Does this skill support live network capture?

No, this skill is specifically designed for the analysis of existing pcap and pcapng files. For live traffic capture, you should use tools like tcpdump, Wireshark, or tshark directly.

How does it handle very large capture files?

Because Scapy loads captures into memory, it is best to use the built-in BPF filter support to narrow the scope of analysis for files larger than 100MB, or use specific scripts instead of the 'analyze_all' command.

Can it decrypt TLS/SSL traffic?

This skill focuses on cleartext analysis and protocol metadata. To analyze encrypted content, you would need to provide an SSLKEYLOGFILE and utilize tshark's decryption capabilities externally.

What are the primary technical requirements?

The skill requires Python 3.8+ and the Scapy library. While optional, installing tshark (via Wireshark) is highly recommended for enhanced analysis performance and features.

Is sensitive information like passwords redacted?

Yes, the extract_credentials script is designed to partially mask and redact discovered passwords to ensure safe reporting while still providing enough context for security audits.

Pcap Network Analyzer

Name: Pcap Network Analyzer
Author: sandbornm

bysandbornm

•

Seguridad y Pruebas

Automates the analysis of pcap and pcapng network captures to extract forensic artifacts, identify security anomalies, and reconstruct network activity.

The pcap-analyzer skill enables deep inspection of network traffic captures directly within your development or security workflow. By leveraging Scapy and tshark, it automates complex forensic tasks such as TCP/UDP stream reassembly, DNS and HTTP transaction extraction, credential discovery, and file carving. This skill is ideal for security researchers and developers performing incident response, malware behavior analysis, or network auditing, providing structured JSON outputs and summaries to quickly identify C2 beaconing, port scanning, and sensitive data exposure.

Características Principales

01File carving from network traffic (PE, ELF, PDF, ZIP, etc.) with MD5 hashing.

028 GitHub stars

03Automated extraction of DNS queries, HTTP transactions, and TCP/UDP streams.

04Detailed traffic statistics, protocol distribution, and endpoint mapping.

05Cleartext credential discovery for protocols like HTTP Basic, FTP, and SMTP.

06Detection of security anomalies including C2 beaconing, DNS tunneling, and data exfiltration.

Casos de Uso

01Auditing network applications for accidental cleartext credential exposure or sensitive data leaks.

02Analyzing malware network behavior from sandbox captures to identify command-and-control infrastructure.

03Investigating network artifacts and communication patterns during forensic incident response.

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add sandbornm/my-claude-skills pcap-analyzer

For use in Claude.ai and ChatGPT

Download Skill