analyze_pcap_file
Analyze local PCAP/PCAPNG files with configurable filters, output formats, and custom fields using Wireshark/tshark integration for network security insights.
Instructions
Analyze a local pcap/pcapng file. LLMs control all analysis parameters including filters, output formats, and custom fields. Can use saved configurations.
Input Schema
Name | Required | Description | Default |
---|---|---|---|
configName | No | Name of saved configuration to use for analysis parameters | |
customFields | No | Custom tshark field list (only used with outputFormat=fields) | |
displayFilter | No | Wireshark display filter for analysis (e.g., "tls.handshake.type == 1") | |
filePath | Yes | Path to the local .pcap or .pcapng file to analyze. | |
outputFormat | No | Output format: json (-T json), fields (custom -e), or text (default wireshark output) | text |
sslKeylogFile | No | ABSOLUTE path to SSL keylog file for TLS decryption |
Input Schema (JSON Schema)
{
"$schema": "http://json-schema.org/draft-07/schema#",
"additionalProperties": false,
"properties": {
"configName": {
"description": "Name of saved configuration to use for analysis parameters",
"type": "string"
},
"customFields": {
"description": "Custom tshark field list (only used with outputFormat=fields)",
"type": "string"
},
"displayFilter": {
"description": "Wireshark display filter for analysis (e.g., \"tls.handshake.type == 1\")",
"type": "string"
},
"filePath": {
"description": "Path to the local .pcap or .pcapng file to analyze.",
"type": "string"
},
"outputFormat": {
"default": "text",
"description": "Output format: json (-T json), fields (custom -e), or text (default wireshark output)",
"enum": [
"json",
"fields",
"text"
],
"type": "string"
},
"sslKeylogFile": {
"description": "ABSOLUTE path to SSL keylog file for TLS decryption",
"type": "string"
}
},
"required": [
"filePath"
],
"type": "object"
}