Skill

analyzing-network-packets-with-scapy

Crafts, sends, sniffs, and dissects network packets with Scapy for protocol analysis, reconnaissance, pcap review, and anomaly detection like SYN floods in authorized security testing.

Python

security

npx claudepluginhub mukul975/anthropic-cybersecurity-skills --plugin cybersecurity-skills

Tool Access

This skill uses the workspace's default tool permissions.

Preview

Scapy is a Python packet manipulation library that enables crafting, sending, sniffing, and dissecting network packets at granular protocol layers. This skill covers using Scapy for security-relevant tasks including TCP/UDP/ICMP packet crafting, pcap file analysis, protocol field extraction, SYN scan implementation, DNS query analysis, and detecting anomalous traffic patterns such as unusually ...

Supporting Assets

LICENSEreferences/api-reference.mdscripts/agent.py

SKILL.md

Similar Skills

applying-brand-guidelines

41.6k

Applies Acme Corporation brand guidelines including colors, fonts, layouts, and messaging to generated PowerPoint, Excel, and PDF documents.

3 files

anthropics-claude-cookbooks

creating-financial-models

41.6k

Builds DCF models with sensitivity analysis, Monte Carlo simulations, and scenario planning for investment valuation and risk assessment.

2 files

anthropics-claude-cookbooks

analyzing-financial-statements

41.6k

Calculates profitability (ROE, margins), liquidity (current ratio), leverage, efficiency, and valuation (P/E, EV/EBITDA) ratios from financial statements in CSV, JSON, text, or Excel for investment analysis.

2 files

anthropics-claude-cookbooks

Stats

Stars5748

Forks783

Last CommitApr 6, 2026

Actions

View Source View Plugin View on GitHub View README

Analyzing Network Packets with Scapy

Overview

When to Use

When investigating security incidents that require analyzing network packets with scapy
When building detection rules or threat hunting queries for this domain
When SOC analysts need structured procedures for this analysis type
When validating security monitoring coverage for related attack techniques

Prerequisites

Python 3.8+ with scapy library installed (pip install scapy)
Root/administrator privileges for raw socket operations (sniffing, sending)
Npcap (Windows) or libpcap (Linux) for packet capture
Authorization to perform packet operations on target network

Steps

Read and parse pcap/pcapng files with rdpcap() for offline analysis
Extract protocol layers (IP, TCP, UDP, DNS, HTTP) and field values
Compute traffic statistics: top talkers, protocol distribution, port frequency
Detect SYN flood patterns by analyzing TCP flag ratios
Identify DNS exfiltration indicators via query length and entropy analysis
Craft custom probe packets for authorized network testing
Export findings as structured JSON report

Expected Output

JSON report containing packet statistics, protocol distribution, top source/destination IPs, detected anomalies (SYN floods, DNS tunneling indicators, fragmentation attacks), and per-flow summaries.