wireshark-analysis
Analyze Network Traffic with Wireshark
Network security professionals spend hours manually filtering packet captures and reconstructing communication streams. This skill provides instant Wireshark expertise with proper filter syntax, stream analysis workflows, and security detection patterns.
Télécharger le ZIP du skill
Importer dans Claude
Allez dans Paramètres → Capacités → Skills → Importer un skill
Activez et commencez Ă utiliser
Tester
Utilisation de "wireshark-analysis". Create a filter to show all DNS traffic to external servers only.
RĂ©sultat attendu:
Use this display filter: dns && !(ip.addr == 192.168.1.0/24). This shows all DNS queries and responses except those within your local network. Adjust the network range to match your internal subnet.
Utilisation de "wireshark-analysis". How do I find plaintext credentials in HTTP traffic?
RĂ©sultat attendu:
Follow these steps: 1) Filter with http.request.method == "POST" to find form submissions. 2) Right-click any POST packet and select Follow > HTTP Stream. 3) Search the stream for 'username', 'password', 'email', or 'login' parameters. 4) Look in the request body for credentials transmitted in cleartext.
Audit de sécurité
SûrAll static findings are false positives. The skill contains Wireshark command documentation in markdown code blocks, not executable code. No actual code execution, network operations, or cryptographic implementations are present. This is educational documentation for network security professionals.
Score de qualité
Ce que vous pouvez construire
Incident Response Investigation
Security analysts investigating suspected malware infections or data exfiltration use filter syntax to identify suspicious traffic patterns, extract C2 beaconing behavior, and document evidence.
Network Performance Troubleshooting
Network engineers diagnosing slow application performance use TCP analysis filters to identify retransmissions, packet loss, and zero window conditions affecting throughput.
Security Education and Training
Students learning network protocols use guided workflows to understand TCP handshakes, follow HTTP streams, and practice packet-level analysis techniques.
Essayez ces prompts
Create a Wireshark display filter to show all HTTP traffic from IP address 192.168.1.100.
Guide me through following a TCP stream in Wireshark to reconstruct a complete conversation between two hosts. I need to see the actual data exchanged.
Help me create Wireshark filters to detect potential port scanning activity. I want to identify hosts that are attempting connections to multiple ports.
I'm experiencing slow network performance. Show me how to use Wireshark expert information to identify TCP retransmissions, duplicate ACKs, and other indicators of network problems.
Bonnes pratiques
- Always use capture filters before starting live captures to limit data collection and reduce memory usage on high-traffic networks.
- Save PCAP files with descriptive names and timestamps before performing destructive filtering operations to preserve original evidence.
- Document your analysis methodology and findings in notes for incident reports and future reference.
Éviter
- Avoid deleting packets from the capture view permanently - use display filters instead to hide packets without losing data.
- Do not capture sensitive credentials or personal data unnecessarily - use targeted capture filters to minimize privacy impact.
- Never share PCAP files containing sensitive network data without redacting or encrypting them first.