Packet Capture Analysis

What it does

Reads pcap/pcapng files and performs rapid triage: checks capture quality, builds protocol and endpoint overviews, labels IPs using DNS/HTTP/TLS SNI/RDAP evidence, generates time-series and ranking PNGs, and assembles a concise Markdown report with findings and unresolved items. It prioritises CLI for initial aggregation and Python for secondary processing and visualization.

When to use it

Use this skill when handed network captures for incident response, operational troubleshooting, or forensic summary reporting. Ideal for quickly identifying dominant protocols, major conversations, suspicious endpoints, and for producing visual artefacts and reproducible reports.

What's included

• Scripts: extraction helpers and guidance for using tshark/capinfos and Python (has_scripts=false in fetch metadata but the repo contains utility scripts).
• References: Wireshark and Scapy manuals and RDAP references are listed in the skill.
• Instructions: clear workflow: set investigation goal, check capture quality, produce protocol/endpoint summaries, label top endpoints with evidence, visualise and report.

Compatible agents

Works best with security- and ops-focused agents that can call CLI tools and Python libraries (tshark, scapy); suitable for Codex, Copilot, and other code-capable assistants.