Skip to main content
Glama
operantlabs

operant-mcp

Official
by operantlabs
OverviewSchemaRelated ServersScoreDiscussions
TypeScript
Local

pcap_follow_stream

Extract and analyze specific TCP/UDP/HTTP communication streams from PCAP files to examine network traffic content for security testing and forensics.

Instructions

Follow a TCP/UDP/HTTP stream in a PCAP. Returns stream_content, stream_num, and protocol. Read-only file analysis.

Input Schema

TableJSON Schema
NameRequiredDescriptionDefault
pcap_pathYesPath to the PCAP file
stream_numYesTCP stream number to follow
protocolNoStream protocoltcp

Implementation Reference

  • src/tools/pcap.ts:222-251 (handler)
    The implementation of the pcap_follow_stream tool in src/tools/pcap.ts, which uses tshark to follow TCP/UDP/HTTP streams.
    server.tool(
  "pcap_follow_stream",
  "Follow a TCP/UDP/HTTP stream in a PCAP. Returns stream_content, stream_num, and protocol. Read-only file analysis.",
  {
    pcap_path: z.string().describe("Path to the PCAP file"),
    stream_num: z.number().min(0).describe("TCP stream number to follow"),
    protocol: z
      .enum(["tcp", "udp", "http"])
      .describe("Stream protocol")
      .default("tcp"),
  },
  async ({ pcap_path, stream_num, protocol }) => {
    requireTool("tshark");
    const pcap = validatePcap(pcap_path);

    const res = await runCmd("tshark", [
      "-r", pcap,
      "-z", `follow,${protocol},ascii,${stream_num}`,
      "-q",
    ]);

    const result = {
      stream_num,
      protocol,
      stream_content: res.stdout.slice(0, 5000),
    };

    return { content: [{ type: "text", text: JSON.stringify(result, null, 2) }] };
  }
);
  • src/tools/pcap.ts:233-250 (handler)
    The handler implementation for 'pcap_follow_stream', which uses 'tshark' to extract and return stream content from a PCAP file.
    async ({ pcap_path, stream_num, protocol }) => {
  requireTool("tshark");
  const pcap = validatePcap(pcap_path);

  const res = await runCmd("tshark", [
    "-r", pcap,
    "-z", `follow,${protocol},ascii,${stream_num}`,
    "-q",
  ]);

  const result = {
    stream_num,
    protocol,
    stream_content: res.stdout.slice(0, 5000),
  };

  return { content: [{ type: "text", text: JSON.stringify(result, null, 2) }] };
}
  • src/tools/pcap.ts:222-232 (registration)
    Registration of the 'pcap_follow_stream' tool, including its schema definition.
    server.tool(
  "pcap_follow_stream",
  "Follow a TCP/UDP/HTTP stream in a PCAP. Returns stream_content, stream_num, and protocol. Read-only file analysis.",
  {
    pcap_path: z.string().describe("Path to the PCAP file"),
    stream_num: z.number().min(0).describe("TCP stream number to follow"),
    protocol: z
      .enum(["tcp", "udp", "http"])
      .describe("Stream protocol")
      .default("tcp"),
  },
Install Server

Other Tools

Latest Blog Posts

MCP directory API

We provide all the information about MCP servers via our MCP API.

curl -X GET 'https://glama.ai/api/mcp/v1/servers/operantlabs/operant-mcp'

If you have feedback or need assistance with the MCP directory API, please join our Discord server