PCAP Analyzer Server
БесплатноНе проверенEnables natural language analysis of network packet captures, including protocol detection, flow analysis, and security threat identification, integrated with A
Описание
Enables natural language analysis of network packet captures, including protocol detection, flow analysis, and security threat identification, integrated with AI assistants.
README
A powerful network packet analysis tool with Model Context Protocol (MCP) integration for seamless LLM interaction. Analyze network traffic using natural language commands through AI assistants like GitHub Copilot, Claude, or ChatGPT.
🌟 Features
🚀 Core Analysis Capabilities
- Protocol Detection: TCP, UDP, HTTP, HTTPS, QUIC
- Flow Analysis: Bidirectional traffic patterns with timing and throughput
- Port Analysis: Detailed analysis of specific ports with security insights
- IP Analysis: Inbound/outbound traffic analysis for specific hosts
- Security Detection: Automatic identification of scanning, reconnaissance, and anomalous patterns
🤖 MCP Integration
- Natural Language Interface: Ask AI assistants to analyze network traffic
- VS Code Integration: Works with GitHub Copilot and other LLM extensions
- Real-time Analysis: Interactive PCAP analysis through conversational AI
- Automated Reporting: AI-generated security assessments and recommendations
🛡️ Security Features
- Threat Detection: Identifies network scanning and reconnaissance attempts
- Anomaly Detection: Flags unusual traffic patterns and failed connections
- Attack Pattern Recognition: Detects coordinated scanning campaigns
- Security Reporting: Detailed threat analysis with actionable recommendations
📋 Prerequisites
- Python 3.8+
- Scapy library for packet analysis
- FastMCP framework for LLM integration
- VS Code (optional, for MCP integration)
🚀 Quick Start
1. Installation
# Clone the repository
git clone <your-repo-url>
cd PCAP_Analyser
# Install dependencies
pip install -r requirements.txt
2. Basic Usage
Direct Python Analysis
from simple_analyzer import SimpleProtocolAnalyzer
# Create analyzer instance
analyzer = SimpleProtocolAnalyzer()
# Analyze PCAP file
results = analyzer.analyze_pcap('path/to/your/capture.pcap')
# Filter by port
port_flows = analyzer.filter_by_port(443)
# Filter by IP
ip_flows = analyzer.filter_by_ip('192.168.1.1')
MCP Server Mode (for AI Integration)
# Start MCP server
python3 mcp_server.py --mcp
# The server will listen for LLM requests
3. VS Code + AI Integration
- Configure VS Code MCP (create
.vscode/mcp.json):
{
"mcpServers": {
"pcap-analyzer": {
"command": "python3",
"args": ["mcp_server.py", "--mcp"],
"cwd": "/path/to/PCAP_Analyser",
"env": {
"PYTHONPATH": "/path/to/PCAP_Analyser"
}
}
}
}
- Use with AI Assistant:
"Load the network capture tcp-logs.pcap"
"Analyze flows for port 443"
"Check if there are any security issues with port 51570"
"Show me all HTTPS traffic patterns"
"Is there any scanning activity in this capture?"
📁 File Structure
PCAP_Analyser/
├── README.md # This file
├── requirements.txt # Python dependencies
├── simple_analyzer.py # Core PCAP analysis engine
├── mcp_server.py # MCP server for LLM integration
├── mcp_config.json # MCP configuration
├── PCAPs/ # Directory for PCAP files
│ ├── tcp.pcap # Sample TCP logs
🔧 MCP Tools Available
1. load_pcap_file
# Load PCAP file for analysis
load_pcap_file('capture.pcap')
2. analyze_port_flows
# Analyze specific port traffic
analyze_port_flows(443) # HTTPS traffic
analyze_port_flows(22) # SSH traffic
3. analyze_ip_flows
# Analyze specific IP address
analyze_ip_flows('192.168.1.100')
4. analyze_protocol_flows
# Analyze by protocol
analyze_protocol_flows('TCP')
analyze_protocol_flows('HTTPS')
analyze_protocol_flows('QUIC')
5. get_pcap_summary
# Get overall PCAP summary
get_pcap_summary()
🛡️ Security Analysis Examples
Network Scanning Detection
# The analyzer automatically detects:
# - Port scanning attempts
# - Failed connection patterns
# - Reconnaissance activities
# - Coordinated attack campaigns
# Example output:
"""
🚨 SECURITY ISSUE DETECTED for Port 51570
❌ Part of Massive Scanning Campaign
- Same attacker: 10.10.28.14
- Same target: 10.10.28.35:1470
- Pattern: Failed connection attempts
- Duration: 2+ hours of sustained activity
"""
QUIC Analysis
# Analyze QUIC version negotiation failures
analyze_protocol_flows('QUIC')
# Detects:
# - Version negotiation failures
# - Protocol compatibility issues
# - Connection establishment problems
📊 Sample Analysis Output
🔍 Flow Analysis for Port 443
PCAP File: network_capture.pcap
============================================================
📊 Summary:
• Found 2 flows involving port 443
• Total packets: 28,794
• Total bytes: 26,966,480
🔍 Detailed Flow Analysis:
Flow 1: 🔄 Outbound from port 443
Source: 192.168.1.10:41948 → Destination: 192.168.1.20:443
Protocol: HTTPS
Timeline: 21:23:11.982 → 21:23:48.572 (Duration: 36.590s)
Traffic Volume: 9,610 packets, 519,907 bytes
Throughput: 262.6 packets/sec, 14,209 bytes/sec
💡 Flow Analysis Summary:
• Protocols involved: HTTPS
• Normal HTTPS traffic pattern detected
• No security issues identified
🎯 Use Cases
Network Security Analysis
- Detect port scanning and network reconnaissance
- Identify failed connection attempts and attack patterns
- Analyze protocol-specific vulnerabilities
- Generate automated security reports
Performance Monitoring
- Analyze network throughput and latency
- Identify bandwidth-heavy applications
- Monitor connection patterns and duration
- Track protocol distribution
Troubleshooting
- Diagnose connection failures
- Analyze protocol negotiation issues
- Identify network bottlenecks
- Debug application communication problems
AI-Powered Analysis
- Natural language network analysis queries
- Automated threat detection with AI insights
- Conversational network forensics
- Intelligent pattern recognition
🔮 Advanced Features
Custom Protocol Detection
The analyzer can be extended to detect custom protocols and application-specific patterns.
Real-time Analysis
Process live network traffic or streaming PCAP data.
Integration Ready
- REST API endpoints for web integration
- Command-line interface for automation
- Export capabilities (JSON, CSV, HTML reports)
🤝 Contributing
- Fork the repository
- Create a feature branch
- Add your enhancements
- Submit a pull request
📝 License
This project is licensed under the MIT License - see the LICENSE file for details.
🆘 Support
- Issues: Report bugs and request features on GitHub
- Documentation: Check the code comments for detailed API documentation
- Examples: See the
examples/directory for usage samples
🙏 Acknowledgments
- Scapy: Powerful packet manipulation library
- FastMCP: Model Context Protocol implementation
- VS Code: Excellent MCP integration support
Ready to analyze your network traffic with AI? Get started now! 🚀
Установка PCAP Analyzer Server
У этого сервера нет опубликованного пакета — он собирается из исходников. Открой репозиторий и следуй инструкции в README.
▸ github.com/Amaze-with-AI/PCAP-AnalyzerFAQ
PCAP Analyzer Server MCP бесплатный?
Да, PCAP Analyzer Server MCP бесплатный — установка в пару кликов через Unyly без оплаты.
Нужен ли API-ключ для PCAP Analyzer Server?
Нет, PCAP Analyzer Server работает без API-ключей и переменных окружения.
PCAP Analyzer Server — hosted или self-hosted?
Self-hosted: сервер запускается локально на твоей машине командой из раздела установки.
Как установить PCAP Analyzer Server в Claude Desktop, Claude Code или Cursor?
Открой PCAP Analyzer Server на unyly.org, выбери вкладку своего клиента (Claude Desktop, Claude Code, Cursor) и нажми Install — конфиг сгенерируется автоматически, без правки JSON.
Похожие MCP
Fetch
Web content fetching and conversion for efficient LLM usage.
AWS KB Retrieval
Retrieval from AWS Knowledge Base using Bedrock Agent Runtime.
автор: modelcontextprotocolSpring AI MCP Server
Provides auto-configuration for setting up an MCP server in Spring Boot applications.
llm-analysis-assistant
A very streamlined mcp client that supports calling and monitoring stdio/sse/streamableHttp, and can also view request responses through the /logs page. It also
автор: xuzexin-hzCompare PCAP Analyzer Server with
Не уверен что выбрать?
Найди свой стек за 60 секунд
Автор?
Embed-бейдж для README
Похожее
Все в категории ai
