Skill

performing-network-traffic-analysis-with-tshark

Automates PCAP analysis using tshark and pyshark for protocol stats, top talkers, suspicious flows, DNS anomalies, and IOC extraction in security investigations.

Python

Linux

security

npx claudepluginhub mukul975/anthropic-cybersecurity-skills --plugin cybersecurity-skills

Tool Access

This skill uses the workspace's default tool permissions.

Preview

This skill automates packet capture analysis using tshark (Wireshark CLI) and pyshark (Python wrapper). It extracts protocol distribution statistics, identifies suspicious network flows (port scans, beaconing, data exfiltration), extracts IOCs (IPs, domains, URLs), and detects DNS tunneling patterns from PCAP files.

Supporting Assets

LICENSEreferences/api-reference.mdscripts/agent.py

SKILL.md

Similar Skills

applying-brand-guidelines

41.6k

Applies Acme Corporation brand guidelines including colors, fonts, layouts, and messaging to generated PowerPoint, Excel, and PDF documents.

3 files

anthropics-claude-cookbooks

creating-financial-models

41.6k

Builds DCF models with sensitivity analysis, Monte Carlo simulations, and scenario planning for investment valuation and risk assessment.

2 files

anthropics-claude-cookbooks

analyzing-financial-statements

41.6k

Calculates profitability (ROE, margins), liquidity (current ratio), leverage, efficiency, and valuation (P/E, EV/EBITDA) ratios from financial statements in CSV, JSON, text, or Excel for investment analysis.

2 files

anthropics-claude-cookbooks

Stats

Stars5748

Forks783

Last CommitApr 6, 2026

Actions

View Source View Plugin View on GitHub View README

Performing Network Traffic Analysis with TShark

Overview

When to Use

When conducting security assessments that involve performing network traffic analysis with tshark
When following incident response procedures for related security events
When performing scheduled security testing or auditing activities
When validating security controls through hands-on testing

Prerequisites

tshark (Wireshark CLI) installed and in PATH
Python 3.8+ with pyshark library
PCAP or PCAPNG capture file for analysis

Steps

Extract Protocol Statistics — Generate protocol hierarchy and conversation statistics from the capture
Identify Top Talkers — Rank source/destination IPs by volume and connection count
Detect Suspicious Flows — Flag port scanning patterns, unusual port usage, and high-frequency connections
Extract Network IOCs — Pull unique IPs, domains from DNS queries, and URLs from HTTP traffic
Analyze DNS Traffic — Detect DNS tunneling via high-entropy subdomain queries and excessive TXT records
Generate Analysis Report — Produce structured report with flow summaries and threat indicators

Expected Output

JSON report with protocol statistics and top talkers
Suspicious flow detections with severity ratings
Extracted IOCs (IPs, domains, URLs)
DNS anomaly analysis results