analyzing-network-traffic-with-wireshark

Featured

Captures and analyzes network packet data using Wireshark and tshark to identify malicious traffic patterns, diagnose protocol issues, extract artifacts, and support incident response investigations on authorized network segments.

AI & Automation 12,642 stars 1468 forks Updated today Apache-2.0

Install

View on GitHub

Quality Score: 99/100

Stars 20%
100
Recency 20%
100
Frontmatter 20%
70
Documentation 15%
100
Issue Health 10%
50
License 10%
100
Description 5%
100

Skill Content

# Analyzing Network Traffic with Wireshark ## When to Use - Investigating suspected network intrusions by examining packet-level evidence of command-and-control traffic, data exfiltration, or lateral movement - Diagnosing network performance issues such as retransmissions, fragmentation, or DNS resolution failures - Analyzing malware communication patterns by capturing traffic from sandboxed or isolated hosts - Validating firewall and IDS rules by confirming what traffic is actually traversing network segments - Extracting files, credentials, or indicators of compromise from captured network sessions **Do not use** to capture traffic on networks without authorization, to intercept private communications without legal authority, or as a substitute for full-featured SIEM platforms in production monitoring. ## Prerequisites - Wireshark 4.0+ and tshark command-line utility installed - Root/sudo privileges or membership in the `wireshark` group for live packet capture - Network interface access (physical NIC, span port, or network tap) to the monitored segment - Sufficient disk space for packet capture files (estimate 1 GB per minute on busy gigabit links) - Familiarity with TCP/IP protocols, HTTP, DNS, TLS, and SMB at the packet level ## Workflow ### Step 1: Configure Capture Environment Set up the capture interface and filters to target relevant traffic: ```bash # List available interfaces tshark -D # Start capture on eth0 with a capture filter to limit scope tshark -i...

Details

Author
mukul975
Repository
mukul975/Anthropic-Cybersecurity-Skills
Created
3 months ago
Last Updated
today
Language
Python
License
Apache-2.0

Similar Skills

Semantically similar based on skill content — not just same category

AI & Automation Listed

analyzing-network-traffic-with-wireshark

Captures and analyzes network packet data using Wireshark and tshark to identify malicious traffic patterns, diagnose protocol issues, extract artifacts, and support incident response investigations on authorized network segments.

6 Updated today
26zl
AI & Automation Featured

performing-network-forensics-with-wireshark

Capture and analyze network traffic using Wireshark and tshark to reconstruct network events, extract artifacts, and identify malicious communications.

12,642 Updated today
mukul975
AI & Automation Featured

wireshark-analysis

Execute comprehensive network traffic analysis using Wireshark to capture, filter, and examine network packets for security investigations, performance optimization, and troubleshooting.

39,227 Updated today
sickn33
AI & Automation Solid

wireshark-network-traffic-analysis

This skill should be used when the user asks to "analyze network traffic with Wireshark", "capture packets for troubleshooting", "filter PCAP files", "follow TCP/UDP streams", "detect network anomalies", "investigate suspicious traffic", or "perform protocol analysis". It provides comprehensive techniques for network packet capture, filtering, and analysis using Wireshark.

4,215 Updated today
zebbern
AI & Automation Featured

analyzing-network-traffic-for-incidents

Analyzes network traffic captures and flow data to identify adversary activity during security incidents, including command-and-control communications, lateral movement, data exfiltration, and exploitation attempts. Uses Wireshark, Zeek, and NetFlow analysis techniques. Activates for requests involving network traffic analysis, packet capture investigation, PCAP analysis, network forensics, C2 traffic detection, or exfiltration detection.

12,642 Updated today
mukul975