Don't Miss: MacBook Air, Surface Pro 7, or $350 Off with SANS Online Training - Register Now!

Open-Source Intelligence Summit - Live Online

Virtual, US Eastern | Mon, Feb 8 - Sat, Feb 20, 2021

Get a 13" MacBook Air, a Microsoft Surface Pro 7, or Take $350 Off with ANY qualifying 5- or 6-Day Course through December 9.

View offer details for special codes to use during registration.

SEC583: Crafting Packets New

Mon, February 8, 2021

Course Syllabus  ·  6 CPEs  ·   Lab Requirements
Instructor: Andrew Laman  ·  Price: 1,050 USD

Have you ever implemented a new firewall policy, IDS/IPS rule, or next generation feature but didn't have any traffic to test it? Why not create your own?

Crafting packets is an incredibly powerful skill for any security analyst, network engineer or system administrator. It can be used to test firewalls policies, IDS/IPS rules, host/server settings, application configurations, and much more. Creating packets will also help you learn to better understand TCP/IP and application protocols.

SEC583 is a one-day, hands-on course designed to teach you how to craft packets. It starts with an overview of packet crafting, a quick review of protocol layers in the TCP/IP model and an introduction to Scapy, a powerful packet crafting tool. The course quickly dives into manipulating packets in pcap files as well as packets on the network. You will craft packets to test an application server's behavior and build a DNS sinkhole. The course finishes with building reusable Python modules that can be used to establish and gracefully end TCP connections.

This is a lab heavy class with numerous hands-on activities creating and manipulating packets.

Course Syllabus

Andrew Laman
Mon Feb 8th, 2021
9:00 AM - 12:15 PM ET
1:30 PM - 5:00 PM ET

  • Crafting and sending packets
  • Changing IP addresses
  • Researching Protocols: Syslog
  • Researching Protocols: DNS
  • Sniffing and Sinkholes
  • TCP Sessions

CPE/CMU Credits: 6

  • Why craft packets?
  • Installing and using Scapy
  • Crafting packet layers
  • Sending and saving crafted packets
  • Reading and manipulating packets in pcap files
  • Researching protocols
  • Capturing packets
  • Transmission Control Protocol (TCP)

Additional Information

Important! Bring your own system configured according to these instructions!

We ask that you do 5 things to prepare prior to class start. This early preparation will allow you to get the most out of your training. One of those five steps is ensuring that you bring a properly configured system to class. This document details the required system hardware and software configuration for your class. You can also watch a series of short videos on these topics at the following web link

A properly configured system is required to fully participate in this course. If you do not carefully read and follow these instructions, you will likely leave the class unsatisfied because you will not be able to participate in hands-on exercises that are essential to this course. Therefore, we strongly urge you to arrive with a system meeting all the requirements specified for the course.

You will need to run two copies of the supplied Linux VMware images on your laptop for the hands-on exercises that will be performed in class. Some familiarity and comfort with Linux and entering commands via the command line will facilitate your experience with the hands-on exercises.

You can use any version of Windows, Mac OSX, or Linux, as long as your core operating system can install and run current VMware virtualization products. You also must have 8 GB of RAM or higher for the VM to function properly in the class, in addition to at least 40 gigabytes of free hard disk space.

Please download and install one of the following: VMware Workstation or VMware Fusion on your system prior to the beginning of the class. If you do not own a licensed copy of VMware Workstation or VMware Fusion, you can download a free 30-day trial copy from VMware. VMware will send you a time-limited serial number if you register for the trial on its website.

Mandatory Laptop Hardware Requirements

x86- or x64-compatible 2.0 GHz CPU minimum or higher

8GB RAM or higher

40 GB free hard drive space

Windows 7/8/10, Mac OS X, or Linux -- any type

VMWare Workstation, Fusion, or Player, as stated above

Wireless Ethernet 802.11 B/G/N/AC

Do not bring a laptop with sensitive data stored on it. SANS is not responsible if your laptop is compromised.

By bringing the right equipment and preparing in advance, you can maximize what you will learn and have a lot of fun.

If you have additional questions about the laptop specifications, please contact

  • Security analysts
  • Network engineers / administrators
  • Anyone interested in crafting packets
  • Students should have at least a working knowledge of TCP/IP
  • Familiarity and comfort with the use of Linux
  • Electronic Courseware
  • Electronic Workbook with hands-on exercises and questions
  • Linux virtual machine

This one-day course is packed full of labs creating and manipulating packets. There are six hands-on labs in SEC583 that cover the following skills:

  • Creating and sending crafted packets
  • Modifying packets in a pcap file
  • Researching protocols
  • Sniffing and manipulating packets in transit
  • Establishing and gracefully shutting down TCP conversations

Author Statement

"Packet Crafting! If I were a superhero, this would be my superpower. Throughout my security career in both blue team and red team roles, I have found the ability to manipulate packets a crucial skill. Crafting packets provides valuable insight into how a particular protocol or system works, allowing you to test your defenses or exploit vulnerabilities. Join me in SANS SEC583 to build your packet crafting skills, knowledge and confidence ... and well, because crafting packets is fun!" -Andy Laman