Wireshark Network Traffic Analysis
Analyze Network Traffic with Wireshark
Network troubleshooting and security investigations require deep packet inspection. This skill provides comprehensive Wireshark techniques to capture, filter, and analyze network traffic for incident response and performance optimization.
Baixar o ZIP da skill
Upload no Claude
Vá em Configurações → Capacidades → Skills → Upload skill
Ative e comece a usar
Testar
A utilizar "Wireshark Network Traffic Analysis". Show me how to filter for all DNS traffic and identify failed DNS lookups
Resultado esperado:
- Filter: dns - shows all DNS queries and responses
- Filter: dns.flags.response == 0 - shows DNS queries only
- Filter: dns.flags.rcode != 0 - shows failed DNS lookups with error codes
- Use Statistics > Conversations to see top queried domains
A utilizar "Wireshark Network Traffic Analysis". How do I detect port scanning activity in this capture?
Resultado esperado:
- Filter: ip.src == SUSPECT_IP && tcp.flags.syn == 1 - shows all SYN packets from source
- Check Statistics > Conversations > TCP tab
- Look for single source IP connecting to many destination ports
- Identical timing patterns suggest automated scanning tools
Auditoria de Segurança
SeguroStatic analysis detected 76 potential security issues but all are false positives. This is a documentation-only skill containing Wireshark filter syntax examples and network analysis procedures. No executable code, external commands, or network operations exist. All flagged patterns are markdown code blocks showing educational examples of Wireshark display filters, protocol syntax, and security investigation techniques.
Pontuação de qualidade
O Que Você Pode Construir
Security Incident Investigation
Analyze captured network traffic to identify malicious patterns, detect data exfiltration, and reconstruct attack sequences for forensic evidence collection
Network Troubleshooting
Diagnose connectivity issues, identify packet loss, analyze TCP retransmissions, and locate performance bottlenecks in application traffic
Protocol Analysis Education
Learn network protocols by examining real packet captures, understanding protocol handshakes, and visualizing communication patterns between hosts
Tente Estes Prompts
I have a PCAP file and need to find all HTTP traffic. Show me how to filter for HTTP requests and responses in Wireshark.
Help me follow the TCP stream for this packet to see the complete conversation between the client and server, including all transmitted data.
I suspect malware C2 communication. Show me Wireshark filters to detect beaconing patterns, unusual DNS queries, and high-frequency connections to suspicious IPs.
Our web application is slow. Help me analyze packet captures to identify TCP retransmissions, zero window issues, and high latency problems.
Melhores Práticas
- Always use capture filters before starting packet capture to limit data collection and reduce memory usage
- Apply display filters incrementally to isolate specific traffic rather than deleting packets from the capture
- Document analysis findings with annotated screenshots and exported packet dissections for reporting
- Save captures regularly during long analysis sessions to prevent data loss if Wireshark crashes
Evitar
- Capturing traffic on networks without proper authorization violates privacy laws and organizational policies
- Deleting packets from captures instead of using display filters permanently loses analysis context
- Analyzing encrypted TLS traffic without decryption keys wastes time since payload content is inaccessible
- Opening large multi-gigabyte PCAP files without filtering first can exhaust system memory
Perguntas Frequentes
Do I need administrator or root privileges to capture packets?
Can this skill decrypt HTTPS and TLS traffic?
Why is my filter showing in red color?
Can I analyze captured packets without Wireshark installed?
What is the difference between capture filters and display filters?
How do I share my analysis findings with team members?
Detalhes do Desenvolvedor
Autor
sickn33Licença
MIT
Repositório
https://github.com/sickn33/antigravity-awesome-skills/tree/main/web-app/public/skills/wireshark-analysisReferência
main
Estrutura de arquivos
📄 SKILL.md