Skills
skills/mukul975/anthropic-cybersecurity-skills/implementing-network-traffic-analysis-with-arkime

implementing-network-traffic-analysis-with-arkime

SKILL.md

Instructions

  1. Install dependencies: pip install requests
  2. Configure Arkime viewer URL and credentials.
  3. Run the agent to query Arkime sessions and analyze traffic:
    • Search sessions by IP, port, protocol, or expression
    • Download PCAP data for forensic analysis
    • Detect C2 beaconing via connection interval analysis
    • Identify DNS tunneling through query length statistics
    • Flag connections to known-bad TLS certificate issuers
python scripts/agent.py --arkime-url https://arkime.local:8005 --user admin --password secret --output arkime_report.json

Examples

Beaconing Detection

Source: 10.1.2.50 -> 185.220.101.34:443
Sessions: 288 over 24 hours
Avg interval: 300s, Jitter: 4.2%
Verdict: HIGH confidence C2 beaconing (jitter < 5%)
Weekly Installs
2
Repository
mukul975/anthro…y-skills
GitHub Stars
2.4K
First Seen
2 days ago
Security Audits
Gen Agent Trust HubWarn
SocketPass
SnykFail
Installed on
amp2
cline2
opencode2
cursor2
kimi-cli2
codex2