will be required to provide their own laptop with any operating system consulting services with an emphasis on security in wired, wireless, and VoIP networks. His
that has support for IPv6 and serial port (either RS-232 port or your supplied 30-year involvement in the computer industry includes specific concentration in the
USB-to-RS-232 adapter) capability in order to participate in these labs. internetworking sphere for over 22 of those years.
A working knowledge of IPv6 is helpful but not required, as lab configurations will
be fully detailed.
LIMITED TO 24 REGISTERED PARTICIPANTS
2:15 pm – 2:30 pm
2:30 pm - 4:30 pm
Building an IPv6 Network - Part Two
Continuation of part one.
BREAK
Instructor: Jeff Carrell, Network Systems and Security Consultant
See above.
WEDNESDAY, June 15th
Building an IPv6 Network - Part One
See above.
9:00 am - 10:30 am
LIMITED TO 24 REGISTERED PARTICIPANTS
Instructor: Jeff Carrell, Network Systems and Security Consultant
See above.
10:30 am - 10:45 am
10:45 am - 12:15 pm
Building an IPv6 Network - Part Two
See above.
BREAK
Instructor: Jeff Carrell, Network Systems and Security Consultant
See above.
THURSDAY, June 16th
Building an IPv6 Network - Part One
See above.
9:00 am - 10:30 am
LIMITED TO 24 REGISTERED PARTICIPANTS
Instructor: Jeff Carrell, Network Systems and Security Consultant
See above.
10:30 am - 10:45 am
10:45 am - 12:15 pm
Building an IPv6 Network - Part Two
See above.
BREAK
Instructor: Jeff Carrell, Network Systems and Security Consultant
See above.