Skip to main content
Glama
danohn

mcpacket

by danohn
OverviewSchemaRelated ServersScoreDiscussions
Python
Hybrid

analyze_dns_packets

Analyzes DNS packets from PCAP files to identify network issues and security threats. Supports remote URLs and local file paths for packet capture analysis.

Instructions

Analyze DNS packets from a PCAP file and return comprehensive analysis results.

⚠️ FILE UPLOAD LIMITATION: This MCP tool cannot process files uploaded through Claude's web interface. Files must be accessible via URL or local file path.

SUPPORTED INPUT FORMATS:

  • Remote files: "https://example.com/capture.pcap"

  • Local files: "/absolute/path/to/capture.pcap"

UNSUPPORTED:

  • Files uploaded through Claude's file upload feature

  • Base64 file content

  • Relative file paths

Args: pcap_file: HTTP URL or absolute local file path to PCAP file

Returns: A structured dictionary containing DNS packet analysis results

Input Schema

TableJSON Schema
NameRequiredDescriptionDefault
pcap_fileYes

Implementation Reference

  • src/mcpcap/modules/dns.py:20-42 (handler)
    The primary handler function for the 'analyze_dns_packets' tool. It accepts a PCAP file path or URL and delegates to the shared analysis pipeline.
    def analyze_dns_packets(self, pcap_file: str) -> dict[str, Any]:
    """
    Analyze DNS packets from a PCAP file and return comprehensive analysis results.

    ⚠️  FILE UPLOAD LIMITATION: This MCP tool cannot process files uploaded through
    Claude's web interface. Files must be accessible via URL or local file path.

    SUPPORTED INPUT FORMATS:
    - Remote files: "https://example.com/capture.pcap"
    - Local files: "/absolute/path/to/capture.pcap"

    UNSUPPORTED:
    - Files uploaded through Claude's file upload feature
    - Base64 file content
    - Relative file paths

    Args:
        pcap_file: HTTP URL or absolute local file path to PCAP file

    Returns:
        A structured dictionary containing DNS packet analysis results
    """
    return self.analyze_packets(pcap_file)
  • src/mcpcap/core/server.py:50-51 (registration)
    Tool registration in the MCP server, binding the analyze_dns_packets method as an MCP tool.
    if module_name == "dns":
    self.mcp.tool(module.analyze_dns_packets)
  • src/mcpcap/modules/dns.py:44-96 (helper)
    Protocol-specific analysis method that loads PCAP, filters DNS packets, analyzes them individually, generates statistics, and handles errors.
    def _analyze_protocol_file(self, pcap_file: str) -> dict[str, Any]:
    """Perform the actual DNS packet analysis on a local PCAP file."""
    try:
        packets = rdpcap(pcap_file)
        dns_packets = [pkt for pkt in packets if pkt.haslayer(DNS)]

        if not dns_packets:
            return {
                "file": pcap_file,
                "total_packets": len(packets),
                "dns_packets_found": 0,
                "message": "No DNS packets found in this capture",
            }

        # Apply max_packets limit if specified
        packets_to_analyze = dns_packets
        limited = False
        if self.config.max_packets and len(dns_packets) > self.config.max_packets:
            packets_to_analyze = dns_packets[: self.config.max_packets]
            limited = True

        packet_details = []
        for i, pkt in enumerate(packets_to_analyze, 1):
            packet_info = self._analyze_dns_packet(pkt, i)
            packet_details.append(packet_info)

        # Generate statistics
        stats = self._generate_statistics(packet_details)

        result = {
            "file": pcap_file,
            "analysis_timestamp": datetime.now().isoformat(),
            "total_packets_in_file": len(packets),
            "dns_packets_found": len(dns_packets),
            "dns_packets_analyzed": len(packet_details),
            "statistics": stats,
            "packets": packet_details,
        }

        # Add information about packet limiting
        if limited:
            result["note"] = (
                f"Analysis limited to first {self.config.max_packets} DNS packets due to --max-packets setting"
            )

        return result

    except Exception as e:
        return {
            "error": f"Error reading PCAP file '{pcap_file}': {str(e)}",
            "file": pcap_file,
        }
  • src/mcpcap/modules/base.py:43-56 (helper)
    Shared base class method that handles local and remote PCAP file processing, downloading remote files if needed, and invoking the protocol-specific analyzer.
    def analyze_packets(self, pcap_file: str) -> dict[str, Any]:
    """Analyze packets from a PCAP file (local or remote).

    Args:
        pcap_file: Path to local PCAP file or HTTP URL to remote PCAP file

    Returns:
        A structured dictionary containing packet analysis results
    """
    # Check if this is a remote URL or local file
    if pcap_file.startswith(("http://", "https://")):
        return self._handle_remote_analysis(pcap_file)
    else:
        return self._handle_local_analysis(pcap_file)
Install Server

Other Tools

Latest Blog Posts

MCP directory API

We provide all the information about MCP servers via our MCP API.

curl -X GET 'https://glama.ai/api/mcp/v1/servers/danohn/mcpacket'

If you have feedback or need assistance with the MCP directory API, please join our Discord server