SharkFest

Wireshark: Rookie to Vet in 75 minutes

Designed for those new to Wireshark or looking for a refresher on Wireshark 2.x features and foundational analysis techniques. Learn how to use Wireshark to find the culprit in two common mysteries.  1. Application X doesn’t work.  2. Application Z is slow.  When the client asks the question, do they get a response? Is it a yes, or no? If yes, how long did it take? If no, how long did it take, and what was the error? What did the client try to do next?  We’ll use a combination of saved traces and live capture to learn the most efficient systematic approach for locating these clues in Wireshark.  

Bring your laptop! This is a hands-on event.

SMB/CIFS Analysis and Troubleshooting

SMB/CIFS is a ubiquitous protocol whether we like it or not.  Being able to understand the inner workings is critical to performance monitoring and troubleshooting the file transfer protocol used by Microsoft and Samba.  This session will cover the SMB implementation used by Server2012/2016 and Windows 8.1/10.  Trace files will be made available during the session so attendees may follow along in Wireshark.  Service Response times and LOAD in I/O Graphs will be covered. 

Bring your laptop! This is a hands-on event.

SharkFest 2017 Files

Wireshark - Rookie to Vet in 75 Minutes

Here are the files that go with the presentation. The link will take you to OneDrive. No login is necessary for downloads.  Please unzip the GeoIP folder, but leave the trace files gzipped for the presentation. Supplemental material is available in the OneNote.

SMB Analysis and Troubleshooting

Here are the files that go with the presentation. The link will take you to OneDrive. No login is necessary for downloads.  Please unzip the sf17us-SMB folder, but leave the trace files gzipped for the presentation. Supplemental material is available in the OneNote.

Wireshark Rookie to Vet OneNote

All of the presentation notes and resource materials are here.

SMB OneNote

All of the presentation notes and resource materials are here.