MCP.directory

netflows

by BrownFineSecurity
6
0
Source

Network flow extractor that analyzes pcap/pcapng files to identify outbound connections with automatic DNS hostname resolution. Use when you need to enumerate network destinations, identify what hosts a device communicates with, or map IP addresses to hostnames from packet captures.

Install

mkdir -p .claude/skills/netflows && curl -L -o skill.zip "https://mcp.directory/api/skills/download/2827" && unzip -o skill.zip -d .claude/skills/netflows && rm skill.zip

Installs to .claude/skills/netflows

About this skill

NetFlows - Network Flow Extractor with DNS Resolution

You are helping the user extract and analyze network flows from packet capture files using the netflows tool.

Tool Overview

NetFlows analyzes pcap/pcapng files to:

  • Extract unique TCP and UDP flows (destination IP:port pairs)
  • Build a DNS resolution table from DNS responses in the capture
  • Automatically resolve IP addresses to hostnames where possible
  • Filter flows by source IP address
  • Generate a summary of all network destinations contacted

This is particularly useful for IoT device analysis to understand what external services a device communicates with.

Instructions

When the user asks to analyze network flows, extract destinations, or identify what hosts a device talks to:

  1. Gather requirements:

    • Get the pcap/pcapng file path(s)
    • Ask if they want to filter by a specific source IP (e.g., the IoT device's IP)
    • Determine preferred output format

  2. Execute the analysis:

    • Use the netflows command from the iothackbot bin directory

  3. Interpret results:

    • Explain resolved hostnames and their significance
    • Note any unresolved IPs that may need further investigation
    • Highlight interesting patterns (cloud services, P2P connections, etc.)

Usage

Basic Analysis

Analyze a pcap file showing all flows:

netflows capture.pcap

Filter by Source IP

Extract flows from a specific device:

netflows capture.pcap --source-ip 192.168.1.100

Multiple Files

Analyze multiple capture files:

netflows capture1.pcap capture2.pcapng

Output Formats

# Human-readable colored output (default)
netflows capture.pcap --format text

# Machine-readable JSON
netflows capture.pcap --format json

# Minimal output - just hostname:port list
netflows capture.pcap --format quiet

Parameters

Input:

  • pcap_files: One or more pcap/pcapng files to analyze (required)

Filtering:

  • -s, --source-ip: Filter flows originating from this IP address

Output:

  • --format text|json|quiet: Output format (default: text)
  • -v, --verbose: Enable verbose output

Examples

Analyze IoT device traffic:

netflows iot-capture.pcap --source-ip 192.168.1.50

Get just the flow list for scripting:

netflows capture.pcap -s 10.0.0.100 --format quiet

JSON output for parsing:

netflows capture.pcap --format json | jq '.data[].flow_summary'

Output Information

Text format includes:

  • DNS mappings discovered (IP -> hostname)
  • TCP flows with hostname resolution status
  • UDP flows with hostname resolution status
  • Consolidated flow summary (hostname:port or ip:port)

JSON format includes:

  • dns_mappings: Dictionary of IP to hostname mappings
  • tcp_flows: List of TCP flow objects with hostname, ip, port
  • udp_flows: List of UDP flow objects with hostname, ip, port
  • flow_summary: List of "hostname:port" or "ip:port" strings
  • dns_queries: List of DNS domains queried
  • total_packets: Number of packets analyzed

Use Cases

  1. IoT Device Profiling: Identify all cloud services and endpoints an IoT device communicates with
  2. Network Forensics: Enumerate destinations contacted during an incident
  3. Privacy Analysis: Discover telemetry and tracking endpoints
  4. Firewall Rule Creation: Generate allowlist/blocklist of endpoints
  5. Malware Analysis: Identify C2 servers and exfiltration destinations

Important Notes

  • The tool resolves hostnames using DNS responses found within the same pcap file
  • IPs without corresponding DNS lookups in the capture will show as "unresolved"
  • Supports both pcap and pcapng formats
  • Does not require elevated privileges (unlike live capture tools)
  • Large pcap files may take time to process

More by BrownFineSecurity

View all skills by BrownFineSecurity

apktool

BrownFineSecurity

Android APK unpacking and resource extraction tool for reverse engineering. Use when you need to decode APK files, extract resources, examine AndroidManifest.xml, analyze smali code, or repackage modified APKs.

32

onvifscan

BrownFineSecurity

ONVIF device security scanner for testing authentication and brute-forcing credentials. Use when you need to assess security of IP cameras or ONVIF-enabled devices.

220

picocom

BrownFineSecurity

Use picocom to interact with IoT device UART consoles for pentesting operations including device enumeration, vulnerability discovery, bootloader manipulation, and gaining root shells. Use when the user needs to interact with embedded devices, IoT hardware, or serial consoles.

00

iotnet

BrownFineSecurity

IoT network traffic analyzer for detecting IoT protocols and identifying security vulnerabilities in network communications. Use when you need to analyze network traffic, identify IoT protocols, or assess network security of IoT devices.

00

ffind

BrownFineSecurity

Advanced file finder with type detection and filesystem extraction for analyzing firmware and extracting embedded filesystems. Use when you need to analyze firmware files, identify file types, or extract ext2/3/4 or F2FS filesystems.

10

telnetshell

BrownFineSecurity

Use telnet to interact with IoT device shells for pentesting operations including device enumeration, vulnerability discovery, credential testing, and post-exploitation. Use when the user needs to interact with network-accessible shells, IoT devices, or telnet services.

20

You might also like

flutter-development

aj-geddes

Build beautiful cross-platform mobile apps with Flutter and Dart. Covers widgets, state management with Provider/BLoC, navigation, API integration, and material design.

643969

drawio-diagrams-enhanced

jgtolentino

Create professional draw.io (diagrams.net) diagrams in XML format (.drawio files) with integrated PMP/PMBOK methodologies, extensive visual asset libraries, and industry-standard professional templates. Use this skill when users ask to create flowcharts, swimlane diagrams, cross-functional flowcharts, org charts, network diagrams, UML diagrams, BPMN, project management diagrams (WBS, Gantt, PERT, RACI), risk matrices, stakeholder maps, or any other visual diagram in draw.io format. This skill includes access to custom shape libraries for icons, clipart, and professional symbols.

591705

ui-ux-pro-max

nextlevelbuilder

"UI/UX design intelligence. 50 styles, 21 palettes, 50 font pairings, 20 charts, 8 stacks (React, Next.js, Vue, Svelte, SwiftUI, React Native, Flutter, Tailwind). Actions: plan, build, create, design, implement, review, fix, improve, optimize, enhance, refactor, check UI/UX code. Projects: website, landing page, dashboard, admin panel, e-commerce, SaaS, portfolio, blog, mobile app, .html, .tsx, .vue, .svelte. Elements: button, modal, navbar, sidebar, card, table, form, chart. Styles: glassmorphism, claymorphism, minimalism, brutalism, neumorphism, bento grid, dark mode, responsive, skeuomorphism, flat design. Topics: color palette, accessibility, animation, layout, typography, font pairing, spacing, hover, shadow, gradient."

318398

godot

bfollington

This skill should be used when working on Godot Engine projects. It provides specialized knowledge of Godot's file formats (.gd, .tscn, .tres), architecture patterns (component-based, signal-driven, resource-based), common pitfalls, validation tools, code templates, and CLI workflows. The `godot` command is available for running the game, validating scripts, importing resources, and exporting builds. Use this skill for tasks involving Godot game development, debugging scene/resource files, implementing game systems, or creating new Godot components.

339397

nano-banana-pro

garg-aayush

Generate and edit images using Google's Nano Banana Pro (Gemini 3 Pro Image) API. Use when the user asks to generate, create, edit, modify, change, alter, or update images. Also use when user references an existing image file and asks to modify it in any way (e.g., "modify this image", "change the background", "replace X with Y"). Supports both text-to-image generation and image-to-image editing with configurable resolution (1K default, 2K, or 4K for high resolution). DO NOT read the image file first - use this skill directly with the --input-image parameter.

451339

fastapi-templates

wshobson

Create production-ready FastAPI projects with async patterns, dependency injection, and comprehensive error handling. Use when building new FastAPI applications or setting up backend API projects.

304231

Related MCP Servers

Browse all servers
DynatraceDynatrace

Integrate Dynatrace, a leading data observability platform and APM tool, to monitor metrics, security, and network perfo

850 tools
LinkedIn APILinkedIn API

Bridge AI with the LinkedIn API to auto connect, manage profiles, and integrate with Pipedrive for powerful prospecting

570 tools
LinkedIn APILinkedIn API

Leverage LinkedIn API to automate connections, search profiles, manage posts, and enhance sales or recruitment using pow

570 tools
ACP BridgeACP Bridge

ACP Bridge connects Agent Communication Protocol networks to MCP clients, enabling seamless multi-agent workflows and ad

2016 tools
OpenAPI AnalyzerOpenAPI Analyzer

Analyze OpenAPI specifications: load specs, list APIs, search endpoints, detect inconsistencies, and compare schemas eff

100 tools
Markdown to PDFMarkdown to PDF

Easily convert Markdown to PDF using Lightning Network micropayments. Pay per document with QR codes and get a downloada

91 tools

Stay ahead of the MCP ecosystem

Get weekly updates on new skills and servers.