Network Analysis (PCAP / Zeek / Netflow)
CommunityValidate network evidence and surface C2 signals.
Authorrjonhaas
Version1.0.0
Installs0
System Documentation
What problem does it solve?
Network Analysis (PCAP / Zeek / Netflow) turns captured traffic into actionable findings by identifying suspicious communication patterns, extracting transferred objects, and pivoting from IOCs to follow-on analysis.
Core Features & Use Cases
- PCAP orientation and traffic profiling: Capture time range, protocol hierarchy, and top talkers to quickly understand what the dataset contains.
- Threat-relevant protocol interrogation: Perform DNS, HTTP/TLS, and beaconing detection to find DGA behavior, automated tooling, exfil candidates, and C2 patterns.
- Structured enrichment with Zeek: When Zeek logs are available, correlate connections, DNS answers, HTTP metadata, TLS JA3/SNI, and file-transfer artifacts for higher-confidence pivots.
- Pivot-ready outputs: Produce deterministic artifact files (lists and extracted objects) that can feed malware-analysis, memory-analysis netscan cross-references, and IOC tracking.
Quick Start
Run the network-analysis workflow against a case PCAP to generate PCAP metadata, DNS/HTTP findings, beacon candidates, and Zeek-derived summaries for IOC pivoting.
Dependency Matrix
Required Modules
None requiredComponents
Standard package💻 Claude Code Installation
Recommended: Let Claude install automatically. Simply copy and paste the text below to Claude Code.
Please help me install this Skill: Name: Network Analysis (PCAP / Zeek / Netflow) Download link: https://github.com/rjonhaas/SIFTics/archive/main.zip#network-analysis-pcap-zeek-netflow Please download this .zip file, extract it, and install it in the .claude/skills/ directory.
Agent Skills Search Helper
Install a tiny helper to your Agent, search and equip skill from 471,000+ vetted skills library on demand.