mcpcap 0.2.1__tar.gz

mcpcap-0.2.1/.github/FUNDING.yml

@@ -0,0 +1,4 @@
+# These are supported funding model platforms
+
+github: danohn
+

mcpcap-0.2.1/.github/workflows/release.yml

@@ -0,0 +1,86 @@
+name: Release
+
+on:
+  push:
+    tags:
+      - 'v*.*.*'  # Triggers on version tags like v1.0.0, v2.1.3, etc.
+
+jobs:
+  build-and-publish:
+    runs-on: ubuntu-latest
+    permissions:
+      contents: write  # Required for creating releases
+      id-token: write  # Required for PyPI trusted publishing
+      
+    steps:
+    - uses: actions/checkout@v4
+      with:
+        # Fetch full history for setuptools-scm to work properly
+        fetch-depth: 0
+
+    - name: Set up Python
+      uses: actions/setup-python@v5
+      with:
+        python-version: "3.11"
+
+    - name: Install build dependencies
+      run: |
+        python -m pip install --upgrade pip
+        pip install build setuptools-scm[toml]
+
+    - name: Verify version matches tag
+      run: |
+        # Extract version from tag (remove 'v' prefix)
+        TAG_VERSION=${GITHUB_REF#refs/tags/v}
+        # Get version from setuptools-scm
+        DETECTED_VERSION=$(python -c "from setuptools_scm import get_version; print(get_version())")
+        echo "Tag version: $TAG_VERSION"
+        echo "Detected version: $DETECTED_VERSION"
+        # Verify they match
+        if [ "$TAG_VERSION" != "$DETECTED_VERSION" ]; then
+          echo "Version mismatch! Tag: $TAG_VERSION, Detected: $DETECTED_VERSION"
+          exit 1
+        fi
+
+    - name: Build package
+      run: |
+        python -m build
+
+    - name: Verify package contents
+      run: |
+        pip install twine
+        twine check dist/*
+        
+    - name: Create GitHub Release
+      uses: actions/create-release@v1
+      env:
+        GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+      with:
+        tag_name: ${{ github.ref }}
+        release_name: Release ${{ github.ref }}
+        draft: false
+        prerelease: false
+        body: |
+          ## What's Changed
+          
+          Release ${{ github.ref }} of mcpcap.
+          
+          ### Installation
+          ```bash
+          pip install mcpcap==${{ github.ref_name }}
+          ```
+          
+          See [CHANGELOG.md](CHANGELOG.md) for detailed changes.
+
+    - name: Publish to PyPI
+      uses: pypa/gh-action-pypi-publish@release/v1
+      # Note: This uses PyPI's trusted publisher feature
+      # You'll need to configure this in your PyPI project settings
+      # Alternative: use password-based auth with secrets.PYPI_API_TOKEN
+
+    - name: Upload build artifacts
+      uses: actions/upload-artifact@v4
+      with:
+        name: dist-files
+        path: dist/
+        retention-days: 30

mcpcap-0.2.1/.github/workflows/test.yml

@@ -0,0 +1,65 @@
+name: Test
+
+on:
+  push:
+    branches: [ main, dev ]
+  pull_request:
+    branches: [ main ]
+
+jobs:
+  test:
+    runs-on: ubuntu-latest
+    strategy:
+      matrix:
+        python-version: ["3.10", "3.11", "3.12"]
+
+    steps:
+    - uses: actions/checkout@v4
+      with:
+        # Fetch full history for setuptools-scm to work properly
+        fetch-depth: 0
+
+    - name: Set up Python ${{ matrix.python-version }}
+      uses: actions/setup-python@v5
+      with:
+        python-version: ${{ matrix.python-version }}
+
+    - name: Install dependencies
+      run: |
+        python -m pip install --upgrade pip
+        pip install -e .[test]
+        
+    - name: Check version detection
+      run: |
+        python -c "import mcpcap; print('Version:', mcpcap.__version__)"
+        
+    - name: Run linting with ruff
+      run: |
+        pip install ruff
+        ruff check .
+        ruff format --check .
+        
+    - name: Run tests with pytest
+      run: |
+        python -m pytest tests/ -v
+
+  check-version:
+    runs-on: ubuntu-latest
+    steps:
+    - uses: actions/checkout@v4
+      with:
+        fetch-depth: 0
+        
+    - name: Set up Python
+      uses: actions/setup-python@v5
+      with:
+        python-version: "3.11"
+        
+    - name: Install setuptools-scm
+      run: |
+        python -m pip install --upgrade pip
+        pip install setuptools-scm[toml]
+        
+    - name: Verify version can be determined
+      run: |
+        python -c "from setuptools_scm import get_version; print('Detected version:', get_version())"

mcpcap-0.2.1/.gitignore

@@ -0,0 +1,218 @@
+# Byte-compiled / optimized / DLL files
+__pycache__/
+*.py[codz]
+*$py.class
+
+# C extensions
+*.so
+
+# Distribution / packaging
+.Python
+build/
+develop-eggs/
+dist/
+downloads/
+eggs/
+.eggs/
+lib/
+lib64/
+parts/
+sdist/
+var/
+wheels/
+share/python-wheels/
+*.egg-info/
+.installed.cfg
+*.egg
+MANIFEST
+
+# PyInstaller
+#  Usually these files are written by a python script from a template
+#  before PyInstaller builds the exe, so as to inject date/other infos into it.
+*.manifest
+*.spec
+
+# Installer logs
+pip-log.txt
+pip-delete-this-directory.txt
+
+# Unit test / coverage reports
+htmlcov/
+.tox/
+.nox/
+.coverage
+.coverage.*
+.cache
+nosetests.xml
+coverage.xml
+*.cover
+*.py.cover
+.hypothesis/
+.pytest_cache/
+cover/
+
+# Translations
+*.mo
+*.pot
+
+# Django stuff:
+*.log
+local_settings.py
+db.sqlite3
+db.sqlite3-journal
+
+# Flask stuff:
+instance/
+.webassets-cache
+
+# Scrapy stuff:
+.scrapy
+
+# Sphinx documentation
+docs/_build/
+
+# PyBuilder
+.pybuilder/
+target/
+
+# Jupyter Notebook
+.ipynb_checkpoints
+
+# IPython
+profile_default/
+ipython_config.py
+
+# pyenv
+#   For a library or package, you might want to ignore these files since the code is
+#   intended to run in multiple environments; otherwise, check them in:
+# .python-version
+
+# pipenv
+#   According to pypa/pipenv#598, it is recommended to include Pipfile.lock in version control.
+#   However, in case of collaboration, if having platform-specific dependencies or dependencies
+#   having no cross-platform support, pipenv may install dependencies that don't work, or not
+#   install all needed dependencies.
+#Pipfile.lock
+
+# UV
+#   Similar to Pipfile.lock, it is generally recommended to include uv.lock in version control.
+#   This is especially recommended for binary packages to ensure reproducibility, and is more
+#   commonly ignored for libraries.
+#uv.lock
+
+# poetry
+#   Similar to Pipfile.lock, it is generally recommended to include poetry.lock in version control.
+#   This is especially recommended for binary packages to ensure reproducibility, and is more
+#   commonly ignored for libraries.
+#   https://python-poetry.org/docs/basic-usage/#commit-your-poetrylock-file-to-version-control
+#poetry.lock
+#poetry.toml
+
+# pdm
+#   Similar to Pipfile.lock, it is generally recommended to include pdm.lock in version control.
+#   pdm recommends including project-wide configuration in pdm.toml, but excluding .pdm-python.
+#   https://pdm-project.org/en/latest/usage/project/#working-with-version-control
+#pdm.lock
+#pdm.toml
+.pdm-python
+.pdm-build/
+
+# pixi
+#   Similar to Pipfile.lock, it is generally recommended to include pixi.lock in version control.
+#pixi.lock
+#   Pixi creates a virtual environment in the .pixi directory, just like venv module creates one
+#   in the .venv directory. It is recommended not to include this directory in version control.
+.pixi
+
+# PEP 582; used by e.g. github.com/David-OConnor/pyflow and github.com/pdm-project/pdm
+__pypackages__/
+
+# Celery stuff
+celerybeat-schedule
+celerybeat.pid
+
+# SageMath parsed files
+*.sage.py
+
+# Environments
+.env
+.envrc
+.venv
+env/
+venv/
+ENV/
+env.bak/
+venv.bak/
+
+# Spyder project settings
+.spyderproject
+.spyproject
+
+# Rope project settings
+.ropeproject
+
+# mkdocs documentation
+/site
+
+# mypy
+.mypy_cache/
+.dmypy.json
+dmypy.json
+
+# Pyre type checker
+.pyre/
+
+# pytype static type analyzer
+.pytype/
+
+# Cython debug symbols
+cython_debug/
+
+# PyCharm
+#  JetBrains specific template is maintained in a separate JetBrains.gitignore that can
+#  be found at https://github.com/github/gitignore/blob/main/Global/JetBrains.gitignore
+#  and can be added to the global gitignore or merged into this file.  For a more nuclear
+#  option (not recommended) you can uncomment the following to ignore the entire idea folder.
+#.idea/
+
+# Abstra
+# Abstra is an AI-powered process automation framework.
+# Ignore directories containing user credentials, local state, and settings.
+# Learn more at https://abstra.io/docs
+.abstra/
+
+# Visual Studio Code
+#  Visual Studio Code specific template is maintained in a separate VisualStudioCode.gitignore 
+#  that can be found at https://github.com/github/gitignore/blob/main/Global/VisualStudioCode.gitignore
+#  and can be added to the global gitignore or merged into this file. However, if you prefer, 
+#  you could uncomment the following to ignore the entire vscode folder
+# .vscode/
+
+# Ruff stuff:
+.ruff_cache/
+
+# PyPI configuration file
+.pypirc
+
+# Cursor
+#  Cursor is an AI-powered code editor. `.cursorignore` specifies files/directories to
+#  exclude from AI features like autocomplete and code analysis. Recommended for sensitive data
+#  refer to https://docs.cursor.com/context/ignore-files
+.cursorignore
+.cursorindexingignore
+
+# Marimo
+marimo/_static/
+marimo/_lsp/
+__marimo__/
+
+# setuptools-scm generated version file
+src/mcpcap/_version.py
+
+# Project specific - ignore PCAP files except in examples
+*.pcap
+*.pcapng
+!examples/*.pcap
+!examples/*.pcapng
+
+.DS_Store

mcpcap-0.2.1/.readthedocs.yaml

@@ -0,0 +1,34 @@
+# Read the Docs configuration file
+# See https://docs.readthedocs.io/en/stable/config-file/v2.html for details
+
+version: 2
+
+build:
+  os: ubuntu-22.04
+  tools:
+    python: "3.11"
+  jobs:
+    post_create_environment:
+      # Install poetry
+      - pip install setuptools-scm[toml]
+    post_install:
+      # Install docs dependencies
+      - pip install -e .[docs]
+
+# Build documentation with Sphinx
+sphinx:
+  configuration: docs/source/conf.py
+  fail_on_warning: true
+
+# Optionally build your docs in additional formats such as PDF and ePub
+formats:
+  - pdf
+  - epub
+
+# Optional but recommended, declare the Python requirements required to build your docs
+python:
+  install:
+    - method: pip
+      path: .
+      extra_requirements:
+        - docs

mcpcap-0.2.1/LICENSE

@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2025 danohn
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

mcpcap-0.2.1/PKG-INFO

@@ -0,0 +1,198 @@
+Metadata-Version: 2.4
+Name: mcpcap
+Version: 0.2.1
+Summary: A modular Python MCP Server for analyzing PCAP files
+Author: mcpcap contributors
+License: MIT
+Project-URL: Homepage, https://github.com/danohn/mcpcap
+Project-URL: Repository, https://github.com/danohn/mcpcap
+Project-URL: Issues, https://github.com/danohn/mcpcap/issues
+Keywords: pcap,network,analysis,mcp,dns
+Classifier: Development Status :: 3 - Alpha
+Classifier: Intended Audience :: Developers
+Classifier: Intended Audience :: System Administrators
+Classifier: License :: OSI Approved :: MIT License
+Classifier: Programming Language :: Python :: 3
+Classifier: Programming Language :: Python :: 3.10
+Classifier: Programming Language :: Python :: 3.11
+Classifier: Programming Language :: Python :: 3.12
+Classifier: Topic :: System :: Networking :: Monitoring
+Classifier: Topic :: Security
+Requires-Python: >=3.10
+Description-Content-Type: text/markdown
+License-File: LICENSE
+Requires-Dist: fastmcp
+Requires-Dist: scapy
+Provides-Extra: test
+Requires-Dist: pytest; extra == "test"
+Requires-Dist: pytest-cov; extra == "test"
+Requires-Dist: setuptools-scm[toml]; extra == "test"
+Provides-Extra: dev
+Requires-Dist: setuptools-scm[toml]; extra == "dev"
+Requires-Dist: build; extra == "dev"
+Requires-Dist: twine; extra == "dev"
+Requires-Dist: ruff; extra == "dev"
+Provides-Extra: docs
+Requires-Dist: sphinx>=7.0; extra == "docs"
+Requires-Dist: sphinx-rtd-theme; extra == "docs"
+Requires-Dist: myst-parser; extra == "docs"
+Requires-Dist: sphinx-autodoc-typehints; extra == "docs"
+Requires-Dist: sphinx-copybutton; extra == "docs"
+Requires-Dist: linkify-it-py; extra == "docs"
+Dynamic: license-file
+
+# mcpcap
+
+![mcpcap logo](https://raw.githubusercontent.com/danohn/mcpcap/main/readme-assets/logo.png)
+
+A modular Python MCP (Model Context Protocol) Server for analyzing PCAP files. mcpcap enables LLMs to read and analyze network packet captures from local or remote sources, providing structured JSON responses about network traffic.
+
+## Overview
+
+mcpcap uses a modular architecture to analyze different network protocols found in PCAP files. Each module focuses on a specific protocol, allowing for targeted analysis and easy extensibility. The server leverages the powerful scapy library for packet parsing and analysis.
+
+### Key Features
+
+- **Modular Architecture**: Easily extensible to support new protocols
+- **Local & Remote PCAP Support**: Read files from local directories or HTTP servers
+- **Scapy Integration**: Leverages scapy's comprehensive packet parsing capabilities
+- **MCP Server**: Integrates seamlessly with LLM clients via Model Context Protocol
+- **JSON Responses**: Structured data format for easy LLM consumption
+
+## Installation
+
+mcpcap requires Python 3.10 or greater.
+
+### Using pip
+
+```bash
+pip install mcpcap
+```
+
+### Using uv
+
+```bash
+uv add mcpcap
+```
+
+### Using uvx (for one-time usage)
+
+```bash
+uvx mcpcap
+```
+
+## Quick Start
+
+1. **Start the MCP Server**:
+
+   ```bash
+   mcpcap --pcap-path /path/to/pcap/files
+   ```
+
+2. **Connect your LLM client** to the MCP server
+
+3. **Ask questions** about your network traffic:
+   - "What domain was queried the most in the DNS traffic?"
+   - "Show me all DNS queries for example.com"
+   - "What are the top 5 queried domains?"
+
+## Modules
+
+### DNS Module
+
+The DNS module analyzes Domain Name System packets in PCAP files.
+
+**Capabilities**:
+
+- Extract DNS queries and responses
+- Identify queried domains and subdomains
+- Analyze query types (A, AAAA, MX, etc.)
+- Track query frequency and patterns
+- Identify DNS servers used
+
+**Example Usage**:
+
+```python
+# LLM can ask: "What domains were queried in this PCAP?"
+# mcpcap will return structured JSON with DNS query information
+```
+
+## Configuration
+
+### PCAP Sources
+
+**Local Directory**:
+
+```bash
+mcpcap --pcap-path /local/path/to/pcaps
+```
+
+**Remote HTTP Server**:
+
+```bash
+mcpcap --pcap-url http://example.com/pcaps/
+```
+
+### Module Selection
+
+```bash
+mcpcap --modules dns --pcap-path /path/to/files
+```
+
+## Example
+
+An example PCAP file (`example.pcap`) containing DNS traffic is included with the project to help you get started.
+
+## Architecture
+
+mcpcap's modular design makes it easy to extend support for new protocols:
+
+1. **Core Engine**: Handles PCAP file loading and basic packet processing
+2. **Protocol Modules**: Individual modules for specific protocols (DNS, etc.)
+3. **MCP Interface**: Translates between LLM queries and packet analysis results
+4. **Output Formatter**: Converts analysis results to structured JSON
+
+### Adding New Modules
+
+New protocol modules can be added by:
+
+1. Implementing the module interface
+2. Defining scapy display filters for the protocol
+3. Creating analysis functions specific to the protocol
+4. Registering the module with the core engine
+
+Future modules might include:
+
+- BGP (Border Gateway Protocol)
+- HTTP/HTTPS traffic analysis
+- TCP connection tracking
+- And more!
+
+## Remote Access
+
+mcpcap supports reading PCAP files from remote HTTP servers without authentication. Future versions may include support for Basic Authentication and other security mechanisms.
+
+## Contributing
+
+Contributions are welcome! Whether you want to:
+
+- Add support for new protocols
+- Improve existing modules
+- Enhance the MCP interface
+- Add new features
+
+Please feel free to open issues and submit pull requests.
+
+## License
+
+MIT
+
+## Requirements
+
+- Python 3.10+
+- scapy
+- MCP server dependencies (automatically installed)
+
+## Support
+
+For questions, issues, or feature requests, please open an issue on GitHub.