network-traffic-forensics
by LocoLoboZ
Professional network forensics and packet analysis for incident response and security investigations.
- Reconstruct network events from PCAP evidence during a security incident.
- Extract and document IoCs from suspicious DNS and HTTP traffic logs.
- Generate structured forensic reports for executive and technical stakeholders.
$15
· or 75 creditsSecure checkout via Stripe
Included in download
- Reconstruct network events from PCAP evidence during a security incident.
- Extract and document IoCs from suspicious DNS and HTTP traffic logs.
- terminal automation included
- Ready for including Claude Code
Sample input
Analyse this tshark conversation summary and DNS query export from a suspected data exfiltration incident. The capture covers a 6-hour window on 2026-04-14. I need a structured forensic report with an indicator of compromise table, a timeline of suspicious events, and recommended next actions. This is an authorised investigation under case reference IR-2026-041.
Sample output
The skill produces a structured forensic report covering scope and evidence basis, capture metadata and integrity notes, key observations from DNS and conversation analysis, a suspicious communications table, an indicator of compromise register with source, timestamp, and confidence rating, a timeline of material events, and recommended validation actions. Evidence gaps such as encrypted traffic, truncated capture windows, or missing corroborating logs are explicitly noted rather than estimated around.
Professional network forensics and packet analysis for incident response and security investigations.
$15
· or 75 creditsSecure checkout via Stripe
Included in download
- Reconstruct network events from PCAP evidence during a security incident.
- Extract and document IoCs from suspicious DNS and HTTP traffic logs.
- terminal automation included
- Ready for including Claude Code
- Instant install
Sample input
Analyse this tshark conversation summary and DNS query export from a suspected data exfiltration incident. The capture covers a 6-hour window on 2026-04-14. I need a structured forensic report with an indicator of compromise table, a timeline of suspicious events, and recommended next actions. This is an authorised investigation under case reference IR-2026-041.
Sample output
The skill produces a structured forensic report covering scope and evidence basis, capture metadata and integrity notes, key observations from DNS and conversation analysis, a suspicious communications table, an indicator of compromise register with source, timestamp, and confidence rating, a timeline of material events, and recommended validation actions. Evidence gaps such as encrypted traffic, truncated capture windows, or missing corroborating logs are explicitly noted rather than estimated around.
About This Skill
What it does
This skill enables AI agents to perform professional-grade network traffic forensics and incident analysis. It processes packet captures (PCAP), flow records, and tool outputs (like tshark, Zeek, or Wireshark) to reconstruct security incidents, identify suspicious communications, and document findings in a structured forensic report.
Why use this skill
Manual network analysis is time-consuming and prone to oversight. This skill provides a structured methodology for forensic investigations, ensuring that indicators of compromise (IoCs), lateral movement, and exfiltration attempts are systematically identified. Unlike generic AI prompting, this skill enforces forensic rigor, maintaining a chain of custody, distinguishing between facts and hypotheses, and highlighting evidence gaps.
Supported analysis types
- Traffic Reconstruction: Beaconing detection, lateral movement mapping, and protocol misuse.
- Metadata Analysis: Deep dives into DNS queries, HTTP headers, TLS SNI, and certificate chains.
- Forensic Reporting: Generation of executive summaries, IoC tables, and chronological timelines.
- Validation: Alignment of network evidence with endpoint logs and threat intelligence.
The Output
The skill produces a detailed forensic dossier including an evidence inventory, an analyst-grade timeline of events, a categorized list of IoCs, and concrete validation actions for incident response teams.
Use Cases
- Reconstruct network events from PCAP evidence during a security incident.
- Extract and document IoCs from suspicious DNS and HTTP traffic logs.
- Generate structured forensic reports for executive and technical stakeholders.
- Identify lateral movement and Command & Control (C2) beaconing patterns.
- Validate suspected data exfiltration using flow records and packet metadata.
Known Limitations
- Cannot perform live packet capture; requires provided files or logs.
- Does not support encrypted payload decryption without provided keys.
- Not a replacement for real-time IDS/IPS systems.
How to Install
mkdir -p ~/.claude/skills && curl -sL https://www.agensi.io/api/install/network-traffic-forensics -o /tmp/network-traffic-forensics.zip && unzip -o /tmp/network-traffic-forensics.zip -d ~/.claude/skills && rm /tmp/network-traffic-forensics.zipFree skills install directly. Paid skills require purchase - use the download button above after buying.
Reviews
No reviews yet - be the first to share your experience.
Only users who have downloaded or purchased this skill can leave a review.
Early access skill
Be the first to review this skill.
Only users who have downloaded or purchased this skill can leave a review.
Security Scanned
Passed automated security review
Permissions
Works with any agent that supports the Universal SKILL.md standard, including Claude Code, Codex CLI, Cursor, VS Code Copilot, Gemini CLI, OpenClaw, and 20+ compatible agents.
Creator
I design and publish skills built from real professional practice across three areas: cyber security consulting, business operations, and AI workflow engineering. My cyber security skills draw on active advisory work spanning governance, risk, compliance, assurance, and executive reporting. They are built for practitioners who need structured, defensible outputs - not generic templates. My business operations skills cover the day-to-day work of running a consulting practice: bookkeeping, financial tracking, expense reconciliation, and marketing content - designed to reduce repetitive overhead and keep outputs consistent. My AI platform and workflow skills are built for people who want to get more out of Claude and similar platforms - covering prompt engineering, skill architecture, automation pipelines, and agent enhancement. Every skill I publish has been tested in production use before it reaches the marketplace. If it is here, it works.
Frequently Asked Questions
Learn More About AI Agent Skills
More Premium Skills
designing-hybrid-context-layers
Architects the right retrieval strategy for every query — teaching your agent when to use RAG, a knowledge graph, or a temporal index instead of defaulting to vector search for everything.
ai-automation-qa-pack
Professional QA & UAT documentation generator for AI automation agencies and complex agent deployments.
Bounty Security Pattern Master Library — 399 Vulnerability Patterns
A premium library of 399 vulnerability patterns and DeFi attack vectors for AI-driven bug hunting and security audits.
Multi-Agent Orchestration Master Library
Transform Claude Code into a coordinated multi-agent system. Battle-tested tmux orchestration patterns, YAML task queues, event-driven communication, and parallel worker management for 8+ agents.