creator/Anthropic-Cybersecurity-Skills
1
0
Fork 0
mirror of https://github.com/mukul975/Anthropic-Cybersecurity-Skills.git synced 2026-06-12 22:24:56 +03:00
Code Issues Packages Projects Releases Wiki Activity
Files
d5f3fa32486ea335db802d68fe2147fa2da69583
Anthropic-Cybersecurity-Skills/skills/analyzing-network-packets-with-scapy/SKILL.md
T
mukul975 efca3ec611 feat: add NIST CSF 2.0 nist_csf field to all 754 cybersecurity skills 
Mapped every skill to NIST CSF 2.0 subcategory IDs (GV/ID/PR/DE/RS/RC functions)
based on subdomain and content analysis. Restores 11 skills corrupted during
prior rebase, re-enriching with ATLAS, D3FEND, NIST AI RMF, and CSF 2.0 fields.

All 754 skills now carry structured mappings for all 5 security frameworks:
- MITRE ATT&CK (in tags)
- MITRE ATLAS v5.5 (atlas_techniques)
- MITRE D3FEND v1.3 (d3fend_techniques)
- NIST AI RMF 1.0 (nist_ai_rmf)
- NIST CSF 2.0 (nist_csf)
2026-04-06 11:17:40 +02:00

2.2 KiB
Raw Blame History

name, description, domain, subdomain, tags, version, author, license, nist_csf
name description domain subdomain tags version author license nist_csf
analyzing-network-packets-with-scapy Craft, send, sniff, and dissect network packets using Scapy for protocol analysis, network reconnaissance, and traffic anomaly detection in authorized security testing cybersecurity network-security
scapy
packet-analysis
network-forensics
protocol-dissection
pcap
traffic-analysis
1.0 mahipal Apache-2.0
PR.IR-01
DE.CM-01
ID.AM-03
PR.DS-02

Analyzing Network Packets with Scapy

Overview

Scapy is a Python packet manipulation library that enables crafting, sending, sniffing, and dissecting network packets at granular protocol layers. This skill covers using Scapy for security-relevant tasks including TCP/UDP/ICMP packet crafting, pcap file analysis, protocol field extraction, SYN scan implementation, DNS query analysis, and detecting anomalous traffic patterns such as unusually fragmented packets or malformed headers.

When to Use

  • When investigating security incidents that require analyzing network packets with scapy
  • When building detection rules or threat hunting queries for this domain
  • When SOC analysts need structured procedures for this analysis type
  • When validating security monitoring coverage for related attack techniques

Prerequisites

  • Python 3.8+ with scapy library installed (pip install scapy)
  • Root/administrator privileges for raw socket operations (sniffing, sending)
  • Npcap (Windows) or libpcap (Linux) for packet capture
  • Authorization to perform packet operations on target network

Steps

  1. Read and parse pcap/pcapng files with rdpcap() for offline analysis
  2. Extract protocol layers (IP, TCP, UDP, DNS, HTTP) and field values
  3. Compute traffic statistics: top talkers, protocol distribution, port frequency
  4. Detect SYN flood patterns by analyzing TCP flag ratios
  5. Identify DNS exfiltration indicators via query length and entropy analysis
  6. Craft custom probe packets for authorized network testing
  7. Export findings as structured JSON report

Expected Output

JSON report containing packet statistics, protocol distribution, top source/destination IPs, detected anomalies (SYN floods, DNS tunneling indicators, fragmentation attacks), and per-flow summaries.

Reference in New Issue View Git Blame Copy Permalink