One Day Left to get an iPad Pro with Smart Keyboard, HP ProBook, or $350 Off with OnDemand & vLive!


To attend this webcast, login to your SANS Account or create your Account.

Scapy and Snort, Packet Peanut Butter and Jelly

  • Wednesday, May 18th, 2016 at 1:00 PM EDT (17:00:00 UTC)
  • Mike Poor and Judy Novak
This webcast has been archived. You can view the webcast presentation and download the slides by logging into your SANS Portal Account or creating an Account. Click the Register Now button after you have logged in to view the Webcast.

You can now attend the webcast using your mobile device!


Scapy is a Python library that takes packet crafting from an arcane science to an intuitive user-friendly language. This webcast will discuss how Scapy can be combined with Snort to help you craft packets to use with Snort testing. You will also realize the power of Scapy and how it can be used for many different crafting scenarios.

Speaker Bios

Mike Poor

Mike is a founder and Senior Security Analyst for the DC firm Intelguardians LLC. In his recent past life he has worked for Sourcefire, as a research engineer, and for the SANS Institute leading their Intrusion Analysis Team. As a consultant, Mike conducts forensic analysis, penetration tests, vulnerability assessments, security audits and architecture reviews. His primary job focus however is in intrusion detection, response, and mitigation. Mike currently holds both GSEC and GCIA certifications and is an expert in network engineering and systems, network and web administration. Mike is an author of the international best selling Snort 2.1 book from Syngress, and is a Handler for the Internet Storm Center.

Judy Novak

Judy Novak is a senior SANS instructor with more than 15 years of experience in intrusion detection and analysis of network traffic, and a passion for performing research on IDS evasions. She served as a principal research engineer on the Vulnerability Research Team for Sourcefire, supporting Snort rules development and testing as well as research of IP and TCP reassembly, and performing competitive analysis.

Judy got her introduction into the world of cybersecurity and traffic analysis working on a Department of Defense computer incident and response team. She is the author of the SANS course SE503: Intrusion Detection In-Depth, and the co-author with Stephen Northcutt of Network Intrusion Detection - An Analysts Handbook (2nd/3rd Edition). In 2010, Judy received a SANS Lifetime Achievement award.

Follow Judy on Twitter @Judy_Novak

Need Help? Visit our FAQ page or email

Not able to attend a SANS webcast? All Webcasts are archived so you may view and listen at a time convenient to your schedule. View our webcast archive and access webcast recordings/PDF slides.