MCP.so
登录

mcpcap

@mcpcap

关于 mcpcap

A modular Python MCP (Model Context Protocol) Server for analyzing PCAP files. mcpcap enables LLMs to read and analyze network packet captures with protocol-specific analysis tools that accept local file paths or remote URLs as parameters (no file uploads - provide the path or UR

基本信息

分类

其他

传输方式

stdio

发布者

mcpcap

提交者

danohn

配置

使用下面的配置,将此服务器添加到你的 MCP 客户端。

{
  "mcpServers": {
    "mcpcap": {
      "command": "uvx",
      "args": [
        "mcpcap"
      ]
    }
  }
}

工具

4

Analyze DNS packets from a PCAP file and return comprehensive analysis results. ⚠️ FILE UPLOAD LIMITATION: This MCP tool cannot process files uploaded through Claude's web interface. Files must be accessible via URL or local file path. SUPPORTED INPUT FORMATS: - Remote files: "https://example.com/capture.pcap" - Local files: "/absolute/path/to/capture.pcap" UNSUPPORTED: - Files uploaded through Claude's file upload feature - Base64 file content - Relative file paths Args: pcap_file: HTTP URL or absolute local file path to PCAP file Returns: A structured dictionary containing DNS packet analysis results

Analyze DHCP packets from a PCAP file and return comprehensive analysis results. ⚠️ FILE UPLOAD LIMITATION: This MCP tool cannot process files uploaded through Claude's web interface. Files must be accessible via URL or local file path. SUPPORTED INPUT FORMATS: - Remote files: "https://example.com/capture.pcap" - Local files: "/absolute/path/to/capture.pcap" UNSUPPORTED: - Files uploaded through Claude's file upload feature - Base64 file content - Relative file paths Args: pcap_file: HTTP URL or absolute local file path to PCAP file Returns: A structured dictionary containing DHCP packet analysis results

Analyze ICMP packets from a PCAP file and return comprehensive analysis results. ⚠️ FILE UPLOAD LIMITATION: This MCP tool cannot process files uploaded through Claude's web interface. Files must be accessible via URL or local file path. SUPPORTED INPUT FORMATS: - Remote files: "https://example.com/capture.pcap" - Local files: "/absolute/path/to/capture.pcap" UNSUPPORTED: - Files uploaded through Claude's file upload feature - Base64 file content - Relative file paths Args: pcap_file: HTTP URL or absolute local file path to PCAP file Returns: A structured dictionary containing ICMP packet analysis results

Return metadata from a PCAP file, similar to Wireshark's capinfos utility. IMPORTANT: This tool expects a FILE PATH or URL, not file content. - For local files: "/path/to/capture.pcap" - For remote files: "https://example.com/capture.pcap" - File uploads are NOT supported - save the file locally first Args: pcap_file: Path to local PCAP file or HTTP URL to remote PCAP file (NOT file content - must be a path or URL) Returns: A structured dictionary containing PCAP metadata including: - File information (size, name, encapsulation type) - Packet statistics (count, data size, average sizes) - Temporal data (duration, timestamps, rates)

概览

What is mcpcap?

A modular Python MCP (Model Context Protocol) server for analyzing PCAP files. It enables LLMs to read and analyze network packet captures using protocol-specific analysis tools that accept local file paths or remote URLs as parameters (no file uploads).

How to use mcpcap?

Install with pip install mcpcap, uv add mcpcap, or run with uvx mcpcap. Start the server by running mcpcap (optionally with --modules and --max-packets flags). Configure an MCP client (e.g., Claude Desktop) with {"mcpServers": {"mcpcap": {"command": "mcpcap", "args": []}}}. Then call tools like analyze_dns_packets("/path/to/file.pcap") or analyze_dns_packets("https://example.com/remote.pcap").

Key features of mcpcap

  • Stateless MCP tools accepting file paths or URLs
  • Modular architecture with DNS, DHCP, ICMP, and CapInfos modules
  • Supports local files and HTTP/HTTPS remote PCAPs
  • Leverages scapy for comprehensive packet parsing
  • Offers specialized analysis prompts (security, networking, forensics)
  • Returns structured JSON responses for LLM consumption

Use cases of mcpcap

  • Analyze DNS traffic to detect potential security threats or performance issues
  • Examine DHCP handshakes to audit IP address assignments and rogue servers
  • Investigate ICMP traffic for network connectivity and path analysis
  • Extract PCAP metadata and statistics similar to Wireshark’s capinfos
  • Perform forensic investigation with timeline reconstruction from captured packets

FAQ from mcpcap

What are the runtime requirements?

Python 3.10 or greater, plus the scapy, requests, and fastmcp libraries.

Can mcpcap analyze remote PCAP files?

Yes. Both analysis tools accept HTTP/HTTPS URLs. Files are downloaded automatically to a temporary location and cleaned up after analysis.

How can I limit the number of packets analyzed?

Use the --max-packets N CLI flag when starting the server (e.g., mcpcap --max-packets 1000).

Which protocol modules are available and how do I select them?

Available modules are dns, dhcp, icmp, and capinfos. Use --modules dns,dhcp,icmp,capinfos to load specific ones; the default loads all four.

Are there security considerations when using mcpcap?

PCAP files may contain sensitive network information. Remote downloads use HTTPS when possible, and temporary files are cleaned up automatically. Always consider the source and trustworthiness of remote files.

评论

其他 分类下的更多 MCP 服务器