mcpacket

Instructions

Implementation Reference

• src/mcpcap/modules/capinfos.py:20-39 (handler)

  The main handler function for the 'analyze_capinfos' tool. It defines the tool interface, input/output schema via type hints and docstring, and delegates processing to the base class's analyze_packets method.
  def analyze_capinfos(self, pcap_file: str) -> dict[str, Any]: """ Return metadata from a PCAP file, similar to Wireshark's capinfos utility. IMPORTANT: This tool expects a FILE PATH or URL, not file content. - For local files: "/path/to/capture.pcap" - For remote files: "https://example.com/capture.pcap" - File uploads are NOT supported - save the file locally first Args: pcap_file: Path to local PCAP file or HTTP URL to remote PCAP file (NOT file content - must be a path or URL) Returns: A structured dictionary containing PCAP metadata including: - File information (size, name, encapsulation type) - Packet statistics (count, data size, average sizes) - Temporal data (duration, timestamps, rates) """ return self.analyze_packets(pcap_file)
• src/mcpcap/core/server.py:53-54 (registration)

  Registration of the analyze_capinfos tool handler with the FastMCP server instance.
  elif module_name == "capinfos": self.mcp.tool(module.analyze_capinfos)
• src/mcpcap/modules/capinfos.py:41-62 (helper)

  Core helper function implementing capinfos-specific logic: reads packets with scapy, computes file metadata and statistics.
  def _analyze_protocol_file(self, pcap_file: str) -> dict[str, Any]: """Perform the actual information gathering on a local PCAP file.""" try: packets = rdpcap(pcap_file) # Generate statistics stats = self._generate_statistics(packets) results = { "file_size_bytes": os.path.getsize(pcap_file), "filename": os.path.basename(pcap_file), "file_encapsulation": self._detect_linktype(pcap_file), } return results | stats except Exception as e: return { "error": f"Error reading PCAP file '{pcap_file}': {str(e)}", "file": pcap_file, }
• src/mcpcap/modules/base.py:43-57 (helper)

  Base class helper that handles local/remote PCAP files, downloads remote ones, validates locals, and calls protocol-specific _analyze_protocol_file.
  def analyze_packets(self, pcap_file: str) -> dict[str, Any]: """Analyze packets from a PCAP file (local or remote). Args: pcap_file: Path to local PCAP file or HTTP URL to remote PCAP file Returns: A structured dictionary containing packet analysis results """ # Check if this is a remote URL or local file if pcap_file.startswith(("http://", "https://")): return self._handle_remote_analysis(pcap_file) else: return self._handle_local_analysis(pcap_file)
• src/mcpcap/modules/capinfos.py:63-92 (helper)

  Helper function to detect and map PCAP linktype to human-readable encapsulation type.
  def _detect_linktype(self, path: str) -> str: """Detect the linktype and try to map it to a human-readable encapsulation type. Args: path: Path to the packet capture Returns: Detected link-layer header (linktype) """ # mapping based on pcap-linktype(7) and https://github.com/wireshark/wireshark/blob/master/wiretap/wtap.c#L656 LINKTYPE_MAP = { 1: "Ethernet", 101: "Raw IP", 105: "IEEE 802.11 Wireless LAN", 113: "Linux cooked-mode capture v1", 228: "Raw IPv4", 229: "Raw IPv6", 276: "Linux cooked-mode capture v2", } try: with PcapReader(path) as reader: linktype = getattr(reader, "linktype", None) except Exception: linktype = None return LINKTYPE_MAP.get( linktype, f"Unknown ({linktype})" if linktype else "Unknown" )