Skills
skills/mukul975/anthropic-cybersecurity-skills/analyzing-network-packets-with-scapy

analyzing-network-packets-with-scapy

SKILL.md

Analyzing Network Packets with Scapy

Overview

Scapy is a Python packet manipulation library that enables crafting, sending, sniffing, and dissecting network packets at granular protocol layers. This skill covers using Scapy for security-relevant tasks including TCP/UDP/ICMP packet crafting, pcap file analysis, protocol field extraction, SYN scan implementation, DNS query analysis, and detecting anomalous traffic patterns such as unusually fragmented packets or malformed headers.

Prerequisites

  • Python 3.8+ with scapy library installed (pip install scapy)
  • Root/administrator privileges for raw socket operations (sniffing, sending)
  • Npcap (Windows) or libpcap (Linux) for packet capture
  • Authorization to perform packet operations on target network

Steps

  1. Read and parse pcap/pcapng files with rdpcap() for offline analysis
  2. Extract protocol layers (IP, TCP, UDP, DNS, HTTP) and field values
  3. Compute traffic statistics: top talkers, protocol distribution, port frequency
  4. Detect SYN flood patterns by analyzing TCP flag ratios
  5. Identify DNS exfiltration indicators via query length and entropy analysis
  6. Craft custom probe packets for authorized network testing
  7. Export findings as structured JSON report

Expected Output

JSON report containing packet statistics, protocol distribution, top source/destination IPs, detected anomalies (SYN floods, DNS tunneling indicators, fragmentation attacks), and per-flow summaries.

Weekly Installs
4
Repository
mukul975/anthro…y-skills
GitHub Stars
873
First Seen
1 day ago
Security Audits
Gen Agent Trust HubPass
SocketWarn
SnykPass
Installed on
amp4
cline4
opencode4
cursor4
kimi-cli4
codex4