medbenali/CyberScanAI

# CyberScanAI

[](https://www.python.org/) [](http://www.gnu.org/licenses/gpl-3.0) [](https://pypi.org/project/cyberscanai) CyberScanAI 是一款用于渗透测试和网络取证的开源 AI Agent 工具。 CyberScanAI 是一个 MCP (Model Context Protocol) 服务器，它将 LLM 连接到工具和 prompts，用于智能化的 AI 网络分析。 ## 截图  ### 主要特性 - **MCP Server**：无状态 MCP Server 向 LLM 暴露工具、资源和 prompts - **MCP 工具**：向 LLM 暴露工具 - **Prompts 分析**：网络、安全和取证 - **协议分析**：DNS、DHCP、ICMP、TCP、SIP - **PCAP 文件分析**：分析 PCAP 文件 - **交互式用户界面 (UI)**：在对话中实时渲染 UI ## 支持的操作系统 - Windows XP/7/8/8.1/10/11 - GNU/Linux - MacOSX ## 安装说明 您可以使用 [pip](https://pypi.org/project/cyberscanai) 安装 CyberScanAI ``` $ pip install cyberscanai ``` CyberScanAI 开箱即用，支持 [Python](http://www.python.org/download/) **3.1.x** 版本。 # CyberScanAI 模块使用说明 [CyberScanAI](https://github.com/medbenali/CyberScanAI) 将 LLM 连接到工具、prompts 和数据，用于智能化的网络分析。 您可以在本机测试 CyberScanAI 的安装： ``` $ cyberscanai -h ``` ## CyberScanAI MCP 服务器 将 CyberScanAI 作为无状态 MCP Server 启动： CyberScanAI 默认的传输方式是 stdio，并加载所有模块。 ``` $ cyberscanai ``` CyberScanAI CLI 用法： ``` $ cyberscanai [--modules MODULES] [--transport {stdio,http}] [--host HOST] [--port PORT] ``` ### 模块 ### 所有模块（默认） ``` $ cyberscanai --modules dns,dhcp,icmp,tcp,sip ``` ### DNS 分析模块 ``` $ cyberscanai --modules dns ``` ### DHCP 分析模块 ``` $ cyberscanai --modules dhcp ``` ### ICMP 分析模块 ``` $ cyberscanai --modules icmp ``` ### TCP 分析模块 ``` $ cyberscanai --modules tcp ``` ### SIP (VOIP) 分析模块 ``` $ cyberscanai --modules sip ``` ### 传输方式 ### stdio（默认） ``` $ cyberscanai ``` ### HTTP 传输 ``` $ cyberscanai --transport http ``` ### 具有自定义 host 和 port 的 HTTP 传输 ``` $ cyberscanai --transport http --host 192.168.1.1 --port 9090 ``` ## 工具 CyberScanAI 支持多种网络分析工具。  ### DNS 分析工具 完整的 DNS 流量分析： - 提取 DNS 查询和响应 - 跟踪查询频率 - 检测 DNS 异常和安全问题 ### DHCP 分析工具 完整的 DHCP 流量分析： - 提取 DHCP 转换 - 识别 DHCP 客户端和服务器 - 检测 DHCP 异常和安全问题 ### ICMP 分析工具 完整的 ICMP 流量分析： - 分析 ping 请求和回复 - 识别网络连通性问题 - 检测 ICMP 攻击问题 ### TCP 分析工具 完整的 TCP 流量分析： - 分析 客户端-服务器 与 服务器-客户端 流量 - 检测连接问题和行为 - 检测 TCP 异常和安全问题 ### SIP (VOIP) 分析工具 完整的 SIP 流量分析： - 提取 SIP 请求 - 支持 VOIP 故障排除 - 检测 VOIP 安全与取证重建 ## 提示词 CyberScanAI 提供专门的 prompts 来指导 LLM 分析。  ### DNS 提示词 - 威胁检测 - 行为分析 - 基础设施评估 ### DHCP 提示词 - 安全威胁 - DHCP 攻击 - 客户端异常 ### ICMP 提示词 - ICMP 攻击 - 网络连通性 - 重建检测 ### TCP 提示词 - 攻击检测 - 异常识别 - 取证证据 ### SIP (VOIP) 提示词 - 注册滥用 - 盗打电话欺诈 - 时间线重建 ## CyberScanAI MCP 客户端 现在，在运行 **CyberScanAI MCP Server** 之后 您可以使用 **CyberScanAI MCP Server** 的工具和 prompts，对从捕获的 pcap 文件中的数据包 进行智能化 AI 分析。 使用 MCP Inspector 运行 **CyberScanAI Client** ``` npm install -g @modelcontextprotocol/inspector npx @modelcontextprotocol/inspector cyberscanai ``` ### DNS 分析工具  ``` { "file": "PCAP_Files/dns.cap", "analysis_timestamp": "2026-04-17T12:11:56.592133", "total_packets_in_file": 249, "dns_packets_found": 14, "dns_packets_analyzed": 14, "statistics": { "queries": 7, "responses": 7, "unique_domains_queried": 7, "unique_domains": [ "www.winpcap.org", "www.google-analytics.com", "www.expoactive.com", "www.google.com", "pagead2.googlesyndication.com", "chrissanders.org", "wireshark.org" ] }, "packets": [ { "packet_number": 1, "timestamp": "2006-12-16T19:22:34.013605", "source_ip": "192.168.0.114", "destination_ip": "205.152.37.23", "protocol": "UDP", "dns_id": 25608, "flags": { "is_response": false, "authoritative": false, "truncated": false, "recursion_desired": true, "recursion_available": false }, "questions": [ { "name": "chrissanders.org", "type": 1, "class": 1 } ], "answers": [], "summary": "Ether / IP / UDP / DNS Qry b'chrissanders.org.'" }, { "packet_number": 2, "timestamp": "2006-12-16T19:22:34.125726", "source_ip": "205.152.37.23", "destination_ip": "192.168.0.114", "protocol": "UDP", "dns_id": 25608, "flags": { "is_response": true, "authoritative": false, "truncated": false, "recursion_desired": true, "recursion_available": true }, "questions": [ { "name": "chrissanders.org", "type": 1, "class": 1 } ], "answers": [ { "name": "chrissanders.org", "type": 1, "class": 1, "ttl": 14400, "address": "208.113.140.24" } ], "summary": "Ether / IP / UDP / DNS Ans 208.113.140.24" }, { "packet_number": 3, "timestamp": "2006-12-16T19:22:35.160668", "source_ip": "192.168.0.114", "destination_ip": "205.152.37.23", "protocol": "UDP", "dns_id": 23048, "flags": { "is_response": false, "authoritative": false, "truncated": false, "recursion_desired": true, "recursion_available": false }, "questions": [ { "name": "www.google-analytics.com", "type": 1, "class": 1 } ], "answers": [], "summary": "Ether / IP / UDP / DNS Qry b'www.google-analytics.com.'" }, { "packet_number": 4, "timestamp": "2006-12-16T19:22:35.188490", "source_ip": "205.152.37.23", "destination_ip": "192.168.0.114", "protocol": "UDP", "dns_id": 23048, "flags": { "is_response": true, "authoritative": false, "truncated": false, "recursion_desired": true, "recursion_available": true }, "questions": [ { "name": "www.google-analytics.com", "type": 1, "class": 1 } ], "answers": [ { "name": "www.google-analytics.com", "type": 5, "class": 1, "ttl": 1626, "cname": "b'www-google-analytics.l.google.com.'" }, { "name": "www-google-analytics.l.google.com", "type": 1, "class": 1, "ttl": 200, "address": "216.239.51.99" }, { "name": "www-google-analytics.l.google.com", "type": 1, "class": 1, "ttl": 200, "address": "216.239.51.104" } ], "summary": "Ether / IP / UDP / DNS Ans b'www-google-analytics.l.google.com.'" }, { "packet_number": 5, "timestamp": "2006-12-16T19:22:35.216450", "source_ip": "192.168.0.114", "destination_ip": "205.152.37.23", "protocol": "UDP", "dns_id": 51209, "flags": { "is_response": false, "authoritative": false, "truncated": false, "recursion_desired": true, "recursion_available": false }, "questions": [ { "name": "pagead2.googlesyndication.com", "type": 1, "class": 1 } ], "answers": [], "summary": "Ether / IP / UDP / DNS Qry b'pagead2.googlesyndication.com.'" }, { "packet_number": 6, "timestamp": "2006-12-16T19:22:35.216911", "source_ip": "192.168.0.114", "destination_ip": "205.152.37.23", "protocol": "UDP", "dns_id": 21262, "flags": { "is_response": false, "authoritative": false, "truncated": false, "recursion_desired": true, "recursion_available": false }, "questions": [ { "name": "www.expoactive.com", "type": 1, "class": 1 } ], "answers": [], "summary": "Ether / IP / UDP / DNS Qry b'www.expoactive.com.'" }, { "packet_number": 7, "timestamp": "2006-12-16T19:22:35.242690", "source_ip": "205.152.37.23", "destination_ip": "192.168.0.114", "protocol": "UDP", "dns_id": 51209, "flags": { "is_response": true, "authoritative": false, "truncated": false, "recursion_desired": true, "recursion_available": true }, "questions": [ { "name": "pagead2.googlesyndication.com", "type": 1, "class": 1 } ], "answers": [ { "name": "pagead2.googlesyndication.com", "type": 5, "class": 1, "ttl": 46880, "cname": "b'pagead2.google.com.'" }, { "name": "pagead2.google.com", "type": 5, "class": 1, "ttl": 392313, "cname": "b'pagead.l.google.com.'" }, { "name": "pagead.l.google.com", "type": 1, "class": 1, "ttl": 37, "address": "72.14.211.104" }, { "name": "pagead.l.google.com", "type": 1, "class": 1, "ttl": 37, "address": "72.14.211.99" } ], "summary": "Ether / IP / UDP / DNS Ans b'pagead2.google.com.'" }, { "packet_number": 8, "timestamp": "2006-12-16T19:22:35.811703", "source_ip": "205.152.37.23", "destination_ip": "192.168.0.114", "protocol": "UDP", "dns_id": 21262, "flags": { "is_response": true, "authoritative": false, "truncated": false, "recursion_desired": true, "recursion_available": true }, "questions": [ { "name": "www.expoactive.com", "type": 1, "class": 1 } ], "answers": [ { "name": "www.expoactive.com", "type": 5, "class": 1, "ttl": 300, "cname": "b'expoactive.com.'" }, { "name": "expoactive.com", "type": 1, "class": 1, "ttl": 300, "address": "72.3.133.240" } ], "summary": "Ether / IP / UDP / DNS Ans b'expoactive.com.'" }, { "packet_number": 9, "timestamp": "2006-12-16T19:22:47.202144", "source_ip": "192.168.0.114", "destination_ip": "205.152.37.23", "protocol": "UDP", "dns_id": 6159, "flags": { "is_response": false, "authoritative": false, "truncated": false, "recursion_desired": true, "recursion_available": false }, "questions": [ { "name": "wireshark.org", "type": 1, "class": 1 } ], "answers": [], "summary": "Ether / IP / UDP / DNS Qry b'wireshark.org.'" }, { "packet_number": 10, "timestamp": "2006-12-16T19:22:47.293308", "source_ip": "205.152.37.23", "destination_ip": "192.168.0.114", "protocol": "UDP", "dns_id": 6159, "flags": { "is_response": true, "authoritative": false, "truncated": false, "recursion_desired": true, "recursion_available": true }, "questions": [ { "name": "wireshark.org", "type": 1, "class": 1 } ], "answers": [ { "name": "wireshark.org", "type": 1, "class": 1, "ttl": 14400, "address": "128.121.50.122" } ], "summary": "Ether / IP / UDP / DNS Ans 128.121.50.122" }, { "packet_number": 11, "timestamp": "2006-12-16T19:22:48.084630", "source_ip": "192.168.0.114", "destination_ip": "205.152.37.23", "protocol": "UDP", "dns_id": 37644, "flags": { "is_response": false, "authoritative": false, "truncated": false, "recursion_desired": true, "recursion_available": false }, "questions": [ { "name": "www.winpcap.org", "type": 1, "class": 1 } ], "answers": [], "summary": "Ether / IP / UDP / DNS Qry b'www.winpcap.org.'" }, { "packet_number": 12, "timestamp": "2006-12-16T19:22:48.085521", "source_ip": "192.168.0.114", "destination_ip": "205.152.37.23", "protocol": "UDP", "dns_id": 56845, "flags": { "is_response": false, "authoritative": false, "truncated": false, "recursion_desired": true, "recursion_available": false }, "questions": [ { "name": "www.google.com", "type": 1, "class": 1 } ], "answers": [], "summary": "Ether / IP / UDP / DNS Qry b'www.google.com.'" }, { "packet_number": 13, "timestamp": "2006-12-16T19:22:48.137861", "source_ip": "205.152.37.23", "destination_ip": "192.168.0.114", "protocol": "UDP", "dns_id": 37644, "flags": { "is_response": true, "authoritative": false, "truncated": false, "recursion_desired": true, "recursion_available": true }, "questions": [ { "name": "www.winpcap.org", "type": 1, "class": 1 } ], "answers": [ { "name": "www.winpcap.org", "type": 1, "class": 1, "ttl": 4736, "address": "128.121.79.138" } ], "summary": "Ether / IP / UDP / DNS Ans 128.121.79.138" }, { "packet_number": 14, "timestamp": "2006-12-16T19:22:48.139437", "source_ip": "205.152.37.23", "destination_ip": "192.168.0.114", "protocol": "UDP", "dns_id": 56845, "flags": { "is_response": true, "authoritative": false, "truncated": false, "recursion_desired": true, "recursion_available": true }, "questions": [ { "name": "www.google.com", "type": 1, "class": 1 } ], "answers": [ { "name": "www.google.com", "type": 5, "class": 1, "ttl": 393857, "cname": "b'www.l.google.com.'" }, { "name": "www.l.google.com", "type": 1, "class": 1, "ttl": 120, "address": "72.14.209.104" }, { "name": "www.l.google.com", "type": 1, "class": 1, "ttl": 120, "address": "72.14.209.99" } ], "summary": "Ether / IP / UDP / DNS Ans b'www.l.google.com.'" } ] } ``` ### DHCP 分析工具  ``` { "file": "PCAP_Files/dhcp.pcap", "total_packets": 4, "dhcp_packets_found": 4, "dhcp_packets_analyzed": 4, "statistics": { "unique_clients_count": 1, "unique_servers_count": 1, "unique_clients": [ "00:0b:82:01:fc:42" ], "unique_servers": [ "192.168.0.1" ], "message_type_counts": { "DISCOVER": 1, "OFFER": 1, "REQUEST": 1, "ACK": 1 }, "transaction_count": 2, "transactions": { "0x00003d1d": [ { "packet_number": 1, "message_type": "DISCOVER", "timestamp": "1102274184.317453" }, { "packet_number": 2, "message_type": "OFFER", "timestamp": "1102274184.317748" } ], "0x00003d1e": [ { "packet_number": 3, "message_type": "REQUEST", "timestamp": "1102274184.387484" }, { "packet_number": 4, "message_type": "ACK", "timestamp": "1102274184.387798" } ] } }, "packets": [ { "packet_number": 1, "timestamp": "1102274184.317453", "src_ip": "0.0.0.0", "dst_ip": "255.255.255.255", "src_port": 68, "dst_port": 67, "op": "Request", "transaction_id": "0x00003d1d", "client_ip": "0.0.0.0", "your_ip": "0.0.0.0", "server_ip": "0.0.0.0", "relay_ip": "0.0.0.0", "client_mac": "00:0b:82:01:fc:42", "options": { "parameter_request_list": [ 1, 3, 6, 42 ] }, "message_type": "DISCOVER", "message_type_code": 1, "client_id": "01:00:0b:82:01:fc:42", "requested_ip": "0.0.0.0" }, { "packet_number": 2, "timestamp": "1102274184.317748", "src_ip": "192.168.0.1", "dst_ip": "192.168.0.10", "src_port": 67, "dst_port": 68, "op": "Reply", "transaction_id": "0x00003d1d", "client_ip": "0.0.0.0", "your_ip": "192.168.0.10", "server_ip": "192.168.0.1", "relay_ip": "0.0.0.0", "client_mac": "00:0b:82:01:fc:42", "options": { "subnet_mask": "255.255.255.0", "renewal_time": "1800 seconds", "rebinding_time": "3150 seconds", "lease_time": "3600 seconds" }, "message_type": "OFFER", "message_type_code": 2, "renewal_time": 1800, "rebinding_time": 3150, "lease_time": 3600, "server_id": "192.168.0.1" }, { "packet_number": 3, "timestamp": "1102274184.387484", "src_ip": "0.0.0.0", "dst_ip": "255.255.255.255", "src_port": 68, "dst_port": 67, "op": "Request", "transaction_id": "0x00003d1e", "client_ip": "0.0.0.0", "your_ip": "0.0.0.0", "server_ip": "0.0.0.0", "relay_ip": "0.0.0.0", "client_mac": "00:0b:82:01:fc:42", "options": { "parameter_request_list": [ 1, 3, 6, 42 ] }, "message_type": "REQUEST", "message_type_code": 3, "client_id": "01:00:0b:82:01:fc:42", "requested_ip": "192.168.0.10", "server_id": "192.168.0.1" }, { "packet_number": 4, "timestamp": "1102274184.387798", "src_ip": "192.168.0.1", "dst_ip": "192.168.0.10", "src_port": 67, "dst_port": 68, "op": "Reply", "transaction_id": "0x00003d1e", "client_ip": "0.0.0.0", "your_ip": "192.168.0.10", "server_ip": "0.0.0.0", "relay_ip": "0.0.0.0", "client_mac": "00:0b:82:01:fc:42", "options": { "renewal_time": "1800 seconds", "rebinding_time": "3150 seconds", "lease_time": "3600 seconds", "subnet_mask": "255.255.255.0" }, "message_type": "ACK", "message_type_code": 5, "renewal_time": 1800, "rebinding_time": 3150, "lease_time": 3600, "server_id": "192.168.0.1" } ] } ``` ### ICMP 分析模块  ``` { "file": "PCAP_Files/icmp.pcap", "analysis_timestamp": "2026-04-17T12:27:53.686138", "total_packets": 16, "icmp_packets_found": 16, "icmp_packets_analyzed": 16, "statistics": { "icmp_type_counts": { "Echo Request": 8, "Echo Reply": 8 }, "unique_sources_count": 3, "unique_destinations_count": 3, "unique_sources": [ "192.168.0.1", "192.168.0.114", "72.14.207.99" ], "unique_destinations": [ "192.168.0.1", "192.168.0.114", "72.14.207.99" ], "echo_sessions": 1, "echo_pairs": { "768": { "requests": 8, "replies": 8 } }, "unreachable_destinations_count": 0, "unreachable_destinations": [] }, "packets": [ { "packet_number": 1, "timestamp": "2006-12-29T04:10:10.660442", "src_ip": "192.168.0.114", "dst_ip": "192.168.0.1", "ip_version": 4, "ttl": 128, "packet_size": 74, "icmp_type": 8, "icmp_code": 0, "icmp_type_name": "Echo Request", "icmp_id": 768, "icmp_seq": 256, "checksum": 18780, "icmp_code_name": "Code 0" }, { "packet_number": 2, "timestamp": "2006-12-29T04:10:10.661527", "src_ip": "192.168.0.1", "dst_ip": "192.168.0.114", "ip_version": 4, "ttl": 127, "packet_size": 74, "icmp_type": 0, "icmp_code": 0, "icmp_type_name": "Echo Reply", "icmp_id": 768, "icmp_seq": 256, "checksum": 20828, "icmp_code_name": "Code 0" }, { "packet_number": 3, "timestamp": "2006-12-29T04:10:11.657215", "src_ip": "192.168.0.114", "dst_ip": "192.168.0.1", "ip_version": 4, "ttl": 128, "packet_size": 74, "icmp_type": 8, "icmp_code": 0, "icmp_type_name": "Echo Request", "icmp_id": 768, "icmp_seq": 512, "checksum": 18524, "icmp_code_name": "Code 0" }, { "packet_number": 4, "timestamp": "2006-12-29T04:10:11.659425", "src_ip": "192.168.0.1", "dst_ip": "192.168.0.114", "ip_version": 4, "ttl": 127, "packet_size": 74, "icmp_type": 0, "icmp_code": 0, "icmp_type_name": "Echo Reply", "icmp_id": 768, "icmp_seq": 512, "checksum": 20572, "icmp_code_name": "Code 0" }, { "packet_number": 5, "timestamp": "2006-12-29T04:10:12.657243", "src_ip": "192.168.0.114", "dst_ip": "192.168.0.1", "ip_version": 4, "ttl": 128, "packet_size": 74, "icmp_type": 8, "icmp_code": 0, "icmp_type_name": "Echo Request", "icmp_id": 768, "icmp_seq": 768, "checksum": 18268, "icmp_code_name": "Code 0" }, { "packet_number": 6, "timestamp": "2006-12-29T04:10:12.659529", "src_ip": "192.168.0.1", "dst_ip": "192.168.0.114", "ip_version": 4, "ttl": 127, "packet_size": 74, "icmp_type": 0, "icmp_code": 0, "icmp_type_name": "Echo Reply", "icmp_id": 768, "icmp_seq": 768, "checksum": 20316, "icmp_code_name": "Code 0" }, { "packet_number": 7, "timestamp": "2006-12-29T04:10:13.657282", "src_ip": "192.168.0.114", "dst_ip": "192.168.0.1", "ip_version": 4, "ttl": 128, "packet_size": 74, "icmp_type": 8, "icmp_code": 0, "icmp_type_name": "Echo Request", "icmp_id": 768, "icmp_seq": 1024, "checksum": 18012, "icmp_code_name": "Code 0" }, { "packet_number": 8, "timestamp": "2006-12-29T04:10:13.659619", "src_ip": "192.168.0.1", "dst_ip": "192.168.0.114", "ip_version": 4, "ttl": 127, "packet_size": 74, "icmp_type": 0, "icmp_code": 0, "icmp_type_name": "Echo Reply", "icmp_id": 768, "icmp_seq": 1024, "checksum": 20060, "icmp_code_name": "Code 0" }, { "packet_number": 9, "timestamp": "2006-12-29T04:10:16.794628", "src_ip": "192.168.0.114", "dst_ip": "72.14.207.99", "ip_version": 4, "ttl": 128, "packet_size": 74, "icmp_type": 8, "icmp_code": 0, "icmp_type_name": "Echo Request", "icmp_id": 768, "icmp_seq": 1280, "checksum": 17756, "icmp_code_name": "Code 0" }, { "packet_number": 10, "timestamp": "2006-12-29T04:10:16.875473", "src_ip": "72.14.207.99", "dst_ip": "192.168.0.114", "ip_version": 4, "ttl": 232, "packet_size": 74, "icmp_type": 0, "icmp_code": 0, "icmp_type_name": "Echo Reply", "icmp_id": 768, "icmp_seq": 1280, "checksum": 19804, "icmp_code_name": "Code 0" }, { "packet_number": 11, "timestamp": "2006-12-29T04:10:17.796100", "src_ip": "192.168.0.114", "dst_ip": "72.14.207.99", "ip_version": 4, "ttl": 128, "packet_size": 74, "icmp_type": 8, "icmp_code": 0, "icmp_type_name": "Echo Request", "icmp_id": 768, "icmp_seq": 1536, "checksum": 17500, "icmp_code_name": "Code 0" }, { "packet_number": 12, "timestamp": "2006-12-29T04:10:17.858014", "src_ip": "72.14.207.99", "dst_ip": "192.168.0.114", "ip_version": 4, "ttl": 232, "packet_size": 74, "icmp_type": 0, "icmp_code": 0, "icmp_type_name": "Echo Reply", "icmp_id": 768, "icmp_seq": 1536, "checksum": 19548, "icmp_code_name": "Code 0" }, { "packet_number": 13, "timestamp": "2006-12-29T04:10:18.797110", "src_ip": "192.168.0.114", "dst_ip": "72.14.207.99", "ip_version": 4, "ttl": 128, "packet_size": 74, "icmp_type": 8, "icmp_code": 0, "icmp_type_name": "Echo Request", "icmp_id": 768, "icmp_seq": 1792, "checksum": 17244, "icmp_code_name": "Code 0" }, { "packet_number": 14, "timestamp": "2006-12-29T04:10:18.859585", "src_ip": "72.14.207.99", "dst_ip": "192.168.0.114", "ip_version": 4, "ttl": 232, "packet_size": 74, "icmp_type": 0, "icmp_code": 0, "icmp_type_name": "Echo Reply", "icmp_id": 768, "icmp_seq": 1792, "checksum": 19292, "icmp_code_name": "Code 0" }, { "packet_number": 15, "timestamp": "2006-12-29T04:10:19.798127", "src_ip": "192.168.0.114", "dst_ip": "72.14.207.99", "ip_version": 4, "ttl": 128, "packet_size": 74, "icmp_type": 8, "icmp_code": 0, "icmp_type_name": "Echo Request", "icmp_id": 768, "icmp_seq": 2048, "checksum": 16988, "icmp_code_name": "Code 0" }, { "packet_number": 16, "timestamp": "2006-12-29T04:10:19.859920", "src_ip": "72.14.207.99", "dst_ip": "192.168.0.114", "ip_version": 4, "ttl": 232, "packet_size": 74, "icmp_type": 0, "icmp_code": 0, "icmp_type_name": "Echo Reply", "icmp_id": 768, "icmp_seq": 2048, "checksum": 19036, "icmp_code_name": "Code 0" } ] } ``` ### TCP 分析工具 #### TCP 连接分析  ``` { "file": "PCAP_Files/tcp-con-lost.pcap", "analysis_timestamp": "2026-04-17T12:36:54.802604", "total_packets": 9, "tcp_packets_found": 9, "filter": { "server_ip": null, "server_port": null }, "summary": { "total_connections": 1, "successful_handshakes": 0, "failed_handshakes": 1, "established_connections": 0, "reset_connections": 0, "normal_close": 0, "active_connections": 1 }, "connections": [ { "client": "10.3.71.7:1043", "server": "10.3.30.1:1048", "state": "active", "handshake_completed": false, "syn_count": 0, "syn_ack_count": 0, "ack_count": 9, "rst_count": 0, "fin_count": 0, "data_packets": 9, "retransmissions": 7, "close_reason": "active", "packet_count": 9 } ], "issues": [ "7 retransmissions detected", "1 failed handshakes" ] } ``` #### TCP 异常分析  ``` { "file": "PCAP_Files/tcp-anomalies.pcap", "analysis_timestamp": "2026-04-17T12:55:20.772116", "filter": { "server_ip": "192.168.1.1", "server_port": 80 }, "statistics": { "total_connections": 0, "total_packets": 0, "handshake": { "successful": 0, "failed": 0, "incomplete": 0 }, "flags": { "syn": 0, "syn_ack": 0, "rst": 0, "fin": 0, "ack": 0 }, "rst_distribution": { "by_source": {}, "by_direction": { "to_server": 0, "from_server": 0, "unknown": 0 }, "connections_with_rst": [] }, "retransmissions": { "total": 0, "by_connection": {}, "rate": 0 }, "connection_states": { "established": 0, "reset": 0, "closed": 0, "unknown": 0 } }, "patterns": [], "summary": { "total_patterns": 0, "by_category": {}, "notable_observations": [] } } ``` #### TCP 重传分析  ``` { "file": "PCAP_Files/tcp-retransmission.pcap", "analysis_timestamp": "2026-04-17T12:42:29.250132", "total_packets": 0, "total_retransmissions": 0, "retransmission_rate": 0, "threshold": 0.02, "exceeds_threshold": false, "by_connection": [], "summary": { "worst_connection": "", "worst_retrans_rate": 0, "connections_above_threshold": 0 } } ``` #### TCP 流量分析  ``` { "file": "PCAP_Files/tcp-traffic.pcap", "analysis_timestamp": "2026-04-23T09:58:35.223370", "server": "10.3.30.1:1048:any", "client_to_server": { "packet_count": 0, "byte_count": 0, "syn_count": 0, "rst_count": 0, "fin_count": 0, "data_packets": 0, "retransmissions": 0 }, "server_to_client": { "packet_count": 0, "byte_count": 0, "syn_count": 0, "rst_count": 0, "fin_count": 0, "data_packets": 0, "retransmissions": 0 }, "analysis": { "asymmetry_ratio": 0, "primary_rst_source": "balanced", "data_flow_direction": "server_heavy", "interpretation": "Balanced RST distribution." } } ``` ### SIP (VOIP) 分析工具  ``` { "file": "PCAP_Files/sip.pcap", "analysis_timestamp": "2026-04-17T13:01:15.089593", "total_packets_in_file": 84, "sip_packets_found": 7, "sip_packets_analyzed": 7, "statistics": { "requests": 3, "responses": 4, "methods": { "ACK": 1, "BYE": 1, "INVITE": 1 }, "response_classes": { "1xx": 2, "2xx": 2 }, "unique_call_ids": 1, "call_ids": [ "158936656982201062716@10.33.6.100" ], "transports": { "TCP": 7 }, "user_agents": [ "GW/v.6.20A.027.012", "IPP/v.6.20A.027.012" ] }, "packets": [ { "packet_number": 1, "timestamp": "2011-07-28T13:54:46.562096", "source_ip": "10.33.6.100", "destination_ip": "10.33.6.101", "source_port": 64802, "destination_port": 5060, "transport": "TCP", "message_type": "request", "start_line": "INVITE sip:201@10.33.6.101;user=phone SIP/2.0", "call_id": "158936656982201062716@10.33.6.100", "cseq": "1 INVITE", "from": ";tag=1c1589367133", "to": "", "contact": "", "user_agent": "IPP/v.6.20A.027.012", "server": "", "via": "SIP/2.0/TCP 10.33.6.100;branch=z9hG4bKac1589375893;alias", "content_type": "application/sdp", "content_length": 228, "body_length": 217, "known_sip_port": true, "headers": { "via": "SIP/2.0/TCP 10.33.6.100;branch=z9hG4bKac1589375893;alias", "max-forwards": "70", "from": ";tag=1c1589367133", "to": "", "call-id": "158936656982201062716@10.33.6.100", "cseq": "1 INVITE", "contact": "", "supported": "em,timer,replaces,path,resource-priority,sdp-anat", "allow": "REGISTER,OPTIONS,INVITE,ACK,CANCEL,BYE,NOTIFY,PRACK,REFER,INFO,SUBSCRIBE,UPDATE", "user-agent": "IPP/v.6.20A.027.012", "content-type": "application/sdp", "content-length": "228" }, "summary": "Ether / IP / TCP 10.33.6.100:64802 > 10.33.6.101:sip PA / Raw", "method": "INVITE", "request_uri": "sip:201@10.33.6.101;user=phone", "sip_version": "SIP/2.0" }, { "packet_number": 2, "timestamp": "2011-07-28T13:54:46.602589", "source_ip": "10.33.6.101", "destination_ip": "10.33.6.100", "source_port": 5060, "destination_port": 64802, "transport": "TCP", "message_type": "response", "start_line": "SIP/2.0 100 Trying", "call_id": "158936656982201062716@10.33.6.100", "cseq": "1 INVITE", "from": ";tag=1c1589367133", "to": ";tag=1c342958875", "contact": "", "user_agent": "", "server": "GW/v.6.20A.027.012", "via": "SIP/2.0/TCP 10.33.6.100;branch=z9hG4bKac1589375893;alias", "content_type": "", "content_length": 0, "body_length": 0, "known_sip_port": true, "headers": { "via": "SIP/2.0/TCP 10.33.6.100;branch=z9hG4bKac1589375893;alias", "from": ";tag=1c1589367133", "to": ";tag=1c342958875", "call-id": "158936656982201062716@10.33.6.100", "cseq": "1 INVITE", "supported": "em,timer,replaces,path,early-session,resource-priority", "allow": "REGISTER,OPTIONS,INVITE,ACK,CANCEL,BYE,NOTIFY,PRACK,REFER,INFO,SUBSCRIBE,UPDATE", "server": "GW/v.6.20A.027.012", "content-length": "0" }, "summary": "Ether / IP / TCP 10.33.6.101:sip > 10.33.6.100:64802 PA / Raw", "status_code": 100, "reason_phrase": "Trying" }, { "packet_number": 3, "timestamp": "2011-07-28T13:54:46.621123", "source_ip": "10.33.6.101", "destination_ip": "10.33.6.100", "source_port": 5060, "destination_port": 64802, "transport": "TCP", "message_type": "response", "start_line": "SIP/2.0 180 Ringing", "call_id": "158936656982201062716@10.33.6.100", "cseq": "1 INVITE", "from": ";tag=1c1589367133", "to": ";tag=1c342958875", "contact": "", "user_agent": "", "server": "GW/v.6.20A.027.012", "via": "SIP/2.0/TCP 10.33.6.100;branch=z9hG4bKac1589375893;alias", "content_type": "", "content_length": 0, "body_length": 0, "known_sip_port": true, "headers": { "via": "SIP/2.0/TCP 10.33.6.100;branch=z9hG4bKac1589375893;alias", "from": ";tag=1c1589367133", "to": ";tag=1c342958875", "call-id": "158936656982201062716@10.33.6.100", "cseq": "1 INVITE", "contact": "", "supported": "em,timer,replaces,path,early-session,resource-priority", "allow": "REGISTER,OPTIONS,INVITE,ACK,CANCEL,BYE,NOTIFY,PRACK,REFER,INFO,SUBSCRIBE,UPDATE", "server": "GW/v.6.20A.027.012", "content-length": "0" }, "summary": "Ether / IP / TCP 10.33.6.101:sip > 10.33.6.100:64802 PA / Raw", "status_code": 180, "reason_phrase": "Ringing" }, { "packet_number": 4, "timestamp": "2011-07-28T13:54:50.905636", "source_ip": "10.33.6.101", "destination_ip": "10.33.6.100", "source_port": 5060, "destination_port": 64802, "transport": "TCP", "message_type": "response", "start_line": "SIP/2.0 200 OK", "call_id": "158936656982201062716@10.33.6.100", "cseq": "1 INVITE", "from": ";tag=1c1589367133", "to": ";tag=1c342958875", "contact": "", "user_agent": "", "server": "GW/v.6.20A.027.012", "via": "SIP/2.0/TCP 10.33.6.100;branch=z9hG4bKac1589375893;alias", "content_type": "application/sdp", "content_length": 225, "body_length": 214, "known_sip_port": true, "headers": { "via": "SIP/2.0/TCP 10.33.6.100;branch=z9hG4bKac1589375893;alias", "from": ";tag=1c1589367133", "to": ";tag=1c342958875", "call-id": "158936656982201062716@10.33.6.100", "cseq": "1 INVITE", "contact": "", "supported": "em,timer,replaces,path,early-session,resource-priority", "allow": "REGISTER,OPTIONS,INVITE,ACK,CANCEL,BYE,NOTIFY,PRACK,REFER,INFO,SUBSCRIBE,UPDATE", "server": "GW/v.6.20A.027.012", "content-type": "application/sdp", "content-length": "225" }, "summary": "Ether / IP / TCP 10.33.6.101:sip > 10.33.6.100:64802 PA / Raw", "status_code": 200, "reason_phrase": "OK" }, { "packet_number": 5, "timestamp": "2011-07-28T13:54:50.933132", "source_ip": "10.33.6.100", "destination_ip": "10.33.6.101", "source_port": 64802, "destination_port": 5060, "transport": "TCP", "message_type": "request", "start_line": "ACK sip:201@10.33.6.101:5060;transport=tcp SIP/2.0", "call_id": "158936656982201062716@10.33.6.100", "cseq": "1 ACK", "from": ";tag=1c1589367133", "to": ";tag=1c342958875", "contact": "", "user_agent": "IPP/v.6.20A.027.012", "server": "", "via": "SIP/2.0/TCP 10.33.6.100;branch=z9hG4bKac1600323074;alias", "content_type": "", "content_length": 0, "body_length": 0, "known_sip_port": true, "headers": { "via": "SIP/2.0/TCP 10.33.6.100;branch=z9hG4bKac1600323074;alias", "max-forwards": "70", "from": ";tag=1c1589367133", "to": ";tag=1c342958875", "call-id": "158936656982201062716@10.33.6.100", "cseq": "1 ACK", "contact": "", "supported": "em,timer,replaces,path,resource-priority", "allow": "REGISTER,OPTIONS,INVITE,ACK,CANCEL,BYE,NOTIFY,PRACK,REFER,INFO,SUBSCRIBE,UPDATE", "user-agent": "IPP/v.6.20A.027.012", "content-length": "0" }, "summary": "Ether / IP / TCP 10.33.6.100:64802 > 10.33.6.101:sip PA / Raw", "method": "ACK", "request_uri": "sip:201@10.33.6.101:5060;transport=tcp", "sip_version": "SIP/2.0" }, { "packet_number": 6, "timestamp": "2011-07-28T13:54:53.057152", "source_ip": "10.33.6.101", "destination_ip": "10.33.6.100", "source_port": 5060, "destination_port": 64802, "transport": "TCP", "message_type": "request", "start_line": "BYE sip:101@10.33.6.100:5060;transport=tcp SIP/2.0", "call_id": "158936656982201062716@10.33.6.100", "cseq": "1 BYE", "from": ";tag=1c342958875", "to": ";tag=1c1589367133", "contact": "", "user_agent": "GW/v.6.20A.027.012", "server": "", "via": "SIP/2.0/TCP 10.33.6.101;branch=z9hG4bKac359152811;alias", "content_type": "", "content_length": 0, "body_length": 0, "known_sip_port": true, "headers": { "via": "SIP/2.0/TCP 10.33.6.101;branch=z9hG4bKac359152811;alias", "max-forwards": "70", "from": ";tag=1c342958875", "to": ";tag=1c1589367133", "call-id": "158936656982201062716@10.33.6.100", "cseq": "1 BYE", "supported": "em,timer,replaces,path,early-session,resource-priority", "allow": "REGISTER,OPTIONS,INVITE,ACK,CANCEL,BYE,NOTIFY,PRACK,REFER,INFO,SUBSCRIBE,UPDATE", "user-agent": "GW/v.6.20A.027.012", "reason": "Q.850 ;cause=16 ;text=\"local\"", "content-length": "0" }, "summary": "Ether / IP / TCP 10.33.6.101:sip > 10.33.6.100:64802 PA / Raw", "method": "BYE", "request_uri": "sip:101@10.33.6.100:5060;transport=tcp", "sip_version": "SIP/2.0" }, { "packet_number": 7, "timestamp": "2011-07-28T13:54:53.088359", "source_ip": "10.33.6.100", "destination_ip": "10.33.6.101", "source_port": 64802, "destination_port": 5060, "transport": "TCP", "message_type": "response", "start_line": "SIP/2.0 200 OK", "call_id": "158936656982201062716@10.33.6.100", "cseq": "1 BYE", "from": ";tag=1c342958875", "to": ";tag=1c1589367133", "contact": "", "user_agent": "", "server": "IPP/v.6.20A.027.012", "via": "SIP/2.0/TCP 10.33.6.101;branch=z9hG4bKac359152811;alias", "content_type": "", "content_length": 0, "body_length": 0, "known_sip_port": true, "headers": { "via": "SIP/2.0/TCP 10.33.6.101;branch=z9hG4bKac359152811;alias", "from": ";tag=1c342958875", "to": ";tag=1c1589367133", "call-id": "158936656982201062716@10.33.6.100", "cseq": "1 BYE", "contact": "", "supported": "em,timer,replaces,path,resource-priority", "allow": "REGISTER,OPTIONS,INVITE,ACK,CANCEL,BYE,NOTIFY,PRACK,REFER,INFO,SUBSCRIBE,UPDATE", "server": "IPP/v.6.20A.027.012", "content-length": "0" }, "summary": "Ether / IP / TCP 10.33.6.100:64802 > 10.33.6.101:sip PA / Raw", "status_code": 200, "reason_phrase": "OK" } ] } ``` ## 联系方式 #### BEN ALI Mohamed ##### 电子邮件 : mohamed.benali@esprit.tn ##### LinkedIn : https://linkedin.com/in/medbenali

标签：AI安全, Chat Copilot, CyberScanAI, DHCP分析, DLL 劫持, DNS分析, ICMP分析, LLM工具, MCP Server, PCAP分析, Python, Red Team, SIP分析, TCP分析, 大语言模型, 开源安全工具, 插件系统, 无后门, 无线安全, 智能分析, 流量监控, 网络协议分析, 网络安全, 网络流量分析, 逆向工具, 逆向工程平台, 速率限制, 隐私保护