Category Archives: Announcement

Sharkfest ’11 Recap

The fourth annual Sharkfest was held last week. If you missed it, don’t worry. We are busy uploading all of the presentations to

The conference started with a keynote by Dr. Steve McCanne, CTO of Riverbed. He described the history of BPF and how its optimizing compiler works. It was interesting to see all of the problems he ran into and the solutions he found. The presentation was easy to follow despite its technical level. (Steve created BPF, and co-wrote tcpdump and libpcap.)

The keynote set the tone for the rest of the conference, which featured a lot of talented speakers. Jeff Carrell’s IPv6 was so popular it had be repeated several times over the course of the conference. Lara Chappell, Hansang Bae, and Betty Dubois drew their usual huge crowds. The other presenters did great jobs as well.

People have great ideas for improving Wireshark. Plenty of these ideas and suggestions were heaped our way throughout the conference, especially during the last two sessions. I hope to spend some time this summer implementing some of them.

Wireshark is very much a community-owned project. It is where it is today because of the developer and user communities. Steve stressed this fact during his keynote and it was readily apparent throughout the conference. On behalf of the developer team, the Sharkfest organizers, and Riverbed I extend my heartfelt thanks to the Wireshark community. This continues to be an amazing adventure and I can’t wait to see what the future has in store.

Looking forward to Sharkfest ’11

I’ve been looking over the session schedule for Sharkfest ’11. Once again Janice and Sheri have created an event which guarantees a wealth of knowledge and insight for everyone attending.

What to expect

Sharkfest is small. This is on purpose. We limit the size of the conference in order to allow more one-on-one communication between the attendees and presenters.

It has a high knowledge density. Our strategy is to gather together a bunch of people who are excited about Wireshark and protocol analysis, and know what the heck they’re talking about. We do our best to make sure the presentations focus on usable information with a minimum of fluff.

How to get the most out of Sharkfest

Sharkfest is active, not passive. Mingle. Compare notes. Many of the attendees are Wireshark power users, but many are not. Everyone has something insightful to share. The worst thing you can do is keep to yourself.

For the past three years I’ve had the opportunity to witness the top people in protocol analysis exchanging and sharing ideas. I look forward to seeing the same thing this year. See you there.

Is there an RFC for hashtags?

On May 24, Steve McCanne, Loris Degioanni and I will answer questions sent to us on Twitter via #packetcap. We’ve given talks about the origins of tcpdump, BPF, WinPcap, and Wireshark live but this is the first time we’ll do so remotely and capped at a 140-byte MTU. It should be fun and informative and I hope you’ll join us.

Full details on the Riverbed blog.

Wireshark Has a New Home

By now you may have seen the press release and announcement about the purchase of CACE Technologies (my as-of-three-and-a-half-seconds-ago former employer) by Riverbed Technology (my new employer). In the announcement to the wireshark-users and wireshark-dev mailing lists I mentioned Riverbed’s commitment to the Wireshark community. I’d like to expand on that a bit.

Wireshark is more than a protocol analyzer. It is the foundation for relationships between several groups of people: the user community, the developer community, Wireshark University (driven by Laura Chappell), and CACE Technologies. Each one is an important part of Wireshark as a whole. We often referred to it as “the ecosystem” at CACE. It is an honor to be a part of it.

The important, wonderful, and rare thing about the ecosystem is that it benefits everyone involved. You can see this in action on Wireshark’s mailing lists, Laura’s seminars, and at SHARKFEST. It’s something that we worked hard to foster at CACE. What’s even better is that with Riverbed this commitment doesn’t change. Everyone I’ve talked to at Riverbed, from the CEO and CTO on down is committed to Wireshark and to its community. They realize we have a good thing going and they want to keep it that way.

On a personal level this has been an incredible journey so far. Every day I get to work with the amazing people on the Wireshark development team and at CACE. I also get to interact with the amazing people who make up the Wireshark community. For that I am grateful and I look forward to helping the ecosystem grow and evolve in the coming years.


There have been requests over the years for an online forum for Wireshark. I’m not too crazy about traditional forums, particularly for support. You often end up digging through a lot of not-so-useful content to get to the information you’re looking for.

(If you can see where this is going and are impatient, you can go straight to the new support Q&A site now. Otherwise read on.)

Last year Jeff Atwood and Joel Spolsky started Stack Exchange, a collection of question & answer sites including Stack Overflow, Server Fault, and Super User. SE fixes everything that’s wrong with traditional form software. Useful answers can be voted up by the community, and “hot” questions are listed first.

Stack Exchange is wonderful but they require you to host your content on their servers. This is goes against my control freak sensibilities, so I had to look elsewhere for a solution. I found OSQA. The software is still beta, but it’s quite functional and becoming quite popular.

Here are some of the things you can do with OSQA:

Vote questions and answers up and down

This means that the good stuff floats to the top. Additionally the person who posted the question can select one answer as the best.

Comment on questions and answers

This lets you have a traditional forum-style linear discussion when you need it.

Tag questions

Tags let you categorize questions. For instance the python tag on Stack Overflow will give you all of the Python programming questions.

Earn karma

As you ask questions and provide helpful answers you gain karma points. This lets you do things like…

Edit content

Power users can correct, clarify, or otherwise make helpful changes to things others have posted.

Q&A sites aren’t for everyone. They tend to work best when you have a bunch of helpful, active, and knowledgeable people willing to exchange ideas in a particular field. As luck would have it this describes the Wireshark community to a tee.

Go try it for yourself at

Sharkfest ’10 Is Going To Be Awesome

We just finalized the schedule for Sharkfest ’10. This year’s agenda includes:

  • Van Jacobson and Harry Saal, who formed protocol analysis with their bare hands
  • Two three wireless security experts including Mike Kershaw and Thomas D’Otreppe, the creators of Kismet and Aircrack-ng
  • Network security experts including nmap creator Gordon “Fyodor” Lyon
  • Five six many amazing protocol analysis instructors, including Laura Chappell, Betty DuBois, Sean Walberg, and Joe Bardwell
  • Several members of Wireshark’s development team
  • Protocol, network, and application performance experts from Citi, Google, and Intel
  • Lots of other great presenters. See for yourself.

The attendees are amazing and knowledgeable as well.

Tell your boss I said you should go.

Sharkfest ’10 Registration Now Open

Registration for the third annual Wireshark Developer and User Conference is now open! If you want to learn how to get the most out of Wireshark, develop dissectors, or just hang around with protocol geeks this is the place to be!

Leveraging Your Settlement

Comcast owes me money. They owe lots of people money.


In 2007 and 2008 Comcast forged TCP RST packets in order to throttle P2P and other kinds of traffic. This resulted in several class-action lawsuits. They recently settled one of them and agreed to pay each affected customer $16.

From an individual perspective this isn’t a lot. However, for those who are eligible for the settlement I have a proposal: submit your claim form and make it part of a larger donation to your local food bank or homeless shelter.

That’s what I’m going to do.