Network Traffic Analysis for LLMs

A stateless Python MCP Server providing protocol-specific tools for analyzing PCAP files. Each tool accepts local files or remote URLs as parameters, making it perfect for Claude Desktop integration.

Get Started View on GitHub
3 Protocol Modules
Python 3.10+ Requirements
MIT License
mcpcap

Key Features

Modular Architecture

Easily extensible architecture allows adding new protocol analyzers without modifying core functionality.

Local & Remote PCAP

Support for both local PCAP files and remote HTTP sources with directory listing capabilities.

Scapy Integration

Leverages the powerful scapy library for comprehensive packet parsing and network analysis.

MCP Protocol

Seamless integration with Large Language Models through the Model Context Protocol.

JSON Output

Structured JSON responses make analysis results easy for LLMs to understand and process.

Security Focus

Built with security analysis in mind, providing insights into network traffic patterns and anomalies.

Protocol Modules

DNS Module

Active

Comprehensive DNS packet analysis with query tracking, domain extraction, and response monitoring.

  • DNS query and response analysis
  • Domain and subdomain identification
  • Query type analysis (A, AAAA, MX, etc.)
  • DNS server identification

DHCP Module

Active

DHCP transaction monitoring with IP assignment tracking and configuration analysis.

  • DHCP transaction tracking
  • IP address lease monitoring
  • Client and server identification
  • Configuration option analysis

ICMP Module

Active

ICMP packet analysis for network diagnostics, connectivity testing, and error detection.

  • Ping request/reply analysis
  • Network connectivity testing
  • Traceroute path tracking
  • Error message detection

HTTP Module

Coming Soon

HTTP/HTTPS traffic analysis for web communication patterns and security assessment.

  • Request/response analysis
  • Header examination
  • Content type detection
  • Security header validation

Quick Start

1

Install mcpcap

Install using pip, uv, or uvx for one-time usage

2

Start the Server

Run mcpcap to start the MCP server

3

Connect & Analyze

Use any MCP-compatible LLM client to analyze traffic

# Using pip
pip install mcpcap

# Using uv
uv add mcpcap

# One-time usage
uvx mcpcap
                        
# Start MCP server
mcpcap

# Then use tools with local files
analyze_dns_packets("/path/to/capture.pcap")
analyze_dhcp_packets("/path/to/dhcp.pcap")
analyze_icmp_packets("/path/to/network.pcap")
                        
# Start MCP server
mcpcap

# Then use tools with remote files
analyze_dns_packets("https://example.com/capture.pcap")
analyze_dhcp_packets("https://example.com/dhcp.pcap")
analyze_icmp_packets("https://example.com/network.pcap")

Ready to analyze your network traffic?

Join developers using mcpcap to bring network analysis capabilities to their LLM applications.

Read Documentation Contribute on GitHub