Habilidades wireshark-analysis

📊

wireshark-analysis

Name: wireshark-analysis
Author: zebbern

Seguro

Analyze Network Traffic with Wireshark

Network security professionals spend hours manually filtering packet captures and reconstructing communication streams. This skill provides instant Wireshark expertise with proper filter syntax, stream analysis workflows, and security detection patterns.

Suporta: Claude Codex Code(CC)

🥉 72 Bronze

Baixar o ZIP da skill

Upload no Claude

Vá em Configurações → Capacidades → Skills → Upload skill

Ative e comece a usar

Testar

A utilizar "wireshark-analysis". Create a filter to show all DNS traffic to external servers only.

Resultado esperado:

Use this display filter: dns && !(ip.addr == 192.168.1.0/24). This shows all DNS queries and responses except those within your local network. Adjust the network range to match your internal subnet.

A utilizar "wireshark-analysis". How do I find plaintext credentials in HTTP traffic?

Resultado esperado:

Follow these steps: 1) Filter with http.request.method == "POST" to find form submissions. 2) Right-click any POST packet and select Follow > HTTP Stream. 3) Search the stream for 'username', 'password', 'email', or 'login' parameters. 4) Look in the request body for credentials transmitted in cleartext.

Auditoria de Segurança

Seguro

v1 • 2/25/2026

All static findings are false positives. The skill contains Wireshark command documentation in markdown code blocks, not executable code. No actual code execution, network operations, or cryptographic implementations are present. This is educational documentation for network security professionals.

Arquivos analisados

503

Linhas analisadas

achados

Total de auditorias

Nenhum problema de segurança encontrado

Auditado por: claude

Pontuação de qualidade

Arquitetura

Manutenibilidade

Conteúdo

Comunidade

100

Segurança

Conformidade com especificações

O Que Você Pode Construir

Incident Response Investigation

Security analysts investigating suspected malware infections or data exfiltration use filter syntax to identify suspicious traffic patterns, extract C2 beaconing behavior, and document evidence.

Network Performance Troubleshooting

Network engineers diagnosing slow application performance use TCP analysis filters to identify retransmissions, packet loss, and zero window conditions affecting throughput.

Security Education and Training

Students learning network protocols use guided workflows to understand TCP handshakes, follow HTTP streams, and practice packet-level analysis techniques.

Tente Estes Prompts

Basic Filter Creation

Create a Wireshark display filter to show all HTTP traffic from IP address 192.168.1.100.

TCP Stream Analysis

Guide me through following a TCP stream in Wireshark to reconstruct a complete conversation between two hosts. I need to see the actual data exchanged.

Security Pattern Detection

Help me create Wireshark filters to detect potential port scanning activity. I want to identify hosts that are attempting connections to multiple ports.

Troubleshooting Network Issues

I'm experiencing slow network performance. Show me how to use Wireshark expert information to identify TCP retransmissions, duplicate ACKs, and other indicators of network problems.

Melhores Práticas

Always use capture filters before starting live captures to limit data collection and reduce memory usage on high-traffic networks.
Save PCAP files with descriptive names and timestamps before performing destructive filtering operations to preserve original evidence.
Document your analysis methodology and findings in notes for incident reports and future reference.

Evitar

Avoid deleting packets from the capture view permanently - use display filters instead to hide packets without losing data.
Do not capture sensitive credentials or personal data unnecessarily - use targeted capture filters to minimize privacy impact.
Never share PCAP files containing sensitive network data without redacting or encrypting them first.

Perguntas Frequentes

Can this skill directly analyze my PCAP files?

No, this skill provides expertise and guidance for Wireshark workflows. You must run Wireshark separately and describe what you find for interpretation and analysis assistance.

Why does my filter show red in Wireshark?

A red filter indicates syntax errors. Check for typos in field names, missing operators, or unbalanced parentheses. Use the Expression button to browse valid filter fields.

Can I decrypt HTTPS traffic with this skill?

This skill explains the decryption process, but you need the server's private key or browser pre-master secret key. Modern TLS with forward secrecy often prevents passive decryption.

What is the difference between capture and display filters?

Capture filters limit what Wireshark records before saving packets, reducing file size. Display filters hide packets in the view after capture, letting you show or hide traffic without losing data.

How do I extract files from HTTP traffic?

Go to File > Export Objects > HTTP. Wireshark lists all files transferred via HTTP with content types. Select files to export and save them to disk for analysis.

Can this skill detect malware in network traffic?

This skill provides patterns and techniques for identifying suspicious traffic like C2 beaconing, unusual ports, and encoded payloads. Detection requires manual analysis and threat intelligence context.

Detalhes do Desenvolvedor

Autor

zebbern

Licença

MIT

Repositório

https://github.com/sickn33/antigravity-awesome-skills/tree/main/skills/wireshark-analysis

Referência

main

Estrutura de arquivos

📄 SKILL.md