What You Will Learn
Have you ever implemented a new firewall policy, IDS/IPS rule, or next generation feature but didn't have any traffic to test it? Why not create your own?
Crafting packets is an incredibly powerful skill for any security analyst, network engineer or system administrator. It can be used to test firewalls policies, IDS/IPS rules, host/server settings, application configurations, and much more. Creating packets will also help you learn to better understand TCP/IP and application protocols.
SEC583 is a one-day, hands-on course designed to teach you how to craft packets. It starts with an overview of packet crafting, a quick review of protocol layers in the TCP/IP model and an introduction to Scapy, a powerful packet crafting tool. The course quickly dives into manipulating packets in pcap files as well as packets on the network. You will craft packets to test an application server's behavior and build a DNS sinkhole. The course finishes with building reusable Python modules that can be used to establish and gracefully end TCP connections.
This is a lab heavy class with numerous hands-on activities creating and manipulating packets.
Syllabus (6 CPEs)
- Crafting and sending packets
- Changing IP addresses
- Researching Protocols: Syslog
- Researching Protocols: DNS
- Sniffing and Sinkholes
- TCP Sessions
- Why craft packets?
- Installing and using Scapy
- Crafting packet layers
- Sending and saving crafted packets
- Reading and manipulating packets in pcap files
- Researching protocols
- Capturing packets
- Transmission Control Protocol (TCP)
- Students should have at least a working knowledge of TCP/IP
- Familiarity and comfort with the use of Linux
IMPORTANT - BRING YOUR OWN LAPTOP
You will need to run two copies of the supplied Linux VMware images on your laptop for the hands-on exercises that will be performed in class. Some familiarity and comfort with Linux and entering commands via the command line will facilitate your experience with the hands-on exercises.
You can use any version of Windows, Mac OSX, or Linux, as long as your core operating system can install and run current VMware virtualization products. You also must have 8 GB of RAM or higher for the VM to function properly in the class, in addition to at least 40 gigabytes of free hard disk space.
Please download and install one of the following: VMware Workstation or VMware Fusion on your system prior to the beginning of the class. If you do not own a licensed copy of VMware Workstation or VMware Fusion, you can download a free 30-day trial copy from VMware. VMware will send you a time-limited serial number if you register for the trial on its website.
Mandatory Laptop Hardware Requirements
x86- or x64-compatible 2.0 GHz CPU minimum or higher
8GB RAM or higher
40 GB free hard drive space
Windows 7/8/10, Mac OS X, or Linux -- any type
VMWare Workstation, Fusion, or Player, as stated above
Wireless Ethernet 802.11 B/G/N/AC
Do not bring a laptop with sensitive data stored on it. SANS is not responsible if your laptop is compromised.
By bringing the right equipment and preparing in advance, you can maximize what you will learn and have a lot of fun.
"Packet Crafting! If I were a superhero, this would be my superpower. Throughout my security career in both blue team and red team roles, I have found the ability to manipulate packets a crucial skill. Crafting packets provides valuable insight into how a particular protocol or system works, allowing you to test your defenses or exploit vulnerabilities. Join me in SANS SEC583 to build your packet crafting skills, knowledge and confidence ... and well, because crafting packets is fun!" -Andy Laman