mirror of
https://github.com/mukul975/Anthropic-Cybersecurity-Skills.git
synced 2026-06-13 14:44:58 +03:00
mukul975
27c6414ca5
Complete skill folder anatomy across all cybersecurity skills: - scripts/agent.py: 80-150 line Python agents using real libraries (impacket, boto3, azure-mgmt-*, kubernetes, pefile, yara, scapy, shodan, stix2, etc.) - references/api-reference.md: real API documentation with method signatures - LICENSE: MIT license for all skill folders
1.6 KiB
1.6 KiB
API Reference: Network Forensics with Wireshark
pyshark API
import pyshark
# Open capture file
cap = pyshark.FileCapture("capture.pcap")
cap = pyshark.FileCapture("capture.pcap", display_filter="http.request")
# Access packet fields
for pkt in cap:
print(pkt.ip.src, pkt.ip.dst)
print(pkt.tcp.dstport)
print(pkt.http.request_uri)
tshark CLI
| Command | Description |
|---|---|
tshark -r <pcap> -q -z conv,tcp |
TCP conversation statistics |
tshark -r <pcap> -Y "dns.qr==0" -T fields -e dns.qry.name |
Extract DNS queries |
tshark -r <pcap> --export-objects http,<dir> |
Export HTTP objects |
tshark -r <pcap> -q -z io,phs |
Protocol hierarchy statistics |
tshark -r <pcap> -q -z endpoints,ip |
IP endpoint statistics |
Display Filters
| Filter | Description |
|---|---|
dns.qr==0 |
DNS queries only |
http.request |
HTTP requests |
tls.handshake.extensions_server_name |
TLS SNI values |
tcp.flags.syn==1 && tcp.flags.ack==0 |
TCP SYN packets |
ip.dst==<ip> && tcp.dstport==443 |
Traffic to specific host |
Python Libraries
| Library | Version | Purpose |
|---|---|---|
pyshark |
>=0.6 | Python wrapper for tshark packet analysis |
dpkt |
>=1.9 | Low-level PCAP parsing without tshark dependency |
scapy |
>=2.5 | Packet crafting and analysis |
References
- pyshark: https://github.com/KimiNewt/pyshark
- Wireshark display filters: https://wiki.wireshark.org/DisplayFilters
- dpkt: https://github.com/kbandla/dpkt
- NetworkMiner: https://www.netresec.com/?page=NetworkMiner