Develop invaluable cybersecurity skills through interactive training during SANS 2021 - Live Online. Register now.

Stay Sharp: Europe March 2021 - Live Online

Virtual, Central European Time | Mon, Mar 15 - Thu, Mar 25, 2021

SEC583: Crafting Packets New

Mon, March 15 - Tue, March 16, 2021

 Watch a free preview of this course

Course Syllabus  ·  6 CPEs  ·   Lab Requirements
Instructor: Andrew Laman  ·  Price: 975 EUR

Have you ever implemented a new firewall policy, IDS/IPS rule, or next generation feature but didn't have any traffic to test it? Why not create your own?

Crafting packets is an incredibly powerful skill for any security analyst, network engineer or system administrator. It can be used to test firewalls policies, IDS/IPS rules, host/server settings, application configurations, and much more. Creating packets will also help you learn to better understand TCP/IP and application protocols.

SEC583 is a one-day, hands-on course designed to teach you how to craft packets. It starts with an overview of packet crafting, a quick review of protocol layers in the TCP/IP model and an introduction to Scapy, a powerful packet crafting tool. The course quickly dives into manipulating packets in pcap files as well as packets on the network. You will craft packets to test an application server's behavior and build a DNS sinkhole. The course finishes with building reusable Python modules that can be used to establish and gracefully end TCP connections.

This is a lab heavy class with numerous hands-on activities creating and manipulating packets.

Course Syllabus

  • Crafting and sending packets
  • Changing IP addresses
  • Researching Protocols: Syslog
  • Researching Protocols: DNS
  • Sniffing and Sinkholes
  • TCP Sessions

CPE/CMU Credits: 6

  • Why craft packets?
  • Installing and using Scapy
  • Crafting packet layers
  • Sending and saving crafted packets
  • Reading and manipulating packets in pcap files
  • Researching protocols
  • Capturing packets
  • Transmission Control Protocol (TCP)
Date Time Instructor
Mon Mar 15th, 20211:00 PM - 5:00 PM CET
Andrew Laman
Tue Mar 16th, 20211:00 PM - 5:00 PM CET
Andrew Laman

Additional Information

Important! Bring your own system configured according to these instructions!

A properly configured system is required to fully participate in this course. If you do not carefully read and follow these instructions, you will likely leave the class unsatisfied because you will not be able to participate in hands-on exercises that are essential to this course. Therefore, we strongly urge you to arrive with a system meeting all the requirements specified for the course.

You will need to run two copies of the supplied Linux VMware images on your laptop for the hands-on exercises that will be performed in class. Some familiarity and comfort with Linux and entering commands via the command line will facilitate your experience with the hands-on exercises.

You can use any version of Windows, Mac OSX, or Linux, as long as your core operating system can install and run current VMware virtualization products. You also must have 8 GB of RAM or higher for the VM to function properly in the class, in addition to at least 40 gigabytes of free hard disk space.

Please download and install one of the following: VMware Workstation or VMware Fusion on your system prior to the beginning of the class. If you do not own a licensed copy of VMware Workstation or VMware Fusion, you can download a free 30-day trial copy from VMware. VMware will send you a time-limited serial number if you register for the trial on its website.

Mandatory Laptop Hardware Requirements

x86- or x64-compatible 2.0 GHz CPU minimum or higher

8GB RAM or higher

40 GB free hard drive space

Windows 7/8/10, Mac OS X, or Linux -- any type

VMWare Workstation, Fusion, or Player, as stated above

Wireless Ethernet 802.11 B/G/N/AC

Do not bring a laptop with sensitive data stored on it. SANS is not responsible if your laptop is compromised.

By bringing the right equipment and preparing in advance, you can maximize what you will learn and have a lot of fun.

If you have additional questions about the laptop specifications, please contact

  • Security analysts
  • Network engineers / administrators
  • Anyone interested in crafting packets
  • Students should have at least a working knowledge of TCP/IP
  • Familiarity and comfort with the use of Linux
  • Electronic Courseware
  • Electronic Workbook with hands-on exercises and questions
  • Linux virtual machine

This one-day course is packed full of labs creating and manipulating packets. There are six hands-on labs in SEC583 that cover the following skills:

  • Creating and sending crafted packets
  • Modifying packets in a pcap file
  • Researching protocols
  • Sniffing and manipulating packets in transit
  • Establishing and gracefully shutting down TCP conversations

Author Statement

"Packet Crafting! If I were a superhero, this would be my superpower. Throughout my security career in both blue team and red team roles, I have found the ability to manipulate packets a crucial skill. Crafting packets provides valuable insight into how a particular protocol or system works, allowing you to test your defenses or exploit vulnerabilities. Join me in SANS SEC583 to build your packet crafting skills, knowledge and confidence ... and well, because crafting packets is fun!" -Andy Laman