PacketMaster
Provides tools for analyzing PCAP files using Wireshark's tshark and capinfos, enabling network troubleshooting and packet analysis.
Click on "Install Server".
Wait a few minutes for the server to deploy. Once ready, it will show a "Started" state.
In the chat, type
@followed by the MCP server name and your instructions, e.g., "@PacketMasterrun a quick network scan on the pcap at /tmp/capture.pcap"
That's it! The server will respond to your query, and you can continue using it as needed.
Here is a step-by-step guide with screenshots.
PacketMaster
MCP server for network-troubleshooting PCAP analysis via tshark. Pairs with Cursor skills pcap-troubleshooting (domain workflows) and packetmaster-mcp (MCP tool usage).
Prerequisites
Python 3.10+
uv (recommended) or pip
Wireshark with CLI tools:
tshark,capinfos
brew install wireshark # macOS
PacketMaster auto-detects `/Applications/Wireshark.app/Contents/MacOS/tshark` if not on PATH.Related MCP server: Wireshark MCP
Install
cd "/Users/networkze/Documents/Claude Projects/PacketMaster"
uv sync --extra devCursor MCP Configuration
Install the launcher (once), then add to ~/.cursor/mcp.json:
mkdir -p ~/.packetmaster-mcp
cp scripts/start-mcp.sh ~/.packetmaster-mcp/start-mcp.sh
chmod +x ~/.packetmaster-mcp/start-mcp.sh{
"mcpServers": {
"packetmaster": {
"command": "/Users/networkze/.packetmaster-mcp/start-mcp.sh",
"env": {
"FASTMCP_SHOW_SERVER_BANNER": "false"
}
}
}
}Uses a launcher script (like flipper-zero) because Cursor can break uv run paths that contain spaces.
PCAP paths must be absolute. By default any readable .pcap on disk is allowed. Set PM_ALLOWED_DIRS only if you want an opt-in sandbox.
Environment Variables
Variable | Default | Description |
| (unset) | Optional colon-separated allowlist; when set, paths must stay inside |
| false | If true, |
| 10GB | Max PCAP file size |
| 10000 | Max packets per extraction request |
| 10MB | Max subprocess stdout |
| 300 | Subprocess timeout (seconds) |
| 500MB | Skip SHA-256 above this size unless requested |
| true | Redact credentials in stream/field output |
| auto | Override tshark binary path |
Tools
Tool | Description |
| Verify tshark/capinfos installation |
| capinfos + optional SHA-256 |
| Protocol distribution |
| Top conversations by bytes |
| Top IP endpoints |
| Wireshark expert information |
| TCP retrans/dup ACK/zero window/OOO/RST |
| Per-flow RTT statistics |
| Traffic over time |
| Paginated field extraction |
| Follow TCP/UDP/HTTP/TLS stream (redacted) |
| Packet summaries by display filter |
| Start here — wlan vs ethernet + tool routing |
| EPC/SPAN — DHCP, DNS, ICMP, VLAN, L2 infra, TCP |
| DHCP phases, stuck patterns, optional MAC filter |
| DNS queries/responses, NXDOMAIN, top names |
| One-sided capture / path asymmetry heuristics |
| L3 TCP-focused composite (alternate to wired scan) |
| Deep dive between two IPs |
| 802.11 monitor — retries, mgmt, roaming, BSSIDs |
| Deep dive on one STA by MAC |
| 802.11k/v roam timeline for one STA |
Workflow with NetOps EPC
Capture via
ios_xe_epc_capture_run(user-netops MCP) withpull_pcap=trueRun
pm_troubleshoot_quick_scanon the returnedlocal_pathDrill down with
pm_troubleshoot_flowon suspect IPs
Development
uv run pytest -q
uv run packetmaster-mcp # stdio MCP serverSecurity
PCAP paths must be absolute; optional
PM_ALLOWED_DIRSsandbox for locked-down setupsSymlinks rejected
Stream/field output redacts Authorization, Bearer tokens, passwords by default
Confirm with user before
pm_follow_streamon production captures
Maintenance
Resources
Unclaimed servers have limited discoverability.
Looking for Admin?
If you are the server author, to access and configure the admin panel.
Latest Blog Posts
- Your AI Chatbot Just Exposed Your CEO's Salary to an InternBy Om-Shree-0709 on .Agent IdentityMCP SecurityOAuth Delegation
- Why MCP Servers Need Execution Sandboxing (And Why Your Current Stack Isn't Enough)By Om-Shree-0709 on .Agentic AiPrompt InjectionWebAssembly
MCP directory API
We provide all the information about MCP servers via our MCP API.
curl -X GET 'https://glama.ai/api/mcp/v1/servers/Jctechbr/PacketMaster'
If you have feedback or need assistance with the MCP directory API, please join our Discord server