Skip to content

towermac/wireshark-analysis-skill

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

1 Commit
examples
examples
 
 
filters
filters
 
 
references
references
 
 
.gitignore
.gitignore
 
 
README.md
README.md
 
 
skill.md
skill.md
 
 

Repository files navigation

Wireshark Network Traffic Analysis Skill

🔍 Claude Code Skill for comprehensive network packet analysis using Wireshark/tshark.

Overview

This skill provides automated network traffic analysis capabilities for troubleshooting, security investigations, and performance optimization. It's especially useful for AKS/Kubernetes network issues.

Features

  • 7 Problem Categories: TCP, HTTP, DNS, TLS, Performance, Security, Cloud/Container Network
  • 100+ Filters: Pre-built tshark/Wireshark display filters
  • Automated Analysis: Shell scripts for quick health checks
  • Structured Reports: Professional diagnostic report templates
  • AKS/K8s Focus: Special support for Azure Kubernetes Service networking

Problem Categories

Category Description
🔴 TCP Retransmission, RST, Zero Window, Out-of-Order
🟠 HTTP 4xx/5xx errors, slow response, API issues
🟡 DNS NXDOMAIN, SERVFAIL, slow resolution
🟢 TLS Handshake failure, certificate errors
🔵 Performance Latency, throughput, jitter, packet loss
🟣 Security Port scan, DDoS, ARP spoofing, MITM
⚪ Cloud Pod networking, Service issues, NSG, SNAT

Installation

Copy the skill files to your Claude Code skills directory:

cp -r wireshark-analysis ~/.claude/skills/

Requirements

  • tshark (Wireshark CLI)
  • capinfos (part of wireshark-common)
  • tcpdump (optional)

Install on Ubuntu/Debian:

apt-get install -y tshark wireshark-common

Usage

Trigger the skill by mentioning:

  • "分析这个 pcap 文件"
  • "网络抓包分析"
  • "TCP 重传问题"
  • "DNS 解析失败"
  • "HTTP 502 错误"

File Structure

wireshark-analysis/
├── skill.md                    # Main skill file
├── filters/
│   └── common-filters.md       # Filter cheatsheet
├── references/
│   ├── tcp-analysis.md         # TCP troubleshooting
│   ├── dns-analysis.md         # DNS troubleshooting
│   ├── http-analysis.md        # HTTP troubleshooting
│   ├── tls-analysis.md         # TLS/SSL troubleshooting
│   ├── performance-analysis.md # Performance analysis
│   ├── security-analysis.md    # Security analysis
│   └── cloud-network.md        # AKS/K8s networking
└── examples/
    └── sample-analysis-report.md

Quick Start

# Basic analysis
tshark -r capture.pcap -q -z io,phs

# TCP health check
tshark -r capture.pcap -Y "tcp.analysis.retransmission" | wc -l

# DNS errors
tshark -r capture.pcap -Y "dns.flags.rcode != 0" -T fields -e dns.qry.name -e dns.flags.rcode

License

MIT License

Author

Created for AKS Technical Support

About

Claude Code Skill for Wireshark/tshark network traffic analysis

Resources

Readme
Activity

Stars

2 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

 
 
 

Contributors