Sharkfest 2015 recap

“Jasper, do you have a minute?”

I think that is the one sentence that I heard most at Sharkfest 2015, which is the annual Wireshark developer and user conference. Which makes it the most interesting place to be for anyone doing network analysis, for business or fun/hobby (yes, those exist). People asking me for a minute involved Wireshark core developers, other speakers, and of course Sharkfest attendees.

The awesome thing about this was that we solved a couple of issues with the new QTShark version (a.k.a. “Wireshark 2.0”) in a very short amount of time – it’s incredible when you have a happy core developer like Alexis, Jim, Gerald (or any of them, really) look at you, telling you “they got it working” (“it” being a bug fix, new feature or anything else) – and you only had told them about the problem/feature half an hour ago. Great job, guys! 🙂

The week before Sharkfest I was attending FIRST conference in Berlin and did a talk about how to quickly verify IoC Snort hits with TraceWrangler and Wireshark. During FIRST, someone said “this is the best conference because you can talk to anyone” – which was true, and it was a great conference. But still, hearing that, my initial thought was “uhm, you obviously never visited Sharkfest…” – to be fair, Sharkfest is a lot smaller (on purpose), so it’s easier to mingle 🙂

Interaction is key

Sharkfest is all about interaction. User to User, Developer to Developer, User to Developer, User to Speaker, Speaker to Developer, Speaker to Speaker, and any other combination in case I forgot one. Below you can see me talking to Thomas d’Otreppe (author of Aircrack-NG) and Gerald (author of “a weekend project that got out of hand” in his own words, a.k.a. Wireshark). I’m the guy with the white name tag, which makes me kind look awkward.


To improve user interaction, Sharkfest 2015 introduced a new location which was called “The Reef”. The Reef was the place to go if you wanted to work on some of the many challenges (I had a special on called “Megalodon Challenge” that involved a real world problem with large capture files – I maybe should have promoted it more, though). You could also have some whiteboard time with one of the mentors roaming the reef. Here you can see Rolf explaining a beta version of cool Wireshark graphing plugin to a group of attendees, while Jim (editor of Laura’s book “Troubleshooting with Wireshark”) rests in the background in one of the comfy chairs that you could use if you just wanted to chill for a moment (or two):


But as it happens at Sharkfest, packets are even examined during lunch hour (here an example of Chris showing tshark misbehavior to Evan and Graham):

The sessions

I did three talks this year, all of them in the biggest room and with good interaction from the audience. The one about virtual capture setups was the last in line, and it was scheduled to run at the same time as one of Hansangs talk. Thanks to Janice and especially to my colleague Chris for switching slots with Hansang I could see his talk and he could attend mine. Only when preparing the PDFs of my slide decks for the Sharkfest Retrospective page I realized I had more slides after the live demo that I never showed. Oops. Well, you can download the PDF and read them if you like – and I apologize for the “cloud” title; I guess some people expected more on “real” cloud captures (which is easily answered though: unfortunately you can only do local captures inside the VMs, as the cloud providers will never let you walk into their data centers for physical access – yes, even if you can tell them “it’s just a laptop running Wireshark, for troubleshooting!”).

I did a TraceWrangler talk that was fun (sorry for the PDF of the slide set to be not really helpful, but you simply can’t beat live demo – here is the screen capture of my laptop). The advanced TCP talk I did received very good feedback from the audience.

A couple of attendees told me later that they had seen the DUP ACK phenomenon like I demoed in my talk and had learned a lot about what they could do about it.

Like every year, there were far more interesting talks than I could attend. I tried to see as many as I could. Robert Bullen had an interesting talk about a new tool he wrote, called SuperDeduper. I’m not sure I agree about deduplicating traces including layer 3 duplicates, but the tool may come in handy every once in a while. Chris Bidwell spoke about the challenges troubleshooting high frequency trading setups (it remembered me of a quote my buddy Eddi said once to me: “you’ve never done troubleshooting in high frequency trading if you haven’t had a desk phone thrown at you” 🙂 ). Then there were Hansang’s sessions of course, and Sake with his capture setup session right in front of my own about virtual captures.

This year we did a speaker photo, which was a great idea (btw, welcome back, Betty & Sake!):

Sharkfest Speakers 2015


This year Sharkfest was held in the Computer History Museum in Mountainview, and I have to say it was an awesome location (well, so far every year the locations have been great). A former Silicon Graphics building (the 3D workstations we used back in the 90s when I was still working on Computer games), it is now a museum on the ground floor with a conference center on the 2nd floor (or “1st floor” for Europeans, as the US starts with “1st floor” being ground level). I have to say the only thing I missed a little was the additional sunny outdoor environment we had last year in San Rafael.

This year the conference seems to have been a bigger job than in earlier years:

  • the reef had to be built, which was quite a big room with lots of elements and decorations. Great job, guys!
  • the developer den had a new neon sign, and there was a “Bait shop” where you could pick up free goodies like signed posters (on it, TraceWrangler is mentioned on it with my name as well, wow!) and USB sticks next to a meeting room called “Tide Pool”:
  • there were new feedback cards for the talks that allowed giving a quick score for the session. Great idea!
  • there was a special dinner with “Movie night” and staff members dressed as sharks. The movies were “Sharknado 2” and “Sharktopus“, both of which are great fun if you don’t take anything happening seriously 😉
  • the vendor night was great fun, too – attendees chasing through the computer museum exhibits to find specific things (Chris told me he found the picture of Bill Gates and Paul Allen only when we walked through the museum on our own pace with Hansang the next day). In the raffle the vendors gave away valuable items like network taps and other gadgets.
  • the speakers and developers received special “Wireshark shirts” so you could easily spot them (if they wore them, of course 😉 ). BTW, please make colored t-shirts again next year; the black ones were a little dull for my taste (but that’s just me, of course)
  • oh, and I have to say this: please have name tags with dual lanyard straps instead of the clip on tags next year. Pretty please?

Special advice

I said it before, and I say it again: if you do packet analysis and haven’t been at Sharkfest, come and join us next year. By the way, @Cloudshark, I didn’t see you guys this year – what’s up with that?! 🙂

Inside tip: choose a hotel where the developers, speakers or other attendees stay, so you can have cool after-show sessions like this one (I was behind camera 🙂 )

I have to warn about kamikaze hot tub cannonball attacks from a certain dutch core developer  though – there’s a chance of plenty of splash “damage”, so keep your electronics out of harms way if he’s around 😉

Final words

Thanks to all the Sharkfest staff (awesome job, again! Thank you so much, Janice, Angelo and all of the others!) and everyone attending! See you next year!

Also, here are a couple of links to other recaps:

Chris Greer on

John Schreiner on his blog

There is also a larger photo set on dropbox.

And, to answer the question I started this post with: “Yes. Yes, of course I have a minute.”


Discussions — No responses yet