Server Configuration
Describes the environment variables required to run the server.
| Name | Required | Description | Default |
|---|---|---|---|
No arguments | |||
Tools
Functions exposed to the LLM to take actions
| Name | Description |
|---|---|
| analyze_dns_packets | Analyze DNS packets from a PCAP file and return comprehensive analysis results. ⚠️ FILE UPLOAD LIMITATION: This MCP tool cannot process files uploaded through Claude's web interface. Files must be accessible via URL or local file path. SUPPORTED INPUT FORMATS:
UNSUPPORTED:
Args: pcap_file: HTTP URL or absolute local file path to PCAP file Returns: A structured dictionary containing DNS packet analysis results |
| analyze_dhcp_packets | Analyze DHCP packets from a PCAP file and return comprehensive analysis results. ⚠️ FILE UPLOAD LIMITATION: This MCP tool cannot process files uploaded through Claude's web interface. Files must be accessible via URL or local file path. SUPPORTED INPUT FORMATS:
UNSUPPORTED:
Args: pcap_file: HTTP URL or absolute local file path to PCAP file Returns: A structured dictionary containing DHCP packet analysis results |
| analyze_icmp_packets | Analyze ICMP packets from a PCAP file and return comprehensive analysis results. ⚠️ FILE UPLOAD LIMITATION: This MCP tool cannot process files uploaded through Claude's web interface. Files must be accessible via URL or local file path. SUPPORTED INPUT FORMATS:
UNSUPPORTED:
Args: pcap_file: HTTP URL or absolute local file path to PCAP file Returns: A structured dictionary containing ICMP packet analysis results |
| analyze_capinfos | Return metadata from a PCAP file, similar to Wireshark's capinfos utility. IMPORTANT: This tool expects a FILE PATH or URL, not file content.
Args: pcap_file: Path to local PCAP file or HTTP URL to remote PCAP file (NOT file content - must be a path or URL) Returns: A structured dictionary containing PCAP metadata including: - File information (size, name, encapsulation type) - Packet statistics (count, data size, average sizes) - Temporal data (duration, timestamps, rates) |
| analyze_tcp_connections | Analyze TCP connection states and lifecycle. This is the core tool for TCP connection analysis, solving 80% of TCP-related issues. ⚠️ FILE UPLOAD LIMITATION: This MCP tool cannot process files uploaded through Claude's web interface. Files must be accessible via URL or local file path. SUPPORTED INPUT FORMATS:
UNSUPPORTED:
Args: pcap_file: HTTP URL or absolute local file path to PCAP file server_ip: Optional filter for server IP address server_port: Optional filter for server port detailed: Whether to return detailed connection information Returns: A structured dictionary containing TCP connection analysis results including: - summary: Overall connection statistics - connections: List of individual connections with states - issues: Detected problems |
| analyze_tcp_anomalies | Detect TCP traffic patterns through statistical analysis. This tool analyzes TCP traffic to identify observable patterns without making assumptions about root causes. It provides factual metrics and pattern detection that can be used for further investigation. Args: pcap_file: HTTP URL or absolute local file path to PCAP file server_ip: Optional filter for server IP address server_port: Optional filter for server port Returns: A structured dictionary containing: - statistics: Comprehensive TCP metrics (handshakes, flags, RST distribution, etc.) - patterns: Observable patterns detected in the traffic - summary: High-level summary of findings Detected pattern categories:
The analysis is purely observational - it reports what is seen in the traffic without attempting to diagnose specific issues like "firewall block" or "network congestion". This allows the data to be interpreted in context. |
| analyze_tcp_retransmissions | Analyze TCP retransmission patterns. Args: pcap_file: HTTP URL or absolute local file path to PCAP file server_ip: Optional filter for server IP address threshold: Retransmission rate threshold (default: 2%) Returns: A structured dictionary containing: - total_retransmissions: Total number of retransmissions - retransmission_rate: Overall retransmission rate - by_connection: Per-connection retransmission statistics - summary: Worst connections and threshold violations |
| analyze_traffic_flow | Analyze bidirectional traffic flow characteristics. Identifies traffic direction, asymmetry, RST sources, and data transfer patterns. Args: pcap_file: HTTP URL or absolute local file path to PCAP file server_ip: Server IP address (required) server_port: Optional filter for server port Returns: A structured dictionary containing: - client_to_server: Client-to-server traffic statistics - server_to_client: Server-to-client traffic statistics - analysis: Asymmetry analysis and interpretations |
Prompts
Interactive templates invoked by user choice
| Name | Description |
|---|---|
| security_analysis | Prompt for analyzing DNS traffic from a security perspective |
| network_troubleshooting | Prompt for troubleshooting DNS-related network issues |
| forensic_investigation | Prompt for forensic analysis of DNS traffic |
| dhcp_network_analysis | Prompt for analyzing DHCP traffic from a network perspective |
| dhcp_security_analysis | Prompt for analyzing DHCP traffic from a security perspective |
| dhcp_forensic_investigation | Prompt for forensic analysis of DHCP traffic |
| icmp_network_diagnostics | Prompt for analyzing ICMP traffic from a network diagnostics perspective |
| icmp_security_analysis | Prompt for analyzing ICMP traffic from a security perspective |
| icmp_forensic_investigation | Prompt for forensic analysis of ICMP traffic |
| tcp_connection_troubleshooting | Prompt for troubleshooting TCP connection issues |
| tcp_security_analysis | Prompt for analyzing TCP traffic from a security perspective |
Resources
Contextual data attached and managed by the client
| Name | Description |
|---|---|
No resources | |