mcpcap 0.2.3__py3-none-any.whl → 0.3.1__py3-none-any.whl

mcpcap/_version.py

@@ -28,7 +28,7 @@ version_tuple: VERSION_TUPLE
 commit_id: COMMIT_ID
 __commit_id__: COMMIT_ID
 
-__version__ = version = '0.2.3'
-__version_tuple__ = version_tuple = (0, 2, 3)
+__version__ = version = '0.3.1'
+__version_tuple__ = version_tuple = (0, 3, 1)
 
 __commit_id__ = commit_id = None

mcpcap/cli.py

@@ -5,6 +5,7 @@ and server initialization.
 """
 
 import argparse
+import sys
 
 from .core import Config, MCPServer
 
@@ -23,16 +24,46 @@ def main():
         KeyboardInterrupt: If the user interrupts the server
         Exception: For any unexpected errors during server operation
     """
-    parser = argparse.ArgumentParser(description="PCAP DNS Analyzer MCP Server")
+    parser = argparse.ArgumentParser(description="mcpcap MCP Server")
+
+    # PCAP source options (mutually exclusive)
+    source_group = parser.add_mutually_exclusive_group(required=True)
+    source_group.add_argument(
+        "--pcap-path", help="Path to PCAP file or directory containing PCAP files"
+    )
+    source_group.add_argument(
+        "--pcap-url",
+        help="HTTP URL to PCAP file (direct link) or directory containing PCAP files",
+    )
+
+    # Analysis options
+    parser.add_argument(
+        "--modules",
+        help="Comma-separated list of modules to load (default: dns)",
+        default="dns",
+    )
+    parser.add_argument(
+        "--protocols",
+        help="Comma-separated list of protocols to analyze (default: dns)",
+        default="dns",
+    )
     parser.add_argument(
-        "--pcap-path", required=True, help="Path to directory containing PCAP files"
+        "--max-packets",
+        type=int,
+        help="Maximum number of packets to analyze per file (default: unlimited)",
     )
 
     args = parser.parse_args()
 
     try:
         # Initialize configuration
-        config = Config(args.pcap_path)
+        config = Config(
+            pcap_path=args.pcap_path,
+            pcap_url=args.pcap_url,
+            modules=args.modules.split(",") if args.modules else ["dns"],
+            protocols=args.protocols.split(",") if args.protocols else ["dns"],
+            max_packets=args.max_packets,
+        )
 
         # Create and start MCP server
         server = MCPServer(config)
@@ -40,13 +71,13 @@ def main():
         return 0
 
     except ValueError as e:
-        print(f"Error: {e}")
+        print(f"Error: {e}", file=sys.stderr)
         return 1
     except KeyboardInterrupt:
-        print("\\nServer stopped by user")
+        print("\\nServer stopped by user", file=sys.stderr)
         return 0
     except Exception as e:
-        print(f"Unexpected error: {e}")
+        print(f"Unexpected error: {e}", file=sys.stderr)
         return 1
 
 

mcpcap/core/config.py

@@ -1,52 +1,230 @@
 """Configuration management for mcpcap."""
 
 import os
+from urllib.parse import urljoin, urlparse
+
+import requests
 
 
 class Config:
     """Configuration management for mcpcap server."""
 
-    def __init__(self, pcap_path: str):
+    def __init__(
+        self,
+        pcap_path: str | None = None,
+        pcap_url: str | None = None,
+        modules: list[str] | None = None,
+        protocols: list[str] | None = None,
+        max_packets: int | None = None,
+    ):
         """Initialize configuration.
 
         Args:
             pcap_path: Path to directory containing PCAP files
+            pcap_url: HTTP server URL containing PCAP files
+            modules: List of modules to load
+            protocols: List of protocols to analyze
+            max_packets: Maximum number of packets to analyze per file
         """
         self.pcap_path = pcap_path
-        self._validate_pcap_path()
+        self.pcap_url = pcap_url
+        self.modules = modules or ["dns"]
+        self.protocols = protocols or ["dns"]
+        self.max_packets = max_packets
+        self.is_remote = pcap_url is not None
+        self.is_direct_file_url = False  # Will be set during validation
+        self.is_direct_file_path = (
+            False  # Will be set during validation for local files
+        )
+
+        self._validate_configuration()
+
+    def _validate_configuration(self) -> None:
+        """Validate the configuration parameters."""
+        if not self.pcap_path and not self.pcap_url:
+            raise ValueError("Either --pcap-path or --pcap-url must be specified")
+
+        if self.pcap_path and self.pcap_url:
+            raise ValueError("Cannot specify both --pcap-path and --pcap-url")
+
+        if self.pcap_path:
+            self._validate_pcap_path()
+
+        if self.pcap_url:
+            self._validate_pcap_url()
+
+        if self.max_packets is not None and self.max_packets <= 0:
+            raise ValueError("max_packets must be a positive integer")
 
     def _validate_pcap_path(self) -> None:
-        """Validate that the PCAP path exists and is a directory."""
+        """Validate that the PCAP path exists and is either a directory or a PCAP file."""
         if not os.path.exists(self.pcap_path):
-            raise ValueError(f"PCAP directory '{self.pcap_path}' does not exist")
+            raise ValueError(f"PCAP path '{self.pcap_path}' does not exist")
+
+        if os.path.isfile(self.pcap_path):
+            # Check if it's a PCAP file
+            if not self.pcap_path.lower().endswith((".pcap", ".pcapng", ".cap")):
+                raise ValueError(
+                    f"File '{self.pcap_path}' is not a supported PCAP file (.pcap/.pcapng/.cap)"
+                )
+            self.is_direct_file_path = True
+        elif os.path.isdir(self.pcap_path):
+            self.is_direct_file_path = False
+        else:
+            raise ValueError(f"'{self.pcap_path}' is neither a file nor a directory")
+
+    def _validate_pcap_url(self) -> None:
+        """Validate that the PCAP URL is accessible."""
+        try:
+            parsed = urlparse(self.pcap_url)
+            if not parsed.scheme or not parsed.netloc:
+                raise ValueError(f"Invalid URL format: {self.pcap_url}")
+
+            # Determine if this is a direct file URL or directory URL
+            self.is_direct_file_url = self._is_direct_file_url()
 
-        if not os.path.isdir(self.pcap_path):
-            raise ValueError(f"'{self.pcap_path}' is not a directory")
+            # Test connectivity with a HEAD request
+            response = requests.head(self.pcap_url, timeout=10)
+            if response.status_code >= 400:
+                raise ValueError(
+                    f"Cannot access PCAP URL: {self.pcap_url} (HTTP {response.status_code})"
+                )
+
+        except requests.RequestException as e:
+            raise ValueError(
+                f"Cannot connect to PCAP URL '{self.pcap_url}': {str(e)}"
+            ) from e
+
+    def _is_direct_file_url(self) -> bool:
+        """Determine if the URL points directly to a PCAP file."""
+        parsed = urlparse(self.pcap_url)
+        path = parsed.path.lower()
+
+        # Check if URL ends with a PCAP file extension
+        return (
+            path.endswith(".pcap") or path.endswith(".pcapng") or path.endswith(".cap")
+        )
 
     def get_pcap_file_path(self, pcap_file: str) -> str:
-        """Get full path to a PCAP file.
+        """Get full path or URL to a PCAP file.
 
         Args:
             pcap_file: Filename or relative path to PCAP file
 
         Returns:
-            Full path to the PCAP file
+            Full path or URL to the PCAP file
         """
-        if os.path.isabs(pcap_file):
-            return pcap_file
-        return os.path.join(self.pcap_path, pcap_file)
+        if self.is_remote:
+            # If it's already a full URL, return as-is
+            if pcap_file.startswith("http"):
+                return pcap_file
+
+            # If this is a direct file URL, return the URL directly
+            if self.is_direct_file_url:
+                return self.pcap_url
+
+            # Otherwise, treat as directory and join with filename
+            return urljoin(self.pcap_url.rstrip("/") + "/", pcap_file)
+        else:
+            # Local file handling
+            if os.path.isabs(pcap_file):
+                return pcap_file
+
+            # If this is a direct file path, return it directly
+            if self.is_direct_file_path:
+                return self.pcap_path
+
+            # Otherwise, join with directory
+            return os.path.join(self.pcap_path, pcap_file)
 
     def list_pcap_files(self) -> list[str]:
-        """List all PCAP files in the configured directory.
+        """List all PCAP files in the configured directory or remote URL.
 
         Returns:
             List of PCAP filenames
         """
+        if self.is_remote:
+            return self._list_remote_pcap_files()
+        else:
+            if self.is_direct_file_path:
+                # Return just the filename from the direct file path
+                return [os.path.basename(self.pcap_path)]
+            else:
+                # List files in directory
+                try:
+                    return [
+                        f
+                        for f in os.listdir(self.pcap_path)
+                        if f.endswith((".pcap", ".pcapng", ".cap"))
+                    ]
+                except Exception:
+                    return []
+
+    def _list_remote_pcap_files(self) -> list[str]:
+        """List PCAP files from a remote HTTP server.
+
+        Returns:
+            List of PCAP filenames found on the remote server
+        """
+        # If this is a direct file URL, return just that filename
+        if self.is_direct_file_url:
+            filename = os.path.basename(urlparse(self.pcap_url).path)
+            return [filename] if filename else []
+
+        # Otherwise try to parse directory listing
         try:
-            return [
-                f
-                for f in os.listdir(self.pcap_path)
-                if f.endswith((".pcap", ".pcapng"))
-            ]
-        except Exception:
+            response = requests.get(self.pcap_url, timeout=30)
+            response.raise_for_status()
+
+            # Parse HTML to find .pcap and .pcapng files
+            # This is a simple implementation that looks for href attributes
+            import re
+
+            pcap_files = []
+
+            # Look for links to .pcap, .pcapng, and .cap files
+            pattern = r'href=["\']([^"\']*\.(?:pcap|pcapng|cap))["\']'
+            matches = re.findall(pattern, response.text, re.IGNORECASE)
+
+            for match in matches:
+                # Extract just the filename, not the full path
+                filename = os.path.basename(match)
+                if filename and filename not in pcap_files:
+                    pcap_files.append(filename)
+
+            return sorted(pcap_files)
+
+        except requests.RequestException:
             return []
+
+    def download_pcap_file(self, pcap_file: str, local_path: str) -> str:
+        """Download a remote PCAP file to local storage.
+
+        Args:
+            pcap_file: Name of the PCAP file to download
+            local_path: Local path to save the file
+
+        Returns:
+            Local path to the downloaded file
+        """
+        if not self.is_remote:
+            raise ValueError("Cannot download file: not using remote source")
+
+        url = self.get_pcap_file_path(pcap_file)
+
+        try:
+            response = requests.get(url, timeout=60, stream=True)
+            response.raise_for_status()
+
+            os.makedirs(os.path.dirname(local_path), exist_ok=True)
+
+            with open(local_path, "wb") as f:
+                for chunk in response.iter_content(chunk_size=8192):
+                    f.write(chunk)
+
+            return local_path
+
+        except requests.RequestException as e:
+            raise ValueError(
+                f"Failed to download PCAP file '{pcap_file}': {str(e)}"
+            ) from e

mcpcap/core/server.py

@@ -3,7 +3,6 @@
 from fastmcp import FastMCP
 
 from ..modules.dns import DNSModule
-from ..resources.references import setup_resources
 from .config import Config
 
 
@@ -17,7 +16,7 @@ class MCPServer:
             config: Configuration instance
         """
         self.config = config
-        self.mcp = FastMCP("PCAP DNS Analyzer")
+        self.mcp = FastMCP("mcpcap")
 
         # Initialize modules
         self.dns_module = DNSModule(config)
@@ -25,8 +24,7 @@ class MCPServer:
         # Register tools
         self._register_tools()
 
-        # Setup resources and prompts
-        setup_resources(self.mcp)
+        # Setup prompts
         self.dns_module.setup_prompts(self.mcp)
 
     def _register_tools(self) -> None:
@@ -37,5 +35,13 @@ class MCPServer:
 
     def run(self) -> None:
         """Start the MCP server."""
-        print(f"Starting MCP server with PCAP directory: {self.config.pcap_path}")
+        import sys
+
+        # Log to stderr to avoid breaking MCP JSON-RPC protocol
+        source = (
+            self.config.pcap_url if self.config.is_remote else self.config.pcap_path
+        )
+        source_type = "remote URL" if self.config.is_remote else "directory"
+        print(f"Starting MCP server with PCAP {source_type}: {source}", file=sys.stderr)
+
         self.mcp.run()

mcpcap/modules/dns.py

@@ -1,6 +1,7 @@
 """DNS analysis module."""
 
 import os
+import tempfile
 from datetime import datetime
 from typing import Any
 
@@ -18,45 +19,118 @@ class DNSModule(BaseModule):
         """Return the name of the protocol this module analyzes."""
         return "DNS"
 
-    def list_dns_packets(self, pcap_file: str = "example.pcap") -> dict[str, Any]:
+    def list_dns_packets(self, pcap_file: str = "") -> dict[str, Any]:
         """
         Analyze DNS packets from a PCAP file and return a summary of each packet.
 
         Args:
-            pcap_file: Path to the PCAP file to analyze (defaults to 'example.pcap')
+            pcap_file: Path to the PCAP file to analyze. Leave empty for direct URL remotes
+                      or when using the first available file in local directories.
 
         Returns:
             A structured dictionary containing DNS packet analysis results
         """
-        # Get full path to PCAP file
-        full_path = self.config.get_pcap_file_path(pcap_file)
+        # Handle remote files
+        if self.config.is_remote:
+            # For direct file URLs, always use the URL file (ignore pcap_file parameter)
+            if self.config.is_direct_file_url:
+                available_files = self.config.list_pcap_files()
+                if not available_files:
+                    return {
+                        "error": "No PCAP file found at the provided URL",
+                        "pcap_url": self.config.pcap_url,
+                    }
+                pcap_file = available_files[0]  # Use the actual filename from URL
+            elif not pcap_file:
+                # For directory URLs, if no file specified, use the first available
+                available_files = self.config.list_pcap_files()
+                if not available_files:
+                    return {
+                        "error": "No PCAP files found at the provided URL",
+                        "pcap_url": self.config.pcap_url,
+                        "available_files": [],
+                    }
+                pcap_file = available_files[0]
 
-        # Check if file exists
-        if not os.path.exists(full_path):
-            # List available PCAP files for help
-            available_files = self.config.list_pcap_files()
-            return {
-                "error": f"PCAP file '{pcap_file}' not found",
-                "available_files": available_files,
-                "pcap_directory": self.config.pcap_path,
-            }
+            # Download remote file to temporary location
+            try:
+                with tempfile.NamedTemporaryFile(
+                    suffix=".pcap", delete=False
+                ) as tmp_file:
+                    temp_path = tmp_file.name
+
+                local_path = self.config.download_pcap_file(pcap_file, temp_path)
+                result = self.analyze_packets(local_path)
+
+                # Clean up temporary file
+                try:
+                    os.unlink(local_path)
+                except OSError:
+                    pass  # Ignore cleanup errors
+
+                return result
+
+            except Exception as e:
+                # List available PCAP files for help
+                available_files = self.config.list_pcap_files()
+                return {
+                    "error": f"Failed to download PCAP file '{pcap_file}': {str(e)}",
+                    "available_files": available_files,
+                    "pcap_source": self.config.pcap_url,
+                }
+        else:
+            # Local file handling
+            if not pcap_file:
+                # If no file specified, use the first available local file
+                available_files = self.config.list_pcap_files()
+                if not available_files:
+                    return {
+                        "error": "No PCAP files found in directory",
+                        "pcap_directory": self.config.pcap_path,
+                        "available_files": [],
+                    }
+                pcap_file = available_files[0]
+
+            full_path = self.config.get_pcap_file_path(pcap_file)
+
+            # Check if local file exists
+            if not os.path.exists(full_path):
+                # List available PCAP files for help
+                available_files = self.config.list_pcap_files()
+                return {
+                    "error": f"PCAP file '{pcap_file}' not found",
+                    "available_files": available_files,
+                    "pcap_directory": self.config.pcap_path,
+                }
 
-        return self.analyze_packets(full_path)
+            return self.analyze_packets(full_path)
 
     def list_pcap_files(self) -> str:
         """
-        List all available PCAP files in the default directory.
+        List all available PCAP files in the configured directory or remote URL.
 
         Returns:
             A list of available PCAP files that can be analyzed
         """
         files = self.config.list_pcap_files()
+        source = (
+            self.config.pcap_url if self.config.is_remote else self.config.pcap_path
+        )
+
         if files:
-            return f"Available PCAP files in {self.config.pcap_path}:\\n" + "\\n".join(
-                f"- {f}" for f in sorted(files)
-            )
+            if self.config.is_remote and self.config.is_direct_file_url:
+                return f"Direct PCAP file URL: {source}\\n- {files[0]}"
+            elif not self.config.is_remote and self.config.is_direct_file_path:
+                return f"Direct PCAP file path: {source}\\n- {files[0]}"
+            else:
+                source_type = "remote server" if self.config.is_remote else "directory"
+                return (
+                    f"Available PCAP files in {source_type} {source}:\\n"
+                    + "\\n".join(f"- {f}" for f in sorted(files))
+                )
         else:
-            return f"No PCAP files found in {self.config.pcap_path}"
+            source_type = "remote server" if self.config.is_remote else "directory"
+            return f"No PCAP files found in {source_type} {source}"
 
     def analyze_packets(self, pcap_file: str) -> dict[str, Any]:
         """Analyze DNS packets in a PCAP file.
@@ -79,8 +153,15 @@ class DNSModule(BaseModule):
                     "message": "No DNS packets found in this capture",
                 }
 
+            # Apply max_packets limit if specified
+            packets_to_analyze = dns_packets
+            limited = False
+            if self.config.max_packets and len(dns_packets) > self.config.max_packets:
+                packets_to_analyze = dns_packets[: self.config.max_packets]
+                limited = True
+
             packet_details = []
-            for i, pkt in enumerate(dns_packets, 1):
+            for i, pkt in enumerate(packets_to_analyze, 1):
                 packet_info = self._analyze_dns_packet(pkt, i)
                 packet_details.append(packet_info)
 
@@ -92,10 +173,17 @@ class DNSModule(BaseModule):
                 "analysis_timestamp": datetime.now().isoformat(),
                 "total_packets_in_file": len(packets),
                 "dns_packets_found": len(dns_packets),
+                "dns_packets_analyzed": len(packet_details),
                 "statistics": stats,
                 "packets": packet_details,
             }
 
+            # Add information about packet limiting
+            if limited:
+                result["note"] = (
+                    f"Analysis limited to first {self.config.max_packets} DNS packets due to --max-packets setting"
+                )
+
             return result
 
         except Exception as e:

{mcpcap-0.2.3.dist-info → mcpcap-0.3.1.dist-info}/METADATA

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: mcpcap
-Version: 0.2.3
+Version: 0.3.1
 Summary: A modular Python MCP Server for analyzing PCAP files
 Author: mcpcap contributors
 License: MIT
@@ -23,6 +23,7 @@ Description-Content-Type: text/markdown
 License-File: LICENSE
 Requires-Dist: fastmcp
 Requires-Dist: scapy
+Requires-Dist: requests
 Provides-Extra: test
 Requires-Dist: pytest; extra == "test"
 Requires-Dist: pytest-cov; extra == "test"
@@ -85,10 +86,26 @@ uvx mcpcap
 
 1. **Start the MCP Server**:
 
+   **Local PCAP file:**
+   ```bash
+   mcpcap --pcap-path /path/to/specific/file.pcap
+   ```
+
+   **Local PCAP directory:**
    ```bash
    mcpcap --pcap-path /path/to/pcap/files
    ```
 
+   **Remote PCAP file:**
+   ```bash
+   mcpcap --pcap-url https://example.com/sample.pcap
+   ```
+
+   **With advanced options:**
+   ```bash
+   mcpcap --pcap-path /path/to/pcaps --max-packets 100 --protocols dns
+   ```
+
 2. **Connect your LLM client** to the MCP server
 
 3. **Ask questions** about your network traffic:
@@ -121,27 +138,80 @@ The DNS module analyzes Domain Name System packets in PCAP files.
 
 ### PCAP Sources
 
-**Local Directory**:
+mcpcap supports multiple ways to specify PCAP data sources:
 
+**Local PCAP File**:
+```bash
+mcpcap --pcap-path /local/path/to/specific.pcap
+```
+
+**Local Directory**:
 ```bash
 mcpcap --pcap-path /local/path/to/pcaps
 ```
 
-**Remote HTTP Server**:
+**Remote PCAP File (Direct Link)**:
+```bash
+mcpcap --pcap-url https://wiki.wireshark.org/uploads/dns.cap
+```
 
+**Remote Directory Listing**:
 ```bash
 mcpcap --pcap-url http://example.com/pcaps/
 ```
 
-### Module Selection
+### Analysis Options
 
+**Module Selection**:
 ```bash
 mcpcap --modules dns --pcap-path /path/to/files
 ```
 
+**Protocol Filtering**:
+```bash
+mcpcap --protocols dns --pcap-path /path/to/files
+```
+
+**Packet Limiting** (for large files):
+```bash
+mcpcap --max-packets 1000 --pcap-path /path/to/files
+```
+
+**Combined Options**:
+```bash
+mcpcap --pcap-path /data/capture.pcap --max-packets 500 --protocols dns
+```
+
+## CLI Reference
+
+```bash
+mcpcap [--pcap-path PATH | --pcap-url URL] [OPTIONS]
+```
+
+**Source Options** (choose one):
+- `--pcap-path PATH`: Local PCAP file or directory
+- `--pcap-url URL`: Remote PCAP file URL or directory listing
+
+**Analysis Options**:
+- `--modules MODULES`: Comma-separated modules to load (default: dns)
+- `--protocols PROTOCOLS`: Comma-separated protocols to analyze (default: dns) 
+- `--max-packets N`: Maximum packets to analyze per file (default: unlimited)
+
+**Examples**:
+```bash
+# Analyze specific file
+mcpcap --pcap-path ./capture.pcap
+
+# Remote file with packet limit
+mcpcap --pcap-url https://example.com/dns.cap --max-packets 100
+
+# Directory with protocol filter
+mcpcap --pcap-path /captures --protocols dns --modules dns
+```
+
 ## Example
 
-An example PCAP file (`example.pcap`) containing DNS traffic is included with the project to help you get started.
+An example PCAP file (`dns.pcap`) containing DNS traffic is included in the `examples/` directory to help you get started.
 
 ## Architecture
 
@@ -170,7 +240,26 @@ Future modules might include:
 
 ## Remote Access
 
-mcpcap supports reading PCAP files from remote HTTP servers without authentication. Future versions may include support for Basic Authentication and other security mechanisms.
+mcpcap supports reading PCAP files from remote HTTP servers in two modes:
+
+**Direct File Access**: Point directly to a PCAP file URL
+```bash
+mcpcap --pcap-url https://wiki.wireshark.org/uploads/__moin_import__/attachments/SampleCaptures/dns.cap
+```
+
+**Directory Listing**: Parse HTML directory listings to find PCAP files
+```bash
+mcpcap --pcap-url http://server.com/pcap-files/
+```
+
+**Supported File Types**: `.pcap`, `.pcapng`, `.cap`
+
+**Current Limitations**:
+- HTTP/HTTPS only (no authentication)
+- Directory listings require standard HTML format
+- Files are downloaded temporarily for analysis
+
+Future versions may include support for Basic Authentication and other security mechanisms.
 
 ## Contributing
 
@@ -190,8 +279,10 @@ MIT
 ## Requirements
 
 - Python 3.10+
-- scapy
-- MCP server dependencies (automatically installed)
+- scapy (packet parsing and analysis)
+- requests (HTTP remote file access)
+- fastmcp (MCP server framework)
+- All dependencies are automatically installed via pip
 
 ## Support
 

mcpcap-0.3.1.dist-info/RECORD

@@ -0,0 +1,15 @@
+mcpcap/__init__.py,sha256=rJwCpBXkhIvmsqHFpeR33Vg8kuipNPJ2JdlAjsTk7I4,1408
+mcpcap/_version.py,sha256=gGLpQUQx-ty9SEy9PYw9OgJWWzJLBnCpfJOfzL7SjlI,704
+mcpcap/cli.py,sha256=DflEb7i2ATn9lBx4rK43Qpf-aQjKhwSqT20BofzVrFs,2480
+mcpcap/core/__init__.py,sha256=WM5GTl06ZwwqHTPiKaYB-9hwOOXe3hyHG16FshwSsjE,127
+mcpcap/core/config.py,sha256=WdHYu14Cvn9C3xs3KsQ-SVRru00IH86nQfnDL57V9zE,8190
+mcpcap/core/server.py,sha256=BrLgT-zsa2uFQ2B_bNSSrCFID3xXruinnnfRrHo1GKs,1312
+mcpcap/modules/__init__.py,sha256=iIeoZuLA-EOv0OS8WU8qDCitXJnarq9F0hA5-Y97zis,140
+mcpcap/modules/base.py,sha256=3h8lGt6d6ob4SbgP6THC5PnTeMRcKfTGoJ9ZlZsQje0,826
+mcpcap/modules/dns.py,sha256=cc77RxJOf-JxTLTCY8kfc_64uMawWKB3rjme9Q5H1pI,16632
+mcpcap-0.3.1.dist-info/licenses/LICENSE,sha256=Ltj0zxftQyBYQMNva935v0i5QXQQOF8ygE8dQxGEtjk,1063
+mcpcap-0.3.1.dist-info/METADATA,sha256=GCTSg601dKs06-KMnD6IqwSqXSubYSdYbsLY_eUVxhA,7854
+mcpcap-0.3.1.dist-info/WHEEL,sha256=_zCd3N1l69ArxyTb8rzEoP9TpbYXkqRFSNOD5OuxnTs,91
+mcpcap-0.3.1.dist-info/entry_points.txt,sha256=ck69gPBEopmU6mzQy9P6o6ssMr89bQbrvv51IaJ50Gc,39
+mcpcap-0.3.1.dist-info/top_level.txt,sha256=YkRkVGjuM3nI7cVB1l8zIAeqiS_5_vrzbUcHNkH3OXE,7
+mcpcap-0.3.1.dist-info/RECORD,,

mcpcap/resources/__init__.py

@@ -1,5 +0,0 @@
-"""Resources for mcpcap analysis."""
-
-from .references import setup_resources
-
-__all__ = ["setup_resources"]

mcpcap/resources/references.py

@@ -1,90 +0,0 @@
-"""Reference resources for DNS analysis."""
-
-from fastmcp import FastMCP
-
-
-def setup_resources(mcp: FastMCP) -> None:
-    """Set up reference resources for the MCP server.
-
-    Args:
-        mcp: FastMCP server instance
-    """
-
-    @mcp.resource("dns-record-types://reference")
-    def get_dns_record_types() -> str:
-        """Reference guide for DNS record types"""
-        return """
-# DNS Record Types Reference
-
-## Common Record Types:
-- **A (1)**: IPv4 address record
-- **AAAA (28)**: IPv6 address record
-- **CNAME (5)**: Canonical name (alias)
-- **MX (15)**: Mail exchange record
-- **NS (2)**: Name server record
-- **PTR (12)**: Pointer record (reverse DNS)
-- **SOA (6)**: Start of authority
-- **TXT (16)**: Text record
-- **SRV (33)**: Service record
-
-## Security-Related Types:
-- **DNSKEY (48)**: DNS public key
-- **RRSIG (46)**: Resource record signature
-- **DS (43)**: Delegation signer
-- **NSEC (47)**: Next secure record
-"""
-
-    @mcp.resource("dns-flags://reference")
-    def get_dns_flags_reference() -> str:
-        """Reference guide for DNS flags and their meanings"""
-        return """
-# DNS Flags Reference
-
-## Header Flags:
-- **QR**: Query/Response (0=Query, 1=Response)
-- **AA**: Authoritative Answer
-- **TC**: Truncated (message was truncated)
-- **RD**: Recursion Desired
-- **RA**: Recursion Available
-- **Z**: Reserved (must be zero)
-- **AD**: Authenticated Data
-- **CD**: Checking Disabled
-
-## Response Codes (RCODE):
-- **0**: No error
-- **1**: Format error
-- **2**: Server failure
-- **3**: Name error (domain doesn't exist)
-- **4**: Not implemented
-- **5**: Refused
-"""
-
-    @mcp.resource("suspicious-domains://indicators")
-    def get_suspicious_domain_indicators() -> str:
-        """Common indicators of suspicious or malicious domains"""
-        return """
-# Suspicious Domain Indicators
-
-## Common Patterns:
-- Long random-looking subdomains
-- Domains with excessive hyphens or numbers
-- Recently registered domains
-- Domains using punycode (internationalized domains)
-- DGA (Domain Generation Algorithm) patterns
-
-## Suspicious TLDs (often abused):
-- .tk, .ml, .ga, .cf (free TLDs)
-- .bit (blockchain domains)
-- Newly introduced gTLDs
-
-## Behavioral Indicators:
-- High frequency of DNS queries
-- Queries to non-existent domains (NXDOMAIN)
-- Unusual query patterns or timing
-- Queries for infrastructure domains (.arpa, .root-servers.net)
-
-## DNS Tunneling Indicators:
-- Unusually long DNS queries
-- High volume of TXT record queries
-- Queries with encoded data in subdomain names
-"""

mcpcap-0.2.3.dist-info/RECORD

@@ -1,17 +0,0 @@
-mcpcap/__init__.py,sha256=rJwCpBXkhIvmsqHFpeR33Vg8kuipNPJ2JdlAjsTk7I4,1408
-mcpcap/_version.py,sha256=kBRz0P2plw1eVdIpt70W6m1LMbEIhLY3RyOfVGdubaI,704
-mcpcap/cli.py,sha256=8afFamCifC44vMAAi1gNqr2c6CdBgXk33IoRgqmSH2A,1416
-mcpcap/core/__init__.py,sha256=WM5GTl06ZwwqHTPiKaYB-9hwOOXe3hyHG16FshwSsjE,127
-mcpcap/core/config.py,sha256=0LmnzHWWOwtHrikW2o5C9N0SLVvNuCzkNYTQQEys27U,1476
-mcpcap/core/server.py,sha256=1wGGhTMLPspeH45NoVvhcnjUcLWyD6kY1u9tpt4jos4,1140
-mcpcap/modules/__init__.py,sha256=iIeoZuLA-EOv0OS8WU8qDCitXJnarq9F0hA5-Y97zis,140
-mcpcap/modules/base.py,sha256=3h8lGt6d6ob4SbgP6THC5PnTeMRcKfTGoJ9ZlZsQje0,826
-mcpcap/modules/dns.py,sha256=NSBVfx1KWgEDFcvOpvrxIVPAXXE-SvK2E4HS3vqvlVk,12627
-mcpcap/resources/__init__.py,sha256=BPXV29wIG360w9Y9iNpQdA93H2PhT3a6CrnMZX2aaaU,109
-mcpcap/resources/references.py,sha256=HCciAutgLHodlifC8goAZcWpvup3DfbVZ1rxPaXKggA,2516
-mcpcap-0.2.3.dist-info/licenses/LICENSE,sha256=Ltj0zxftQyBYQMNva935v0i5QXQQOF8ygE8dQxGEtjk,1063
-mcpcap-0.2.3.dist-info/METADATA,sha256=kGG7xi-5-Oxr84LypLbq_rnTP838VCiKXvBaynOOLQU,5530
-mcpcap-0.2.3.dist-info/WHEEL,sha256=_zCd3N1l69ArxyTb8rzEoP9TpbYXkqRFSNOD5OuxnTs,91
-mcpcap-0.2.3.dist-info/entry_points.txt,sha256=ck69gPBEopmU6mzQy9P6o6ssMr89bQbrvv51IaJ50Gc,39
-mcpcap-0.2.3.dist-info/top_level.txt,sha256=YkRkVGjuM3nI7cVB1l8zIAeqiS_5_vrzbUcHNkH3OXE,7
-mcpcap-0.2.3.dist-info/RECORD,,