networking
SKILL.md
Networking Skill
Quick Workflow
Progress:
- [ ] Get protocol overview (tshark -z io,phs)
- [ ] Search strings for flag pattern
- [ ] Export HTTP/SMB objects
- [ ] Follow interesting streams
- [ ] Check for credentials/exfiltration
- [ ] Extract flag
Quick Analysis Pipeline
# 1. Basic info
capinfos capture.pcap
file capture.pcap
# 2. Protocol hierarchy
tshark -r capture.pcap -z io,phs
# 3. Conversations
tshark -r capture.pcap -z conv,tcp
# 4. Quick string search
strings capture.pcap | grep -i flag
tshark -r capture.pcap -Y "frame contains flag"
Reference Files
| Topic | Reference |
|---|---|
| Wireshark Filters & tshark | reference/wireshark.md |
| Protocol Analysis (HTTP, DNS, FTP, etc.) | reference/protocols.md |
| CTF Patterns & Attacks | reference/ctf-patterns.md |
Tools Quick Reference
| Tool | Purpose | Install |
|---|---|---|
| Wireshark | GUI packet analysis | brew install wireshark |
| tshark | CLI packet analysis | brew install wireshark |
| tcpdump | Packet capture | Built-in |
| tcpflow | TCP stream extraction | brew install tcpflow |
| nmap | Port scanning | brew install nmap |
| masscan | Fast port scanning | brew install masscan |
| scapy | Packet manipulation | pip install scapy |
Scapy Quick Reference
from scapy.all import *
# Read PCAP
packets = rdpcap('capture.pcap')
# Filter packets
http_packets = [p for p in packets if TCP in p and p[TCP].dport == 80]
# Extract data
for p in packets:
if Raw in p:
print(p[Raw].load)
Weekly Installs
7
Repository
kiwamizamurai/cctfGitHub Stars
5
First Seen
Feb 1, 2026
Security Audits
Installed on
opencode6
gemini-cli5
github-copilot5
codex5
amp5
kimi-cli5