get_conversations
Capture network traffic via a specified interface and analyze TCP/UDP conversations for LLM processing. Configure duration to extract real-time statistics for threat hunting, diagnostics, or anomaly detection.
Instructions
Capture live traffic and provide TCP/UDP conversation statistics for LLM analysis
Input Schema
TableJSON Schema
| Name | Required | Description | Default |
|---|---|---|---|
| duration | No | Capture duration in seconds | |
| interface | No | Network interface to capture from (e.g., eth0, en0) | en0 |
Implementation Reference
- index.js:148-178 (handler)The asynchronous handler function that implements the core logic of the 'get_conversations' tool. It uses tshark to capture packets on the specified network interface for a given duration, computes TCP conversation statistics, formats the output, and returns it as text content for LLM analysis.
async (args) => { try { const tsharkPath = await findTshark(); const { interface, duration } = args; const tempPcap = 'temp_capture.pcap'; console.error(`Capturing conversations on ${interface} for ${duration}s`); await execAsync( `${tsharkPath} -i ${interface} -w ${tempPcap} -a duration:${duration}`, { env: { ...process.env, PATH: `${process.env.PATH}:/usr/bin:/usr/local/bin:/opt/homebrew/bin` } } ); const { stdout, stderr } = await execAsync( `${tsharkPath} -r "${tempPcap}" -qz conv,tcp`, { env: { ...process.env, PATH: `${process.env.PATH}:/usr/bin:/usr/local/bin:/opt/homebrew/bin` } } ); if (stderr) console.error(`tshark stderr: ${stderr}`); await fs.unlink(tempPcap).catch(err => console.error(`Failed to delete ${tempPcap}: ${err.message}`)); return { content: [{ type: 'text', text: `TCP/UDP conversation statistics for LLM analysis:\n${stdout}`, }], }; } catch (error) { console.error(`Error in get_conversations: ${error.message}`); return { content: [{ type: 'text', text: `Error: ${error.message}` }], isError: true }; } } - index.js:144-147 (schema)Zod input schema defining parameters for the tool: 'interface' (string, optional, default 'en0') and 'duration' (number, optional, default 5).
{ interface: z.string().optional().default('en0').describe('Network interface to capture from (e.g., eth0, en0)'), duration: z.number().optional().default(5).describe('Capture duration in seconds'), }, - index.js:141-179 (registration)The server.tool() call that registers the 'get_conversations' tool with the MCP server, specifying the name, description, input schema, and handler function.
server.tool( 'get_conversations', 'Capture live traffic and provide TCP/UDP conversation statistics for LLM analysis', { interface: z.string().optional().default('en0').describe('Network interface to capture from (e.g., eth0, en0)'), duration: z.number().optional().default(5).describe('Capture duration in seconds'), }, async (args) => { try { const tsharkPath = await findTshark(); const { interface, duration } = args; const tempPcap = 'temp_capture.pcap'; console.error(`Capturing conversations on ${interface} for ${duration}s`); await execAsync( `${tsharkPath} -i ${interface} -w ${tempPcap} -a duration:${duration}`, { env: { ...process.env, PATH: `${process.env.PATH}:/usr/bin:/usr/local/bin:/opt/homebrew/bin` } } ); const { stdout, stderr } = await execAsync( `${tsharkPath} -r "${tempPcap}" -qz conv,tcp`, { env: { ...process.env, PATH: `${process.env.PATH}:/usr/bin:/usr/local/bin:/opt/homebrew/bin` } } ); if (stderr) console.error(`tshark stderr: ${stderr}`); await fs.unlink(tempPcap).catch(err => console.error(`Failed to delete ${tempPcap}: ${err.message}`)); return { content: [{ type: 'text', text: `TCP/UDP conversation statistics for LLM analysis:\n${stdout}`, }], }; } catch (error) { console.error(`Error in get_conversations: ${error.message}`); return { content: [{ type: 'text', text: `Error: ${error.message}` }], isError: true }; } } );