101 - First Steps in Protocol Design with Python and Scapy

Why this course?

Seeing network traffic is not the same as understanding it. Wireshark shows you packets, but do you really know what’s happening?

This course teaches you how to capture, analyze and build network traffic with Python and Scapy. It’s not abstract theory: you’ll create real tools you can use immediately.

Dani García has experience in network security in data centers of major operators, and has created hacking tools that are still in use. Here he shares that knowledge in a practical and direct way.

By the end of the course, you’ll have created two complete tools: a DNS anomaly detector and a multi-threaded interceptor. Real code that works.

What you’ll learn

• Scapy fundamentals: Installation, interactive mode and first steps
• OSI and TCP/IP model: Understanding layers and protocol compatibility
• Sending and receiving packets: From layer 2 to layer 7
• Wireshark as an ally: Integration with tcpdump and tshark
• Traffic interception: Sniff function with advanced filters
• Advanced scripting: Automation and multi-threaded tools
• DNS anomaly detector: Your first security tool (43 lines)
• Multi-threaded interceptor: Simultaneous capture and traffic generation

Curriculum

Chapter 1: Introduction

• Who is this for? (free)
• What is Scapy and its advantages

Chapter 2: TL;DR - Basic Concepts

• Installation on different operating systems
• OSI and TCP/IP model
• Protocol compatibility

Chapter 3: First Steps with Scapy

• Interactive mode
• Sending your first packet
• Sending and receiving information (2 parts)
• Useful functions

Chapter 4: Wireshark as an Advanced Tool

• Introduction to Wireshark, tcpdump and tshark
• Practical work with Wireshark
• Wireshark dissectors

Chapter 5: Traffic Interception

• Sniff function
• Parameters: FILTER, LFILTER, STOP_FILTER, PRN
• Offline mode

Chapter 6: Scripting with Scapy

• Introduction to scripting
• Basic scripts
• Complete tools
• Working with threads

Practical Projects

Tool 1: DNS Anomaly Detector

• Fuzzing DNS servers
• Anomaly detection
• Only 43 lines of functional code

Tool 2: Multi-threaded Interceptor

• Real-time interception
• Simultaneous traffic generation
• Thread synchronization

Who is this for?

• Python developers who want to explore network security
• System administrators who need diagnostic tools
• Security researchers who analyze protocols
• CTF enthusiasts who want to improve in network challenges
• Pentesters who need to create custom tools

Prerequisites

• Basic Python knowledge (intermediate level)
• Familiarity with basic network concepts (IP, TCP, UDP)
• Compatible with Linux, macOS and Windows

What’s included

• Over 2 hours of practical video straight to the point
• Code examples ready to use
• Scripts and utilities you can adapt
• Access on mobile app and TV to study wherever you want
• Lifetime access with no expiration
• Free updates with new content