pcap-analyzerAnalyze local PCAP/PCAPNG files with tshark to generate detailed network forensics reports including talkers, ports, DNS, TLS, HTTP, and anomaly summaries.
Install via ClawdBot CLI:
clawdbot install marposins/pcap-analyzername: pcap-analyzer
description: Analyze PCAP/PCAPNG files with tshark and produce a structured network-forensics summary (talkers, ports, DNS, TLS, HTTP, anomalies).
homepage: https://www.wireshark.org/docs/man-pages/tshark.html
metadata:
{
"openclaw":
{
"emoji": "🦈",
"requires":
{
"bins": ["tshark", "awk", "sed"],
"files": ["/home/tom/openclaw-tools/pcap_summary.sh"]
},
"notes":
[
"This skill runs local analysis only. It does not exfiltrate the PCAP.",
"Prefer read-only access; do not modify user files."
]
}
}
This skill turns packet captures into a practical report a human can act on. It is designed for lab work, incident triage, and CPENT-style exercises.
A structured report with:
You must provide:
pcap_path: Full path to a .pcap or .pcapng file on this machine.Optional:
focus_host: IP to focus on (filters summaries around that host)time_window: A display filter time window if user specifies (best-effort guidance only)```bash
{baseDir}/scripts/analyze.sh "/full/path/to/capture.pcapng"
Generated Mar 1, 2026
Security analysts use this skill to quickly assess a suspicious PCAP file after a network breach alert, identifying top talkers, anomalous traffic patterns like port scans or beaconing, and extracting indicators such as DNS queries and TLS fingerprints for further investigation.
Students or trainees in cybersecurity certification programs (e.g., CPENT) apply this skill to analyze provided PCAP files, learning to interpret network conversations, service usage, and anomaly detection in a controlled, educational environment without modifying original data.
IT auditors leverage this skill to examine network traffic captures from organizational systems, verifying compliance with policies by summarizing traffic patterns, identifying unauthorized services or ports, and flagging potential data exfiltration attempts in a read-only manner.
Malware researchers analyze PCAP files from sandboxed environments to understand command-and-control communications, extract DNS queries for domain blacklisting, and detect TLS fingerprints associated with malicious payloads, aiding in threat intelligence gathering.
Network engineers use this skill to diagnose issues in captured traffic, identifying retransmission bursts, excessive RSTs, or unusual port activity that may indicate configuration errors or hardware failures, focusing on specific hosts or time windows as needed.
Offer a basic version of this skill for free to individual users or small teams, with premium features like advanced anomaly detection or integration with SIEM systems available via subscription, generating revenue from enterprise customers seeking enhanced network forensics capabilities.
Cybersecurity consulting firms bundle this skill as part of their incident response or audit packages, using it to provide clients with quick, structured reports from PCAP analysis, thereby increasing service value and enabling upselling for deeper investigations.
Integrate this skill into online cybersecurity training platforms or virtual labs, where students pay for access to hands-on exercises involving PCAP analysis, driving revenue through course enrollments or platform licensing agreements with educational institutions.
💬 Integration Tip
Ensure tshark and required binaries are installed on the system; for optimal use, provide clear paths to PCAP files and consider setting focus_host to narrow analysis in large captures.
Google Maps Grounding Lite MCP for location search, weather, and routes via mcporter.
Monitor and control Snapmaker 3D printers (U1 with Moonraker/Klipper). Use when checking print status, temperatures, progress, or controlling prints (pause/resume/cancel). Triggers on "printer", "3D print", "Snapmaker", "print status", "nozzle temp", "bed temp".
Auto-report fail2ban banned IPs to AbuseIPDB and notify via Telegram. Use when monitoring server security, reporting attackers, or checking banned IPs. Watches fail2ban for new bans, reports them to AbuseIPDB, and sends alerts.
Manage printers via CUPS on macOS (discover, add, print, queue, status, wake).
Verify the bead daemon is alive and responsive
Monitor DX clusters for rare station spots, track active DX expeditions, and get daily band activity digests for amateur radio operators.