AgentSkillsCN

networking

分析网络流量并利用协议漏洞。适用于处理 PCAP 文件、Wireshark 抓包、数据包分析、协议利用、流量取证或数据外泄检测时使用。

SKILL.md
--- frontmatter
name: networking
description: Analyzes network traffic and exploits protocols. Use when working with PCAP files, Wireshark captures, packet analysis, protocol exploitation, traffic forensics, or data exfiltration detection.
allowed-tools: Bash, Read, Write, Grep, Glob

Networking Skill

Quick Workflow

code
Progress:
- [ ] Get protocol overview (tshark -z io,phs)
- [ ] Search strings for flag pattern
- [ ] Export HTTP/SMB objects
- [ ] Follow interesting streams
- [ ] Check for credentials/exfiltration
- [ ] Extract flag

Quick Analysis Pipeline

bash
# 1. Basic info
capinfos capture.pcap
file capture.pcap

# 2. Protocol hierarchy
tshark -r capture.pcap -z io,phs

# 3. Conversations
tshark -r capture.pcap -z conv,tcp

# 4. Quick string search
strings capture.pcap | grep -i flag
tshark -r capture.pcap -Y "frame contains flag"

Reference Files

TopicReference
Wireshark Filters & tsharkreference/wireshark.md
Protocol Analysis (HTTP, DNS, FTP, etc.)reference/protocols.md
CTF Patterns & Attacksreference/ctf-patterns.md

Tools Quick Reference

ToolPurposeInstall
WiresharkGUI packet analysisbrew install wireshark
tsharkCLI packet analysisbrew install wireshark
tcpdumpPacket captureBuilt-in
tcpflowTCP stream extractionbrew install tcpflow
nmapPort scanningbrew install nmap
masscanFast port scanningbrew install masscan
scapyPacket manipulationpip install scapy

Scapy Quick Reference

python
from scapy.all import *

# Read PCAP
packets = rdpcap('capture.pcap')

# Filter packets
http_packets = [p for p in packets if TCP in p and p[TCP].dport == 80]

# Extract data
for p in packets:
    if Raw in p:
        print(p[Raw].load)