mcpcap Documentation

A modular Python MCP (Model Context Protocol) server for analyzing PCAP files. mcpcap provides stateless analysis tools that accept a local file path or remote URL at call time, making it a good fit for Claude Desktop and other MCP clients.

Features

• Stateless MCP Tools: Each analysis tool accepts PCAP file paths or URLs as parameters

• Protocol Support: DNS, DHCP, ICMP, TCP, SIP, and CapInfos analysis

• Local & Remote Files: Analyze files from local storage or HTTP URLs

• Specialized Prompts: Security, networking, and forensic analysis guidance

• Robust Analysis: Comprehensive packet parsing with error handling

• Claude Desktop Ready: Perfect integration with MCP clients

Quick Start

Install mcpcap:

pip install mcpcap

Start the MCP server:

mcpcap

Or expose an HTTP MCP endpoint:

mcpcap --transport http --host 127.0.0.1 --port 8080

Then use analysis tools with any PCAP file:

analyze_dns_packets("/path/to/dns.pcap")
analyze_dhcp_packets("https://example.com/dhcp.pcap")
analyze_icmp_packets("/path/to/network.pcap")
analyze_tcp_connections("/path/to/tcp-session.pcap")
analyze_sip_packets("/path/to/voip-signaling.pcap")
analyze_capinfos("/path/to/capture.pcap")

User Guide

• Installation
  • Using pip (Recommended)
  • Using uv
  • Using uvx (One-time usage)
  • Development Installation
  • Verify Installation
  • Dependencies
  • Troubleshooting
• Quick Start Guide
  • 1. Install mcpcap
  • 2. Start the MCP Server
  • 3. Connect with an MCP Client
  • 4. Analyze PCAP Files
  • 5. Use Analysis Prompts
  • 6. Example Workflow
  • 7. Configuration Options
  • 8. Testing with Examples
  • Next Steps
  • Troubleshooting
• MCP Client Integration
  • What mcpcap exposes
  • Claude Desktop
  • HTTP MCP Clients
  • MCP Inspector
  • Custom Python Client
  • Tool model
  • Prompt support
  • Input expectations
  • Usage examples
  • Troubleshooting
• Analysis Guides
  • DNS Analysis Fundamentals
  • Security Analysis
  • Network Troubleshooting
  • Forensic Investigation
  • Advanced Techniques
  • Best Practices
  • DHCP Analysis Fundamentals
  • ICMP Analysis Fundamentals

API Reference

• Core Components
  • Configuration Management
  • MCP Server
• Analysis Modules
  • Base Module
  • DNS Module
  • DHCP Module
  • ICMP Module
  • TCP Module
  • SIP Module
  • CapInfos Module
• Command Line Interface
  • CLI Module

Developer Guide

• Contributing Guide
  • Quick Links
  • Getting Started
  • Creating New Modules
  • Development Workflow
  • Testing Guidelines
  • Code Style Guidelines
  • Documentation Standards
  • Performance Considerations
  • Security Considerations
  • Getting Help
  • Release Process
• Module Creation Tutorial
  • Overview
  • Prerequisites
  • Step 1: Create the Module File
  • Step 2: Register the Module
  • Step 3: Update CLI Configuration
  • Step 4: Create Tests
  • Step 5: Test Your Module
  • Step 6: Test Integration
  • Step 7: Create Sample Data
  • Step 8: Update Documentation
  • Advanced Features
  • Troubleshooting
  • Next Steps

Indices and tables

• Index

• Module Index

• Search Page