creator/Anthropic-Cybersecurity-Skills
1
0
Fork 0
mirror of https://github.com/mukul975/Anthropic-Cybersecurity-Skills.git synced 2026-06-26 11:44:37 +03:00
Code Issues Packages Projects Releases Wiki Activity
Files
768ca51c8d331ab0bdcea8ffb31c9b99bb2c1839
Anthropic-Cybersecurity-Skills/skills/analyzing-network-packets-with-scapy/SKILL.md
T
mukul975 cb8d79e068 Map all 754 skills to MITRE ATT&CK v19.1 
- Add validated mitre_attack frontmatter to all 754 skills (286 distinct
  techniques), verified against MITRE ATT&CK v19.1 via the official
  mitreattack-python library: 0 revoked, deprecated, or invalid IDs
- Curate precise per-skill technique IDs for forensics, malware-analysis,
  threat-intel, and red-team skills (e.g. DCSync -> T1003.006,
  Kerberoasting -> T1558.003, Pass-the-Ticket -> T1550.003)
- Reconcile v19.1 tactic restructuring: Defense Evasion split into
  Stealth (TA0005) and Defense Impairment (TA0112); revoked T1562.*
  family and T1070.001/.002 remapped to active equivalents (T1685.*)
- Normalize word-split tags across 35 skills (remove filename-derived
  stopword tags, add semantic cybersecurity tags)
- Add api-reference.md for 3 skills that were missing it
- Update README ATT&CK section with accurate v19.1 tactic distribution
2026-06-01 12:13:29 +02:00

2.3 KiB
Raw Blame History

name, description, domain, subdomain, tags, version, author, license, nist_csf, mitre_attack
name description domain subdomain tags version author license nist_csf mitre_attack
analyzing-network-packets-with-scapy Craft, send, sniff, and dissect network packets using Scapy for protocol analysis, network reconnaissance, and traffic anomaly detection in authorized security testing cybersecurity network-security
scapy
packet-analysis
network-forensics
protocol-dissection
pcap
traffic-analysis
1.0 mahipal Apache-2.0
PR.IR-01
DE.CM-01
ID.AM-03
PR.DS-02
T1040
T1071
T1046
T1557

Analyzing Network Packets with Scapy

Overview

Scapy is a Python packet manipulation library that enables crafting, sending, sniffing, and dissecting network packets at granular protocol layers. This skill covers using Scapy for security-relevant tasks including TCP/UDP/ICMP packet crafting, pcap file analysis, protocol field extraction, SYN scan implementation, DNS query analysis, and detecting anomalous traffic patterns such as unusually fragmented packets or malformed headers.

When to Use

  • When investigating security incidents that require analyzing network packets with scapy
  • When building detection rules or threat hunting queries for this domain
  • When SOC analysts need structured procedures for this analysis type
  • When validating security monitoring coverage for related attack techniques

Prerequisites

  • Python 3.8+ with scapy library installed (pip install scapy)
  • Root/administrator privileges for raw socket operations (sniffing, sending)
  • Npcap (Windows) or libpcap (Linux) for packet capture
  • Authorization to perform packet operations on target network

Steps

  1. Read and parse pcap/pcapng files with rdpcap() for offline analysis
  2. Extract protocol layers (IP, TCP, UDP, DNS, HTTP) and field values
  3. Compute traffic statistics: top talkers, protocol distribution, port frequency
  4. Detect SYN flood patterns by analyzing TCP flag ratios
  5. Identify DNS exfiltration indicators via query length and entropy analysis
  6. Craft custom probe packets for authorized network testing
  7. Export findings as structured JSON report

Expected Output

JSON report containing packet statistics, protocol distribution, top source/destination IPs, detected anomalies (SYN floods, DNS tunneling indicators, fragmentation attacks), and per-flow summaries.

Reference in New Issue View Git Blame Copy Permalink