Day 1: Thursday May 8th

• 9:00

  Welcome to PacketFest
• 9:15

  Kelley Misata - OISF
  Beyond the Code: The Expansive Role of Open Source in Building Stronger Communities and Driving Innovation
  Open Source Suricata IDS

  Open source is not just about code—it’s about community, collaboration, and the shared values that drive innovation and problem-solving. This session explores the broader implications of open source, emphasizing why licenses matter, how vibrant communities can achieve far more than technical solutions, and why we need to look beyond basic engagement strategies to realize their full potential. Drawing from years of experience in open-source leadership, including managing Suricata and other community-driven initiatives, this talk provides a holistic view of open source as a strategic force for change.

  Dr. Kelley Misata is a visionary leader and speaker in cybersecurity strategy, open source, and nonprofits. As Founder of Sightline Security, she empowers nonprofits to build robust cybersecurity. As President of OISF for over a decade, she strengthens global network security through Suricata, a premier open-source technology. Renowned for translating complex cybersecurity challenges into actionable solutions, Dr. Misata has transformed her journey as a cyberstalking survivor into advocacy for security, privacy, and open source practices. With a Ph.D. in Information Security from Purdue University and an Business Administration and Marketing degree from Bentley University, she exemplifies the fusion of expertise, passion, and leadership to address real-world threats and drive transformative change so security is accessible to everyone.
• 10:00

  Pierre Sarda - Nagravision
  Using DPI (Deep Packet Inspection) To Fight Against Content Privacy
  Deep Packet Inspection High-Speed Traffic Analysis

  This talk discusses howto use DPI (Deep Packet Inspection) To Fight Against Content Privacy

  More than 20 years involved at protecting audio-visual content & fighting piracy, then for a few years using Network information to help on that fight

 

• 10:30

  Coffee Break

 

• 11:00

  Adrian Ruoss and Aleksandra Haak - Alabus
  Active response system with ntopng+AbuseIP DB+Alabus
  Cybersecurity ntopng

  After a brief introduction to what alabus is and what it does, the presentation will demonstrate how, as an SME, we were able to achieve a high level of network security based on ntop, despite limited resources (personnel, time, and budget). This was accomplished through the use of the ntop API, external data sources (such as AbuseIPDB and DNS blocklists), smart aggregation of network alerts, and partially automated handling and blocking of attackers.

  Adrian Ruoss began his IT career in 1997 at Telecom PTT. Adrian Ruoss completed his degree as a Dipl. Ing FH in 2006 in Rapperswil and subsequently moved through various roles until he joined alabus ag. He is a member of the extended management team, responsible for development and operations as well as serving as CISO for alabus ag. In addition to his earlier technical certifications in networking (such as CCNA), he is currently furthering his education as an ICT Information Security Manager with a Swiss Federal Diploma.
  Aleksandra Haak has a technical background from her Apple training, solid experience as an insurance broker in consulting, and the development of tailored insurance solutions, as well as being a paralegal from ZHWA, Aleksandra Haak brings a unique combination of IT, insurance, and legal expertise. After several years of working directly with clients, she decided to channel her knowledge into joining the software company aalabus, specifically focused on the insurance market.
• 11:20

  Alfredo Cardigliano - ntop
  Squeezing Network Adapters: Tips and Tricks to Offload and Scale Up
  High-Speed Traffic Monitoring PF_RING

  Want to get the most out of your network adapters? This talk is packed with hands-on tips, clever tricks, and lesser-known techniques to push your NICs to the limits. From practical tweaks to advanced configurations, you’ll learn how to leverage on features provided by Intel, NVIDIa, and other (including FPGA-based) adapters to different use cases, whether you're chasing higher throughput or better scalability. If you're looking to unlock hidden performance and stretch your NICs further than you thought possible, this session is for you.

  Alfredo Cardigliano is Principal Engineer at ntop, where he leads the development of high-performance device drivers and network monitoring solutions. With 15 years of experience in network technologies and systems optimization, Alfredo specializes in creating scalable tools for real-time visibility and cybersecurity. He is a key contributor to several open-source projects and regularly speaks at industry events about network traffic analysis and efficient packet processing.
• 12:00

  Fabio Zambrino - CSCS
  400 Gbps Observability
  High-Speed Traffic Monitoring SmartNICs

  Monitoring and securing high-speed networks in High-Performance Computing (HPC) environments is a complex challenge. The massive data volumes and the strict performance requirements leave little room for traditional security tools. In this presentation, we will discuss how ntopng, is being deployed to monitor and respond to incidents in a production HPC infrastructure, impacting overall system performance the least possible.

  Fabio Zambrino is an IT Security Engineer at CSCS, specialising in digital forensics. Passionate about bridging the gap between innovation and security, Fabio focuses on deploying solutions that enhance detection and protection while maintaining the highest possible performance.

 

• 12:30

  Lunch Break

 

• 13:30

  Andreas Diedrich - Interview Network Solutions
  Sharkmon - monitor your shark data
  Wireshark

  This talks explains howto implement packet monitoring using Tshark Data using Sharkmon. Sharkmon uses parallel tshark processes to extract metrics from large volumes of pcap files, which are continuously imported from various sources. It supports flexible analysis profiles based on tshark filters, and applies anomaly detection across selected fields and protocols.

  Andreas is the founder of Interview Network Solutions and creator of Sharkmon, a tool designed to close the gap between traditional packet monitoring and deep inspection with Wireshark.
• 13:50

  Walter Hofstetter - AnyWeb
  Decoding Cyber Threats: Wireshark Tips and Tricks for Analyzing Suspicious Traffic Patterns
  Cyberecurity Wireshark

  Understand common attack patterns through analysis of decoded network traffic. Walter will cover different options for SSL interception, comparing browser-based and proxy-based. Identify and analyze various attack vectors, from scans to full exploits. Explore some plugins, connecting it with platforms like MISP (Malware Sharing Platform).

  Walter is a veteran in network and protocol analysis, having earned his stripes as a "Sniffer University Certified Instructor" from Network General in 1994. Throughout his career, he quickly advanced into the cybersecurity arena, where his expertise in protocols proved invaluable.
• 14:30

  Thomas Graf - Swisscom
  Transform and Innovate Network Operations with Network Analytics
  Network Anomaly Detection Network Telemetry

  In this presentation you learn what Network Telemetry metrics we collect, how we automate monitoring with Network Anomaly Detection, what analytical conclusions we draw from network incident postmortems and what role IETF standardization and industry collaboration plays in all of this.

  Thomas is a Distinguished Network Engineer and Network Analytics Architect at Swisscom.
  
• 15:00

  Ahmed Elhassany - Swisscom
  NetGauze: the open-source blocks for building resilient and scalable network telemetry platforms
  IPFIX/NetFlow Network Telemetry

  NetGauze is a rapidly maturing project that aims to provide a set of libraries for any network software engineer to build advanced network telemetry platforms. NetGauze is currently used to build the next-generation telemetry collection for NetFlow, IPFIX, BGP Monitoring Protocol (BMP), and YANG-Push In this talk, we present our motivation for building yet another telemetry platform, the design choices that set NetGauze apart, and our techniques for parsing and dissecting various networking protocols.

  Ahmed is a Tech Lead at Swisscom. Currently working on advancing the state of network telemetry and visibility. He works across the entire stack, from advancing protocols at the IETF to building scalable data collections in Rust and real-time anomaly detection systems using Apache Flink. Ahmed holds a PhD degree from ETH Zürich on intent-based methods and tools to operate computer networks more efficiently.
• 15:15

  Marco Graziano - Graziano Labs
  MCP Server Magic: Integrating ntopng with Large Language Models for Smarter Networks
  ntopng Artificial Intelligence

  The presentation explores how integrating network monitoring tools like ntopng with Large Language Models can transform security analysis through multi-agent architectures.

  Marco Graziano is an entrepreneur, engineer, and technologist dedicated to solving meaningful problems. As a tech founder with strong engineering skills and a management background, he has a proven track record of delivering novel products to market, with leadership experience spanning the entire product lifecycle. Marco maintains hands-on development expertise across multiple technologies while building world-class teams and quality products. His technical specialties include Blockchain and Web3, IoT, Cloud Computing, Networking, Security, Computer Vision, Operating Systems, Linux Kernel, and Machine Learning. With experience in startup formation, bootstrapping, and skunk works initiatives, Marco combines core engineering skills with business acumen to drive innovation. He is passionate about Web3, blockchain, alternative proteins, networks, computer vision, biotechnology, energy, automotive technologies, vegan food, and electric vehicles.

 

• 15:30

  Coffee Break

 

• 16:00

  Walter Hofstetter - AnyWeb, Gabriele Deri - ntop
  How AI Will Improve Network Traffic Analysis?
  Artificial Intelligence

  Walter will discuss and demonstrate practical (and less practical) examples of leveraging AI to support your network and security analysis tasks, highlighting both benefits and limitations. Gabriele provides some insides on the next steps for AI in ntopng.

  Walter is a veteran in network and protocol analysis, having earned his stripes as a "Sniffer University Certified Instructor" from Network General in 1994. Throughout his career, he quickly advanced into the cybersecurity arena, where his expertise in protocols proved invaluable.
   
  Gabriele is a Computer Science Master's student specializing in ICT Solutions Architecture and a Junior Software Developer at ntop. Passionate about new technology, automation, and pattern recognition.
• 16:45

  Gerald Combs, Wireshark Foundation
  Wiresharchaeology: How it started and where we're headed
  Wireshark

  Wireshark started out as a tool that supported a handful of protocols and two operating systems. Over the years we have adapted our code, infrastructure, and sponsorship model to match the needs of our user and developer communities, and Wireshark is now used by millions of people around the world to keep their networks fast, reliable, and secure. In this talk Gerald Combs, the project's creator and lead developer will cover the history of Wireshark, lessons learned along the way, and discuss possible future directions.

  Gerald is the creator and lead developer of Wireshark. Works at Sysdig.
• 17:30

  End of Day 1

 

Day 2: Friday May 9th

• 9:00

  Rolf Leutert - Leutert NetServices
  Wireshark, the 7 Senses Packet Detective
  Wireshark TCP/IP

  A brief look back at 40 years of network analysis & management. Introducing new Wireshark features. Filtering, Wireshark's most versatile feature. The TCP Expert, a powerful assistant for isolating network errors (use case).

  In 1984, Rolf began working for Swissair airline. His first task was setting up a broadband network for passenger information at Zurich Airport. In 1988, he took over as head of the LAN group. His team planned and implemented Zurich Airport's local LAN (Token Ring), at the time the largest in Europe. In 1999, his team implemented the first WLAN for aircraft handling personnel. In 1995, Rolf began as the first sniffer trainer in Europe and switched to first Wireshark trainer in 2006.
• 9:45

  Mischa Diehm - Narrowin
  Building Digital Twins with Containerlab: Using ntop Tools and Wireshark for Advanced Network Traffic Analysis
  ntopng Wireshak

  We will explore how to create fast, sharable and realistic labs of network infrastructures using Containerlab, enabling rapid experimentation and safe validation of new configurations. Attendees will see how to attach ntop tools for traffic analysis and Wireshark for live packet inspection, gaining clear visibility into network behaviors. By replicating production environments in a controlled lab, participants will learn to streamline troubleshooting, optimize configurations, and ultimately strengthen their network’s resilience and scalability.

  After many technical years, among others at a German firewall manufacturer and at the computer center of the University of Basel, Mischa deals with responsible organizations and the sensible, appreciative use of resources. The principle "Focus on purpose over profits" appeals him very much hoping that together we will manage to make this a general principle.

 

• 10:15

  Coffee Break

 

• 10:45

  Ivan Nardi - AI2M
  First Packet Classification, Fingerprints and Obfuscated Flows Detection in nDPI
  Traffic Classification nDPI

  Deep Packet Inspection is a complex technology with a lot of technical low-level details, which can be difficult to follow or to fully understand. Therefore in this talk we will focus instead on some practical, real life problems that the latest nDPI versions can easily help you to solve. Particular attention will be paid to First Packet Classification and to detection of obfuscated traffic.

  Ivan is a network and software engineer at AI2M, where they develop data retention and traffic analysis systems. He has been involved in DPI for more than 10 years and he is helping with developing and maintaining nDPI.
• 11:20

  Martin Scheu - Switch
  Unfold the OT Network Jungle
  OT/SCADA

  OT networks are often thought to be static, but they are more dynamic than they seem. Devices change, new connections appear, and interactions with IT systems increase. On top of that, many OT environments have remote access connections — for support, maintenance, or from system integrators — which adds even more complexity. To stay in control, it’s important to focus on key security aspects: understanding what goes in and out of the OT network, knowing all internet-facing points, and having relevant logs. This presentation will show how monitoring traffic between firewalls and the internet, as well as between IT and OT networks, can help make sense of the network and reduce blind spots.

  Martin Scheu works at Switch CERT, where he supports critical infrastructure operators in the field of OT security. His focus is on helping organizations improve their visibility, understand their networks, and respond to security challenges in industrial environments.
• 11:50

  Raphael Vallazza - Endian
  Building a Unified Cybersecurity Platform for IT & OT
  OT Cybersecurity

  As IT and OT networks converge, a unified approach to cybersecurity is essential. This talk presents the development of a platform that bridges both worlds, with a focus on how ntop technologies were integrated to enhance traffic visibility and threat detection. Key takeaways include architecture insights, integration challenges, and lessons learned in securing complex, hybrid environments.

  Raphael Vallazza, Co-Founder and CEO of Endian, discovered his passion for technology at age seven with a C64, started coding at twelve, and sold his first software by fourteen. A Linux enthusiast since high school, he combined his interests in networking and cybersecurity to found Endian in 2003 in Appiano, South Tyrol. Beyond tech, Raphael is passionate about music, plays guitar, and has a keen interest in finance.

 

• 12:20

  Lunch Break

 

• 13:20

  Piotr Kałuża - Sycope
  How to use nProbe DPI and Sycope to improve security in every company
  NetFlow Cybersecurity

  Sycope is a network monitoring tool which use the NetFlow data to provide visibility into network traffic and detect security anomalies and threats. Although Sycope can use different versions of NetFlow the enhanced NetFlow provided by nProbe can really improve the detection and help with in deepth analysis. The presentation will show how the integration of both systems can take the traffic observability and threat hunting to higher level.

  Piotr is a veteran with 15+ Years of experience in IT Security and Network Monitoring.
• 13:50

  Rolf Leutert - Leutert NetServices, Walter Hofstetter - AnyWeb
  What if Packets are not Enough ?
  Stratoshark System Monitoring

  Using Stratoshark, you can capture network activity on your Linux machine- including containerized workloads - and analyze it directly in the familiar Wireshark GUI. Walter and Rolf will present a live demo demonstrating how to simultaneously capture network packets and record system calls, as well as explore additional methods for adding valuable system-level context to your Wireshark traces.

  In 1984, Rolf began working for Swissair airline. His first task was setting up a broadband network for passenger information at Zurich Airport. In 1988, he took over as head of the LAN group. His team planned and implemented Zurich Airport's local LAN (Token Ring), at the time the largest in Europe. In 1999, his team implemented the first WLAN for aircraft handling personnel. In 1995, Rolf began as the first sniffer trainer in Europe and switched to first Wireshark trainer in 2006.
   
  Walter is a veteran in network and protocol analysis, having earned his stripes as a "Sniffer University Certified Instructor" from Network General in 1994. Throughout his career, he quickly advanced into the cybersecurity arena, where his expertise in protocols proved invaluable.
• 14:20

  Matteo Biscosi - ntop
  Advanced Network Analysis Using ntopng
  ntopng

  Thi talk introduces the latest features and innovations introduced in the latest ntopng version.

  Graduated at the University of Pisa in Software Engineering, Matteo has been working for 5 years in ntop as a Software Engineer, both as a front-end and back-end Developer
• 14:50

  Luca Deri - ntop
  25+ Years of Open Source: ntop past and future plans
  Open Source ntop

  In this talk Luca will go through the historty of ntop, describe why this project was created and what problem tracked. It will give an overview of the technolody creared through the years and how is has been used in the industry and in the opensource world. Finally it gives and overview of the current developments and open challenges.

  Luca is the founder of ntop. Well-known in the open-source and Linux community, he currently shares his time between the ntop project and the University of Pisa where he has been appointed as a lecturer at the CS department.

 

• 15:30

  Coffee Break

 

• 16:00

  Roundtable/Panel
  Panelists: Criznic Petru Ciprian - Sunrise, Giordano Zambelli - VerXo, Mischa Diehm - Narrowin, Ahmed Elhassany - Swisscom

  Criznic Petru Ciprian has a egree in Electronics and Telecommunications Systems Engineering. Currently Lead DevNet Engineer at Sunrise, with 12 years of experience specializing in IP Network Visibility and Automation.

  What's Next in Traffic Monitoring and Packet Analysis ? Open Issues and Future Opportunities.
  Community Discussion
• 17:00

  Closing Remarks