Skills wireshark-analysis

📊

wireshark-analysis

Name: wireshark-analysis
Author: zebbern

Safe

Analyze Network Traffic with Wireshark

Network security professionals spend hours manually filtering packet captures and reconstructing communication streams. This skill provides instant Wireshark expertise with proper filter syntax, stream analysis workflows, and security detection patterns.

Supports: Claude Codex Code(CC)

📊 69 Adequate

Download the skill ZIP

Upload in Claude

Go to Settings → Capabilities → Skills → Upload skill

Toggle on and start using

Test it

Using "wireshark-analysis". Create a filter to show all DNS traffic to external servers only.

Expected outcome:

Use this display filter: dns && !(ip.addr == 192.168.1.0/24). This shows all DNS queries and responses except those within your local network. Adjust the network range to match your internal subnet.

Using "wireshark-analysis". How do I find plaintext credentials in HTTP traffic?

Expected outcome:

Follow these steps: 1) Filter with http.request.method == "POST" to find form submissions. 2) Right-click any POST packet and select Follow > HTTP Stream. 3) Search the stream for 'username', 'password', 'email', or 'login' parameters. 4) Look in the request body for credentials transmitted in cleartext.

Security Audit

Safe

v1 • 2/25/2026

All static findings are false positives. The skill contains Wireshark command documentation in markdown code blocks, not executable code. No actual code execution, network operations, or cryptographic implementations are present. This is educational documentation for network security professionals.

Files scanned

503

Lines analyzed

findings

Total audits

No security issues found

Audited by: claude

Quality Score

Architecture

Maintainability

Content

Community

100

Security

Spec Compliance

What You Can Build

Incident Response Investigation

Security analysts investigating suspected malware infections or data exfiltration use filter syntax to identify suspicious traffic patterns, extract C2 beaconing behavior, and document evidence.

Network Performance Troubleshooting

Network engineers diagnosing slow application performance use TCP analysis filters to identify retransmissions, packet loss, and zero window conditions affecting throughput.

Security Education and Training

Students learning network protocols use guided workflows to understand TCP handshakes, follow HTTP streams, and practice packet-level analysis techniques.

Try These Prompts

Basic Filter Creation

Create a Wireshark display filter to show all HTTP traffic from IP address 192.168.1.100.

TCP Stream Analysis

Guide me through following a TCP stream in Wireshark to reconstruct a complete conversation between two hosts. I need to see the actual data exchanged.

Security Pattern Detection

Help me create Wireshark filters to detect potential port scanning activity. I want to identify hosts that are attempting connections to multiple ports.

Troubleshooting Network Issues

I'm experiencing slow network performance. Show me how to use Wireshark expert information to identify TCP retransmissions, duplicate ACKs, and other indicators of network problems.

Best Practices

Always use capture filters before starting live captures to limit data collection and reduce memory usage on high-traffic networks.
Save PCAP files with descriptive names and timestamps before performing destructive filtering operations to preserve original evidence.
Document your analysis methodology and findings in notes for incident reports and future reference.

Avoid

Avoid deleting packets from the capture view permanently - use display filters instead to hide packets without losing data.
Do not capture sensitive credentials or personal data unnecessarily - use targeted capture filters to minimize privacy impact.
Never share PCAP files containing sensitive network data without redacting or encrypting them first.

Frequently Asked Questions

Can this skill directly analyze my PCAP files?

No, this skill provides expertise and guidance for Wireshark workflows. You must run Wireshark separately and describe what you find for interpretation and analysis assistance.

Why does my filter show red in Wireshark?

A red filter indicates syntax errors. Check for typos in field names, missing operators, or unbalanced parentheses. Use the Expression button to browse valid filter fields.

Can I decrypt HTTPS traffic with this skill?

This skill explains the decryption process, but you need the server's private key or browser pre-master secret key. Modern TLS with forward secrecy often prevents passive decryption.

What is the difference between capture and display filters?

Capture filters limit what Wireshark records before saving packets, reducing file size. Display filters hide packets in the view after capture, letting you show or hide traffic without losing data.

How do I extract files from HTTP traffic?

Go to File > Export Objects > HTTP. Wireshark lists all files transferred via HTTP with content types. Select files to export and save them to disk for analysis.

Can this skill detect malware in network traffic?

This skill provides patterns and techniques for identifying suspicious traffic like C2 beaconing, unusual ports, and encoded payloads. Detection requires manual analysis and threat intelligence context.

Developer Details

Author

zebbern

License

MIT

Repository

https://github.com/sickn33/antigravity-awesome-skills/tree/main/skills/wireshark-analysis

Ref

main

File structure

📄 SKILL.md