performing-network-forensics-with-wireshark

Featured

Capture and analyze network traffic using Wireshark and tshark to reconstruct network events, extract artifacts, and identify malicious communications.

AI & Automation 12,642 stars 1468 forks Updated today Apache-2.0

Install

View on GitHub

Quality Score: 99/100

Stars 20%
100
Recency 20%
100
Frontmatter 20%
70
Documentation 15%
100
Issue Health 10%
50
License 10%
100
Description 5%
100

Skill Content

# Performing Network Forensics with Wireshark ## When to Use - When analyzing captured network traffic (PCAP files) from a security incident - For identifying command-and-control (C2) communications in captured traffic - When reconstructing data exfiltration activities from packet captures - During malware analysis to identify network indicators of compromise - For extracting files, credentials, and artifacts transferred over the network ## Prerequisites - Wireshark or tshark installed for packet analysis - PCAP/PCAPNG files from network captures (tcpdump, Wireshark, network TAP) - NetworkMiner for automated artifact extraction - Sufficient RAM for large capture files (1GB+ PCAPs need 8GB+ RAM) - Understanding of TCP/IP, HTTP, DNS, TLS protocols - GeoIP databases for IP geolocation ## Workflow ### Step 1: Prepare and Validate the Capture File ```bash # Install Wireshark and tshark sudo apt-get install wireshark tshark # Verify the PCAP file capinfos /cases/case-2024-001/network/capture.pcap # Output includes: file type, packet count, capture duration, data size # Example output: # File name: capture.pcap # File type: Wireshark/tcpdump/... - pcap # Number of packets: 1,245,678 # File size: 856 MB # Data size: 823 MB # Capture duration: 3600.123456 seconds # First packet time: 2024-01-15 14:00:00.000000 # Last packet time: 2024-01-15 15:00:00.123456 # Hash the PCAP for integrity sha256sum /cases/case-2024-001/network/cap...

Details

Author
mukul975
Repository
mukul975/Anthropic-Cybersecurity-Skills
Created
3 months ago
Last Updated
today
Language
Python
License
Apache-2.0

Similar Skills

Semantically similar based on skill content — not just same category

AI & Automation Featured

analyzing-network-traffic-with-wireshark

Captures and analyzes network packet data using Wireshark and tshark to identify malicious traffic patterns, diagnose protocol issues, extract artifacts, and support incident response investigations on authorized network segments.

12,642 Updated today
mukul975
AI & Automation Listed

analyzing-network-traffic-with-wireshark

Captures and analyzes network packet data using Wireshark and tshark to identify malicious traffic patterns, diagnose protocol issues, extract artifacts, and support incident response investigations on authorized network segments.

6 Updated today
26zl
AI & Automation Featured

performing-network-packet-capture-analysis

Perform forensic analysis of network packet captures (PCAP/PCAPNG) using Wireshark, tshark, and tcpdump to reconstruct network communications, extract transferred files, identify malicious traffic, and establish evidence of data exfiltration or command-and-control activity.

12,642 Updated today
mukul975
AI & Automation Featured

wireshark-analysis

Execute comprehensive network traffic analysis using Wireshark to capture, filter, and examine network packets for security investigations, performance optimization, and troubleshooting.

39,227 Updated today
sickn33
AI & Automation Featured

analyzing-network-traffic-for-incidents

Analyzes network traffic captures and flow data to identify adversary activity during security incidents, including command-and-control communications, lateral movement, data exfiltration, and exploitation attempts. Uses Wireshark, Zeek, and NetFlow analysis techniques. Activates for requests involving network traffic analysis, packet capture investigation, PCAP analysis, network forensics, C2 traffic detection, or exfiltration detection.

12,642 Updated today
mukul975