Best Offers Of The Year Are Here with SANS OnDemand Cybersecurity Training - Learn More

SEC583: Crafting Packets Beta

Find ways to take this course: Online
Course Syllabus  ·  6 CPEs  ·   Laptop Requirements

Have you ever implemented a new firewall policy, IDS/IPS rule, or next generation feature but didn't have any traffic to test it? Why not create your own?

Crafting packets is an incredibly powerful skill for any security analyst, network engineer or system administrator. It can be used to test firewalls policies, IDS/IPS rules, host/server settings, application configurations, and much more. Creating packets will also help you learn to better understand TCP/IP and application protocols.

SEC583 is a one-day, hands-on course designed to teach you how to craft packets. It starts with an overview of packet crafting, a quick review of protocol layers in the TCP/IP model and an introduction to Scapy, a powerful packet crafting tool. The course quickly dives into manipulating packets in pcap files as well as packets on the network. You will craft packets to test an application server's behavior and build a DNS sinkhole. The course finishes with building reusable Python modules that can be used to establish and gracefully end TCP connections.

This is a lab heavy class with numerous hands-on activities creating and manipulating packets.

Course Syllabus

  • Crafting and sending packets
  • Changing IP addresses
  • Researching Protocols: Syslog
  • Researching Protocols: DNS
  • Sniffing and Sinkholes
  • TCP Sessions

CPE/CMU Credits: 6

  • Why craft packets?
  • Installing and using Scapy
  • Crafting packet layers
  • Sending and saving crafted packets
  • Reading and manipulating packets in pcap files
  • Researching protocols
  • Capturing packets
  • Transmission Control Protocol (TCP)

Additional Information


You will need to run two copies of the supplied Linux VMware images on your laptop for the hands-on exercises that will be performed in class. Some familiarity and comfort with Linux and entering commands via the command line will facilitate your experience with the hands-on exercises.

You can use any version of Windows, Mac OSX, or Linux, as long as your core operating system can install and run current VMware virtualization products. You also must have 8 GB of RAM or higher for the VM to function properly in the class, in addition to at least 40 gigabytes of free hard disk space.

Please download and install one of the following: VMware Workstation or VMware Fusion on your system prior to the beginning of the class. If you do not own a licensed copy of VMware Workstation or VMware Fusion, you can download a free 30-day trial copy from VMware. VMware will send you a time-limited serial number if you register for the trial on its website.

Mandatory Laptop Hardware Requirements

x86- or x64-compatible 2.0 GHz CPU minimum or higher

8GB RAM or higher

40 GB free hard drive space

Windows 7/8/10, Mac OS X, or Linux -- any type

VMWare Workstation, Fusion, or Player, as stated above

Wireless Ethernet 802.11 B/G/N/AC

Do not bring a laptop with sensitive data stored on it. SANS is not responsible if your laptop is compromised.

By bringing the right equipment and preparing in advance, you can maximize what you will learn and have a lot of fun.

If you have additional questions about the laptop specifications, please contact

  • Security analysts
  • Network engineers / administrators
  • Anyone interested in crafting packets
  • Students should have at least a working knowledge of TCP/IP
  • Familiarity and comfort with the use of Linux
  • Electronic Courseware
  • Electronic Workbook with hands-on exercises and questions
  • Linux virtual machine

This one-day course is packed full of labs creating and manipulating packets. There are six hands-on labs in SEC583 that cover the following skills:

  • Creating and sending crafted packets
  • Modifying packets in a pcap file
  • Researching protocols
  • Sniffing and manipulating packets in transit
  • Establishing and gracefully shutting down TCP conversations

Additional Resources

Take your learning beyond the classroom. Explore our site network for additional resources related to this course's subject matter.

Find ways to take this course