Join us at the Rocky Mountain Hackfest, Live Online!! Virtual summit and courses take place June 4-13.


To attend this webcast, login to your SANS Account or create your Account.

This webcast has been archived. To view the webcast login into your SANS Portal Account or create an account by clicking the "Get Registered" button on the right.Once you register, you can download the presentaion slides below.

Scapy and Snort, Packet Peanut Butter and Jelly

  • Wednesday, May 18, 2016 at 1:00 PM EDT (2016-05-18 17:00:00 UTC)
  • Judy Novak, Mike Poor

You can now attend the webcast using your mobile device!



Scapy is a Python library that takes packet crafting from an arcane science to an intuitive user-friendly language. This webcast will discuss how Scapy can be combined with Snort to help you craft packets to use with Snort testing. You will also realize the power of Scapy and how it can be used for many different crafting scenarios.

Speaker Bios

Mike Poor

Mike is a founder and Senior Security Analyst for the DC firm Intelguardians LLC. In his recent past life he has worked for Sourcefire, as a research engineer, and for the SANS Institute leading their Intrusion Analysis Team. As a consultant, Mike conducts forensic analysis, penetration tests, vulnerability assessments, security audits and architecture reviews. His primary job focus however is in intrusion detection, response, and mitigation. Mike currently holds both GSEC and GCIA certifications and is an expert in network engineering and systems, network and web administration. Mike is an author of the international best selling Snort 2.1 book from Syngress, and is a Handler for the Internet Storm Center.

Judy Novak

Judy Novak is a senior SANS instructor with more than 15 years of experience in intrusion detection and analysis of network traffic, and a passion for performing research on IDS evasions. She served as a principal research engineer on the Vulnerability Research Team for Sourcefire, supporting Snort rules development and testing as well as research of IP and TCP reassembly, and performing competitive analysis.

Judy got her introduction into the world of cybersecurity and traffic analysis working on a Department of Defense computer incident and response team. She is the author of the SANS course SE503: Intrusion Detection In-Depth, and the co-author with Stephen Northcutt of Network Intrusion Detection - An Analysts Handbook (2nd/3rd Edition). In 2010, Judy received a SANS Lifetime Achievement award.

Follow Judy on Twitter @Judy_Novak

Need Help? Visit our FAQ page or email

Not able to attend a SANS webcast? All Webcasts are archived so you may view and listen at a time convenient to your schedule. View our webcast archive and access webcast recordings/PDF slides.