Which tools are required for this skill?

This skill utilizes industry-standard network tools including Wireshark, tshark, and tcpdump, along with Python libraries like Scapy and PyShark for automated analysis.

How does the skill detect malware beaconing?

It uses Python scripts to calculate the time variance and average intervals between packets, identifying the highly regular communication patterns typical of automated malware.

Can it analyze encrypted HTTPS traffic?

It can analyze TLS handshakes and extract Server Name Indication (SNI) data. Full payload decryption requires providing the relevant RSA private keys or SSL/TLS session secret logs.

Is this skill suitable for live network monitoring?

While it includes commands for capturing live traffic via tcpdump, its primary strength lies in the forensic analysis of recorded capture files (PCAP/PCAPNG).

Network Packet Analysis & Forensics

Name: Network Packet Analysis & Forensics
Author: micsapp

bymicsapp

0•

Seguridad y Pruebas

Performs deep packet inspection and forensic analysis of network traffic to identify security threats, data exfiltration, and malicious communications.

This skill empowers Claude to act as a digital forensics expert by providing specialized workflows for analyzing PCAP and PCAPNG files. It offers a comprehensive framework for using industry-standard tools like Wireshark, tshark, and tcpdump to reconstruct network conversations, extract transferred files from HTTP or SMB streams, and identify signs of command-and-control (C2) activity. Whether investigating a security breach or auditing network controls, this skill provides the necessary patterns for automated traffic processing and manual deep-dive analysis.

Características Principales

01Automated extraction of files and metadata from network streams

02Statistical beaconing detection to identify malware communication patterns

03Deep packet inspection using Wireshark and tshark command-line utilities

040 GitHub stars

05Custom Python-based forensic analysis for large-scale PCAP processing

06Advanced protocol filtering for DNS, TLS, SMB, and HTTP traffic

Casos de Uso

01Validating network security controls and auditing protocol compliance

02Investigating suspected data exfiltration during incident response procedures

03Reconstructing attacker lateral movement and command-and-control activity

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add micsapp/micstec-skills performing-network-packet-capture-analysis

For use in Claude.ai and ChatGPT

Características Principales

01Automated extraction of files and metadata from network streams

02Statistical beaconing detection to identify malware communication patterns

03Deep packet inspection using Wireshark and tshark command-line utilities

040 GitHub stars

05Custom Python-based forensic analysis for large-scale PCAP processing

06Advanced protocol filtering for DNS, TLS, SMB, and HTTP traffic

Casos de Uso

01Validating network security controls and auditing protocol compliance

02Investigating suspected data exfiltration during incident response procedures

03Reconstructing attacker lateral movement and command-and-control activity

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add micsapp/micstec-skills performing-network-packet-capture-analysis

For use in Claude.ai and ChatGPT