Skill UI

A comprehensive guide for deep packet inspection and network forensics using Wireshark and tshark. This skill is critical for incident response, where it allows users to capture, filter, and analyze network packet data to identify malicious command-and-control traffic, diagnose complex protocol issues, extract indicators of compromise (IOCs), and reconstruct data exfiltration paths. Use it for validating security rules and understanding network anomalies.

A comprehensive guide to deploying and configuring Suricata, a high-performance IDS/IPS. This skill covers setting up multi-threaded packet capture, integrating Emerging Threats rulesets, generating structured EVE JSON logs, and enabling deep protocol inspection (HTTP, TLS, DNS). It enables real-time threat detection and seamless SIEM integration for centralized security monitoring.

A comprehensive guide for security professionals on detecting and preventing ARP spoofing and poisoning attacks. The skill covers multiple layers of defense, including implementing Dynamic ARP Inspection (DAI) on managed switches, utilizing ARPWatch for continuous monitoring, performing deep packet inspection with Wireshark, and developing custom Python scripts for real-time anomaly detection. Essential for mitigating Man-in-the-Middle (MitM) attacks at Layer 2.

A specialized tool for detecting anomalies within DNP3 (Distributed Network Protocol 3) communications used in critical SCADA and energy sector infrastructure. It employs deep packet inspection and baseline comparison to monitor for unauthorized control commands, protocol violations, suspicious firmware update attempts, and deviations from established operational traffic patterns.

This guide details the process of deploying and configuring Tofino industrial firewalls for critical OT/ICS environments. It provides architectural blueprints and Python-based rule generators to implement deep packet inspection (DPI) for key industrial protocols like Modbus, EtherNet/IP, and S7comm. This ensures granular, protocol-aware access control and robust zone segmentation for safeguarding SCADA and PLCs.

Suricata is a high-performance, open-source network threat detection engine used for deep packet inspection. This skill details the deployment and configuration of Suricata in Intrusion Prevention System (IPS) mode. It covers setting up custom rules, integrating third-party rulesets (like Emerging Threats), and actively blocking malicious traffic in real time, making it essential for robust network security and compliance enforcement.

This tool monitors Modbus TCP communication within SCADA and ICS environments to detect security anomalies. It performs deep packet inspection, baselines normal communication patterns (e.g., typical function code distribution, register access), and applies statistical analysis to identify unauthorized register writes, reconnaissance attempts, or denial-of-service attacks targeting industrial control devices.