SEC583: Crafting Packets

SEC583 is a one-day, lab-heavy course designed to teach the powerful skill of how to craft and manipulate packets through the use of many hands-on activities. This skill can be used to test policies, behaviours, and configurations and will also provide deeper understanding of TCP/IP and application protocols.

What You Will Learn
Have you ever implemented a new firewall policy, IDS/IPS rule, or next generation feature but didn't have any traffic to test it? Why not create your own?

Crafting packets is an incredibly powerful skill for any security analyst, network engineer or system administrator. It can be used to test firewalls policies, IDS/IPS rules, host/server settings, application configurations, and much more. Creating packets will also help you learn to better understand TCP/IP and application protocols.

SEC583 is a one-day, hands-on course designed to teach you how to craft packets. It starts with an overview of packet crafting, a quick review of protocol layers in the TCP/IP model and an introduction to Scapy, a powerful packet crafting tool. The course quickly dives into manipulating packets in pcap files as well as packets on the network. You will craft packets to test an application server's behavior and build a DNS sinkhole. The course finishes with building reusable Python modules that can be used to establish and gracefully end TCP connections.

This is a lab heavy class with numerous hands-on activities creating and manipulating packets.

Syllabus (6 CPEs)
SEC583.1: Crafting packets

Prerequisites

• Students should have at least a working knowledge of TCP/IP
• Familiarity and comfort with the use of Linux
• Laptop Requirements
• Important! Bring your own system configured according to these instructions!

A properly configured system is required to fully participate in this course. If you do not carefully read and follow these instructions, you will likely leave the class unsatisfied because you will not be able to participate in hands-on exercises that are essential to this course. Therefore, we strongly urge you to arrive with a system meeting all the requirements specified for the course.

You will need to run two copies of the supplied Linux VMware images on your laptop for the hands-on exercises that will be performed in class. Some familiarity and comfort with Linux and entering commands via the command line will facilitate your experience with the hands-on exercises.

You can use any version of Windows, Mac OSX, or Linux, as long as your core operating system can install and run current VMware virtualization products. Note: Apple systems using the M1 processor cannot perform the necessary virtualization at this time and cannot be used for this course. You also must have 8 GB of RAM or higher for the VM to function properly in the class, in addition to at least 40 gigabytes of free hard disk space.

Please download and install one of the following: VMware Workstation or VMware Fusion on your system prior to the beginning of the class. If you do not own a licensed copy of VMware Workstation or VMware Fusion, you can download a free 30-day trial copy from VMware. VMware will send you a time-limited serial number if you register for the trial on its website.

Mandatory Laptop Hardware Requirements

x86- or x64-compatible 2.0 GHz CPU minimum or higher

8GB RAM or higher

40 GB free hard drive space

Windows 7/8/10, Mac OS X, or Linux -- any type

VMWare Workstation, Fusion, or Player, as stated above

Wireless Ethernet 802.11 B/G/N/AC

Do not bring a laptop with sensitive data stored on it. SANS is not responsible if your laptop is compromised.

By bringing the right equipment and preparing in advance, you can maximize what you will learn and have a lot of fun.

Author Statement
"Packet Crafting! If I were a superhero, this would be my superpower. Throughout my security career in both blue team and red team roles, I have found the ability to manipulate packets a crucial skill. Crafting packets provides valuable insight into how a particular protocol or system works, allowing you to test your defenses or exploit vulnerabilities. Join me in SANS SEC583 to build your packet crafting skills, knowledge and confidence ... and well, because crafting packets is fun!" -Andy Laman

Ways to Learn
OnDemand
Study and prepare for GIAC Certification with four months of online access to SANS OnDemand courses. Includes labs and exercises, and SME support.

Live Online
Live, interactive sessions with SANS instructors over the course of one or more weeks, at times convenient to students worldwide.

Who Should Attend SEC583?
Security analysts
Network engineers / administrators
Anyone interested in crafting packets