PCAP

A Python-based MCP Server that analyzes PCAPs with Wireshark-like workflows and exposes focused inspection tools.
  • python

0

GitHub Stars

python

Language

3 months ago

First Indexed

3 weeks ago

Catalog Refreshed

Documentation & install

Readme and setup notes from the catalogue, plus a client-ready config you can copy for your MCP host.

Installation

Add the following to your MCP client configuration file.

Configuration

View docs
{
  "mcpServers": {
    "lissajousx-pcap_mcp": {
      "command": "python3",
      "args": [
        "-m",
        "pcap_mcp"
      ]
    }
  }
}

You can analyze PCAPs with a specialized MCP Server that exposes Wireshark-like workflows as structured tools. It helps you quickly locate issues in 5G signaling, IMS/SIP calls, QoS/策略, and more by automating common packet inspection tasks through a consistent MCP interface.

How to use

You interact with the MCP server using an MCP client or CLI. Start the server, then invoke the available MCP tools to inspect PCAPs, locate relevant frames, drill into details, and stitch together complete conversations across multiple protocols. The tools cover info gathering, field discovery, frame filtering, per-frame detail, timeline construction, text searches, and session follow-ups, all aimed at making troubleshooting faster and more reproducible.

How to install

Prerequisites you need to have before running the MCP server:

  • Python >= 3.10

  • tshark (required) and capinfos (recommended) installed on your system

# Install Python dependencies
pip install -r requirements.txt

# If you want to run from source locally
pip install -e .

Start the MCP server

You can start the MCP server in two ways. The first runs the module directly with Python, the second uses the provided script entry point.

# Start via Python module
python3 -m pcap_mcp

# Start via script entry point
pcap-mcp

Available tools

pcap_config_get

Retrieve the currently loaded configuration snapshot, including profiles and packet_list_columns.

pcap_config_reload

Reload the configuration file without restarting the server.

pcap_list_fields

Discover and search available fields, equivalent to Tshark field listings.

pcap_info

Summarize capture: number of packets, time range, sha256, Tshark version, and protocol coverage.

pcap_frames_by_filter

Return a list of frame numbers matching a given display filter, with pagination.

pcap_timeline

Provide a timeline table by applying a display filter and field set, with pagination.

pcap_frame_detail

Drill into a specific frame. Can restrict to certain protocol layers or output full protocol trees with optional verbosity and byte trimming.

pcap_text_search

Search within the filtered frames for text and generate a snippet detail.

pcap_follow

Follow and extract session-level traces to form complete conversations (e.g., SIP Call-ID, HTTP2 stream ID, Diameter Session-Id).

pcap_packet_list

Export a Wireshark-like Packet List as TSV and provide a preview.

Built by
VeilStrat
AI signals for GTM teams
© 2026 VeilStrat. All rights reserved.All systems operational