wireshark-analysis
Analyze Network Traffic with Wireshark
Network security professionals spend hours manually filtering packet captures and reconstructing communication streams. This skill provides instant Wireshark expertise with proper filter syntax, stream analysis workflows, and security detection patterns.
スキルZIPをダウンロード
Claudeでアップロード
設定 → 機能 → スキル → スキルをアップロードへ移動
オンにして利用開始
テストする
「wireshark-analysis」を使用しています。 Create a filter to show all DNS traffic to external servers only.
期待される結果:
Use this display filter: dns && !(ip.addr == 192.168.1.0/24). This shows all DNS queries and responses except those within your local network. Adjust the network range to match your internal subnet.
「wireshark-analysis」を使用しています。 How do I find plaintext credentials in HTTP traffic?
期待される結果:
Follow these steps: 1) Filter with http.request.method == "POST" to find form submissions. 2) Right-click any POST packet and select Follow > HTTP Stream. 3) Search the stream for 'username', 'password', 'email', or 'login' parameters. 4) Look in the request body for credentials transmitted in cleartext.
セキュリティ監査
安全All static findings are false positives. The skill contains Wireshark command documentation in markdown code blocks, not executable code. No actual code execution, network operations, or cryptographic implementations are present. This is educational documentation for network security professionals.
品質スコア
作れるもの
Incident Response Investigation
Security analysts investigating suspected malware infections or data exfiltration use filter syntax to identify suspicious traffic patterns, extract C2 beaconing behavior, and document evidence.
Network Performance Troubleshooting
Network engineers diagnosing slow application performance use TCP analysis filters to identify retransmissions, packet loss, and zero window conditions affecting throughput.
Security Education and Training
Students learning network protocols use guided workflows to understand TCP handshakes, follow HTTP streams, and practice packet-level analysis techniques.
これらのプロンプトを試す
Create a Wireshark display filter to show all HTTP traffic from IP address 192.168.1.100.
Guide me through following a TCP stream in Wireshark to reconstruct a complete conversation between two hosts. I need to see the actual data exchanged.
Help me create Wireshark filters to detect potential port scanning activity. I want to identify hosts that are attempting connections to multiple ports.
I'm experiencing slow network performance. Show me how to use Wireshark expert information to identify TCP retransmissions, duplicate ACKs, and other indicators of network problems.
ベストプラクティス
- Always use capture filters before starting live captures to limit data collection and reduce memory usage on high-traffic networks.
- Save PCAP files with descriptive names and timestamps before performing destructive filtering operations to preserve original evidence.
- Document your analysis methodology and findings in notes for incident reports and future reference.
回避
- Avoid deleting packets from the capture view permanently - use display filters instead to hide packets without losing data.
- Do not capture sensitive credentials or personal data unnecessarily - use targeted capture filters to minimize privacy impact.
- Never share PCAP files containing sensitive network data without redacting or encrypting them first.