This week I had the chance to attend the ‘Sharkfest’ conference held on the Stanford campus in Palo Alto. Last year I was busy with other work and missed it… this year I had a gig fall through at the last minute. I’m glad it did! Sharkfest was great! – a chance to go and ‘hang’ with a bunch of other nerds/geeks/techies who like to talk about packets, networking, and stuff.
I was also able to finally put a face to many colleagues I’ve known and worked with for years, but only via phone calls, twitters, and e-mail exchanges. Quite enjoyable.
The campus was beautiful, the buildings architecturally intriguing, and the weather nearly perfect. (OK, the parking was a bit over a half-mile trek from the classrooms – but I needed the walking anyway)There were many people here who do fantastic things keeping their own internal networks, as well as the Internet up and running – I was in awe of these folks. I’m not that into the whole wired network infrastructure thing. I’m a Wireless LAN guy. So I picked the sessions that would help me to better understand and work with Wireless LANs.
Hopefully, next year I’ll be able to present at the 2010 Sharkfest conference. – Mark it on your calendars as soon as it’s announced. You should attend!
Sessions I attended:
- Ray Tompkins – How Protocols Work
- Loris Degioanni (AirPcap) – Sneak Peek at Wireshark and Pilot – Cool Things!
- Betty DuBois – I’ve just downloaded Wireshark… Now what do I do?
- Rolf Leutert – Analyzing WLANs with Wireshark and AirPcap
- Mike Kershaw (Kismet) – Get Thinking about WiFi Security
- Ryan Woodings (WiSpy) – Complementing Wireshark in Wireless Troubleshooting
- Laura Chappell – Network Forensics: Wireshark as Evidence Collector
- Joe Bardwell – Wireshark Saves the Wireless LAN
Others I got to meet:
- Gerald Combs – creator of Ethereal/Wireshark
- Douglas Haider – the ‘WiFi Jedi’
- John Bruno – CACE Technologies
- Janice Spampinato – CACE Technologies – (Thanks for all your help Janice!)
- Fyodor – of NMAP fame
In case you missed the conference, most of the presentations are now available at the Sharkfest web page for download. I know it’s not as good as sitting at the feet of these ‘masters’ – but reviewing the slides will be a good start toward adding some more knowledge.
Now for some highlights – in no particular order:
Browse over to this site and download the latest Wireshark 1.2 – just released with some great new features.
Go and buy one of the new WiSpy 2.4i adapters – the price is only $99 and these are a great addition to your Wireless LAN toolkit. I’ve been teaching and using the AirMagnet (Cognio) Spectrum Analyzer for years – and it does a great job. But for $99 – EVERYONE who is in the wireless industry needs to have one! Pick yours up here.
All attendees received an AirPcap usb device for wireless packet capture in a Windows environment. These come in all sorts of ‘flavors’ from the simple 802.11 b/g ‘classic’ to a new 802.11n with external antennas. It is the ONLY way to do full ‘promiscuous mode’ capture of wireless frames on a Windows platform. You can find them here.
When you put three of them together, you have the ability to capture through a ‘virtual’ driver that allows you to see ‘all’ packets on channels 1, 6, and 11 simultaneously. The best way to help troubleshoot a roaming client. The drivers come with it, and work directly in Wireshark.
Use the Wireshark ‘Wireless Toolbar’ to be able to change and adapt your data capture on the fly.
Add appropriate Wireless specific columns to Wireshark to get the most out of your analysis.
Color code Wireshark to support wireless analysis better. Make special color sets for Management, Control and Data frames. (and even subsets of those for better analysis)
I’m very excited now to have seen lots of Macintosh folks at the conference – using Wireshark, either in a native mode (wireless doesn’t work – only wired), or running in a VM or Parallels using USB devices. I’ve been prepping a couple of VMs to run on my Macbook 13″ Unibody as a wireless analysis platform… cool!
If you haven’t played with the CACE Pilot… go online and request an evaluation. The current version is fantastic. A great addition to the ‘normal’ Wireshark interface. With Pilot you can do much easier, pretty, and detailed analysis of your captures. Loris did a demo of some of the new features in the 2.0 product (to be out in a month or so) that will really ‘blow your socks off’ with respect to analyzing your network traffic and to help in troubleshooting.
The ‘WiFi Pilot’ is a subset of the full blown ‘Pilot’ product – but for me in my industry, it will give me a big step up from the simpler Wireshark analysis. I can’t wait to get some ‘face time’ with the WiFi Pilot.
Go over to Laura Chappell’s site for more training and learning. Or at her new site with more online training.
By the way, I was reminded this week of what a great presenter Laura is. We travelled and taught together for years – through the White Hat, NAST, etc. class series… but it’s been awhile since I’ve sat in one of her classes. I was again impressed with her inate ability to work the ‘techie’ crowd. Just the right about of humor, tech, stories, and information. Well done Laura!
Kudos to all the other presenters as well. I’ve been in this training/consulting/presenting business for many many years, and this was a great group of techincal presentations – based on experience, sprinkled with humor, and yet still able to deliver hard-core technology that the attendees can use.
Congratulations on all those who made this a great conference!