Skills
skills/mukul975/anthropic-cybersecurity-skills/analyzing-network-flow-data-with-netflow

analyzing-network-flow-data-with-netflow

SKILL.md

Instructions

  1. Install dependencies: pip install netflow
  2. Collect NetFlow/IPFIX data from routers or use the built-in collector: python -m netflow.collector -p 9995
  3. Parse captured flow data using netflow.parse_packet().
  4. Analyze flows for:
    • Port scanning: single source to many destinations on same port
    • Data exfiltration: high byte-count outbound flows to unusual destinations
    • C2 beaconing: periodic connections with consistent intervals
    • Volumetric anomalies: traffic spikes beyond baseline thresholds
  5. Generate a prioritized findings report.
python scripts/agent.py --flow-file captured_flows.json --output netflow_report.json

Examples

Parse NetFlow v9 Packet

import netflow
data, _ = netflow.parse_packet(raw_bytes, templates={})
for flow in data.flows:
    print(flow.IPV4_SRC_ADDR, flow.IPV4_DST_ADDR, flow.IN_BYTES)
Weekly Installs
6
Repository
mukul975/anthro…y-skills
GitHub Stars
873
First Seen
1 day ago
Security Audits
Gen Agent Trust HubPass
SocketPass
SnykPass
Installed on
kimi-cli6
gemini-cli6
github-copilot6
amp6
cline6
codex6