Network Traffic Analysis for LLMs

A stateless Python MCP Server providing protocol-specific tools for analyzing PCAP files. Tools accept local file paths or remote URLs as parameters - no file uploads, just specify the path or URL to your PCAP file.

Get Started View on GitHub
4 Protocol Modules
Python 3.10+ Requirements
MIT License
mcpcap

Key Features

Modular Architecture

Easily extensible architecture allows adding new protocol analyzers without modifying core functionality.

Local & Remote PCAP

Support for both local PCAP files and remote HTTP sources with directory listing capabilities.

Scapy Integration

Leverages the powerful scapy library for comprehensive packet parsing and network analysis.

MCP Protocol

Seamless integration with Large Language Models through the Model Context Protocol.

JSON Output

Structured JSON responses make analysis results easy for LLMs to understand and process.

Security Focus

Built with security analysis in mind, providing insights into network traffic patterns and anomalies.

Protocol Modules

DNS Module

Active

Comprehensive DNS packet analysis with query tracking, domain extraction, and response monitoring.

  • DNS query and response analysis
  • Domain and subdomain identification
  • Query type analysis (A, AAAA, MX, etc.)
  • DNS server identification

DHCP Module

Active

DHCP transaction monitoring with IP assignment tracking and configuration analysis.

  • DHCP transaction tracking
  • IP address lease monitoring
  • Client and server identification
  • Configuration option analysis

ICMP Module

Active

ICMP packet analysis for network diagnostics, connectivity testing, and error detection.

  • Ping request/reply analysis
  • Network connectivity testing
  • Traceroute path tracking
  • Error message detection

CapInfos Module

Active

PCAP file metadata and statistics analysis, similar to Wireshark's capinfos utility.

  • File information and size analysis
  • Packet statistics and counts
  • Data throughput calculations
  • Link layer encapsulation detection

HTTP Module

Coming Soon

HTTP/HTTPS traffic analysis for web communication patterns and security assessment.

  • Request/response analysis
  • Header examination
  • Content type detection
  • Security header validation

Quick Start

1

Install mcpcap

Install using pip, uv, or uvx for one-time usage

2

Start the Server

Run mcpcap to start the MCP server

3

Connect & Analyze

Provide file paths or URLs to analyze PCAP files (no uploads)

# Using pip
pip install mcpcap

# Using uv
uv add mcpcap

# One-time usage
uvx mcpcap
                        
# Start MCP server
mcpcap

# Then use tools with local file PATHS (not uploads)
analyze_dns_packets("/path/to/capture.pcap")
analyze_dhcp_packets("/path/to/dhcp.pcap")
analyze_icmp_packets("/path/to/network.pcap")
analyze_capinfos("/path/to/capture.pcap")
                        
# Start MCP server
mcpcap

# Then use tools with remote URLs (not uploads)
analyze_dns_packets("https://example.com/capture.pcap")
analyze_dhcp_packets("https://example.com/dhcp.pcap")
analyze_icmp_packets("https://example.com/network.pcap")
analyze_capinfos("https://example.com/capture.pcap")

Ready to analyze your network traffic?

Join developers using mcpcap to bring network analysis capabilities to their LLM applications.

Read Documentation Contribute on GitHub