creator/Anthropic-Cybersecurity-Skills
1
0
Fork 0
mirror of https://github.com/mukul975/Anthropic-Cybersecurity-Skills.git synced 2026-06-15 23:44:56 +03:00
Code Issues Packages Projects Releases Wiki Activity
Files
757f1c8eae4e288d20f7dfde7f7a42a4d30cffc7
Anthropic-Cybersecurity-Skills/skills/analyzing-network-packets-with-scapy/SKILL.md
T
mukul975 757f1c8eae Add 5 new cybersecurity skills with full implementations 
- implementing-vulnerability-management-with-greenbone: python-gvm GMP API, scan task creation, XML report parsing
- detecting-email-account-compromise: Microsoft Graph inbox rules, impossible travel detection, OAuth grant analysis
- performing-threat-intelligence-sharing-with-misp: PyMISP event creation, attribute management, sharing validation
- analyzing-cobaltstrike-malleable-c2-profiles: dissect.cobaltstrike C2Profile parsing, Suricata rule generation
- hunting-for-registry-run-key-persistence: Sysmon Event 13 analysis, T1547.001 detection, Sigma rule generation
2026-03-11 00:41:59 +01:00

1.9 KiB
Raw Blame History

name, description, domain, subdomain, tags, version, author, license
name description domain subdomain tags version author license
analyzing-network-packets-with-scapy Craft, send, sniff, and dissect network packets using Scapy for protocol analysis, network reconnaissance, and traffic anomaly detection in authorized security testing cybersecurity network-security
scapy
packet-analysis
network-forensics
protocol-dissection
pcap
traffic-analysis
1.0 mahipal Apache-2.0

Analyzing Network Packets with Scapy

Overview

Scapy is a Python packet manipulation library that enables crafting, sending, sniffing, and dissecting network packets at granular protocol layers. This skill covers using Scapy for security-relevant tasks including TCP/UDP/ICMP packet crafting, pcap file analysis, protocol field extraction, SYN scan implementation, DNS query analysis, and detecting anomalous traffic patterns such as unusually fragmented packets or malformed headers.

Prerequisites

  • Python 3.8+ with scapy library installed (pip install scapy)
  • Root/administrator privileges for raw socket operations (sniffing, sending)
  • Npcap (Windows) or libpcap (Linux) for packet capture
  • Authorization to perform packet operations on target network

Steps

  1. Read and parse pcap/pcapng files with rdpcap() for offline analysis
  2. Extract protocol layers (IP, TCP, UDP, DNS, HTTP) and field values
  3. Compute traffic statistics: top talkers, protocol distribution, port frequency
  4. Detect SYN flood patterns by analyzing TCP flag ratios
  5. Identify DNS exfiltration indicators via query length and entropy analysis
  6. Craft custom probe packets for authorized network testing
  7. Export findings as structured JSON report

Expected Output

JSON report containing packet statistics, protocol distribution, top source/destination IPs, detected anomalies (SYN floods, DNS tunneling indicators, fragmentation attacks), and per-flow summaries.

Reference in New Issue View Git Blame Copy Permalink