mcpcap 0.3.2__tar.gz → 0.4.1__tar.gz

{mcpcap-0.3.2 → mcpcap-0.4.1}/PKG-INFO

@@ -1,12 +1,12 @@
 Metadata-Version: 2.4
 Name: mcpcap
-Version: 0.3.2
+Version: 0.4.1
 Summary: A modular Python MCP Server for analyzing PCAP files
 Author: mcpcap contributors
 License: MIT
-Project-URL: Homepage, https://github.com/danohn/mcpcap
-Project-URL: Repository, https://github.com/danohn/mcpcap
-Project-URL: Issues, https://github.com/danohn/mcpcap/issues
+Project-URL: Homepage, https://github.com/mcpcap/mcpcap
+Project-URL: Repository, https://github.com/mcpcap/mcpcap
+Project-URL: Issues, https://github.com/mcpcap/mcpcap/issues
 Keywords: pcap,network,analysis,mcp,dns
 Classifier: Development Status :: 3 - Alpha
 Classifier: Intended Audience :: Developers
@@ -44,7 +44,7 @@ Dynamic: license-file
 
 # mcpcap
 
-![mcpcap logo](https://raw.githubusercontent.com/danohn/mcpcap/main/readme-assets/mcpcap-logo.png)
+![mcpcap logo](https://raw.githubusercontent.com/mcpcap/mcpcap/main/readme-assets/mcpcap-logo.png)
 
 A modular Python MCP (Model Context Protocol) Server for analyzing PCAP files. mcpcap enables LLMs to read and analyze network packet captures from local or remote sources, providing structured JSON responses about network traffic.
 
@@ -115,6 +115,8 @@ uvx mcpcap
 
 ## Modules
 
+mcpcap supports multiple protocol analysis modules:
+
 ### DNS Module
 
 The DNS module analyzes Domain Name System packets in PCAP files.
@@ -127,11 +129,26 @@ The DNS module analyzes Domain Name System packets in PCAP files.
 - Track query frequency and patterns
 - Identify DNS servers used
 
+### DHCP Module
+
+The DHCP module analyzes Dynamic Host Configuration Protocol packets in PCAP files.
+
+**Capabilities**:
+
+- Track DHCP transactions (DISCOVER, OFFER, REQUEST, ACK)
+- Identify DHCP clients and servers
+- Monitor IP address assignments and lease information
+- Analyze DHCP options and configurations
+- Detect DHCP anomalies and security issues
+
 **Example Usage**:
 
-```python
-# LLM can ask: "What domains were queried in this PCAP?"
-# mcpcap will return structured JSON with DNS query information
+```bash
+# Analyze DHCP traffic only
+mcpcap --pcap-path /path/to/dhcp.pcap --modules dhcp
+
+# Analyze both DNS and DHCP
+mcpcap --pcap-path /path/to/mixed.pcap --modules dns,dhcp
 ```
 
 ## Configuration
@@ -164,12 +181,23 @@ mcpcap --pcap-url http://example.com/pcaps/
 
 **Module Selection**:
 ```bash
+# Single module
 mcpcap --modules dns --pcap-path /path/to/files
+
+# Multiple modules
+mcpcap --modules dns,dhcp --pcap-path /path/to/files
 ```
 
-**Protocol Filtering**:
+**Protocol Selection** (automatically matches loaded modules):
 ```bash
-mcpcap --protocols dns --pcap-path /path/to/files
+# DNS analysis only
+mcpcap --modules dns --pcap-path /path/to/files
+
+# DHCP analysis only  
+mcpcap --modules dhcp --pcap-path /path/to/files
+
+# Both DNS and DHCP analysis
+mcpcap --modules dns,dhcp --pcap-path /path/to/files
 ```
 
 **Packet Limiting** (for large files):
@@ -179,7 +207,7 @@ mcpcap --max-packets 1000 --pcap-path /path/to/files
 
 **Combined Options**:
 ```bash
-mcpcap --pcap-path /data/capture.pcap --max-packets 500 --protocols dns
+mcpcap --pcap-path /data/capture.pcap --max-packets 500 --modules dns,dhcp
 ```
 
 ## CLI Reference
@@ -194,7 +222,8 @@ mcpcap [--pcap-path PATH | --pcap-url URL] [OPTIONS]
 
 **Analysis Options**:
 - `--modules MODULES`: Comma-separated modules to load (default: dns)
-- `--protocols PROTOCOLS`: Comma-separated protocols to analyze (default: dns) 
+  - Available modules: `dns`, `dhcp`
+  - Protocols are automatically set to match loaded modules
 - `--max-packets N`: Maximum packets to analyze per file (default: unlimited)
 
 **Examples**:
@@ -205,8 +234,8 @@ mcpcap --pcap-path ./capture.pcap
 # Remote file with packet limit
 mcpcap --pcap-url https://example.com/dns.cap --max-packets 100
 
-# Directory with protocol filter
-mcpcap --pcap-path /captures --protocols dns --modules dns
+# Directory with DHCP analysis
+mcpcap --pcap-path /captures --modules dhcp
 ```
 
 ## Example
@@ -284,6 +313,10 @@ MIT
 - fastmcp (MCP server framework)
 - All dependencies are automatically installed via pip
 
+## Documentation
+
+Full documentation is available at [docs.mcpcap.ai](https://docs.mcpcap.ai)
+
 ## Support
 
 For questions, issues, or feature requests, please open an issue on GitHub.

{mcpcap-0.3.2 → mcpcap-0.4.1}/README.md

@@ -1,6 +1,6 @@
 # mcpcap
 
-![mcpcap logo](https://raw.githubusercontent.com/danohn/mcpcap/main/readme-assets/mcpcap-logo.png)
+![mcpcap logo](https://raw.githubusercontent.com/mcpcap/mcpcap/main/readme-assets/mcpcap-logo.png)
 
 A modular Python MCP (Model Context Protocol) Server for analyzing PCAP files. mcpcap enables LLMs to read and analyze network packet captures from local or remote sources, providing structured JSON responses about network traffic.
 
@@ -71,6 +71,8 @@ uvx mcpcap
 
 ## Modules
 
+mcpcap supports multiple protocol analysis modules:
+
 ### DNS Module
 
 The DNS module analyzes Domain Name System packets in PCAP files.
@@ -83,11 +85,26 @@ The DNS module analyzes Domain Name System packets in PCAP files.
 - Track query frequency and patterns
 - Identify DNS servers used
 
+### DHCP Module
+
+The DHCP module analyzes Dynamic Host Configuration Protocol packets in PCAP files.
+
+**Capabilities**:
+
+- Track DHCP transactions (DISCOVER, OFFER, REQUEST, ACK)
+- Identify DHCP clients and servers
+- Monitor IP address assignments and lease information
+- Analyze DHCP options and configurations
+- Detect DHCP anomalies and security issues
+
 **Example Usage**:
 
-```python
-# LLM can ask: "What domains were queried in this PCAP?"
-# mcpcap will return structured JSON with DNS query information
+```bash
+# Analyze DHCP traffic only
+mcpcap --pcap-path /path/to/dhcp.pcap --modules dhcp
+
+# Analyze both DNS and DHCP
+mcpcap --pcap-path /path/to/mixed.pcap --modules dns,dhcp
 ```
 
 ## Configuration
@@ -120,12 +137,23 @@ mcpcap --pcap-url http://example.com/pcaps/
 
 **Module Selection**:
 ```bash
+# Single module
 mcpcap --modules dns --pcap-path /path/to/files
+
+# Multiple modules
+mcpcap --modules dns,dhcp --pcap-path /path/to/files
 ```
 
-**Protocol Filtering**:
+**Protocol Selection** (automatically matches loaded modules):
 ```bash
-mcpcap --protocols dns --pcap-path /path/to/files
+# DNS analysis only
+mcpcap --modules dns --pcap-path /path/to/files
+
+# DHCP analysis only  
+mcpcap --modules dhcp --pcap-path /path/to/files
+
+# Both DNS and DHCP analysis
+mcpcap --modules dns,dhcp --pcap-path /path/to/files
 ```
 
 **Packet Limiting** (for large files):
@@ -135,7 +163,7 @@ mcpcap --max-packets 1000 --pcap-path /path/to/files
 
 **Combined Options**:
 ```bash
-mcpcap --pcap-path /data/capture.pcap --max-packets 500 --protocols dns
+mcpcap --pcap-path /data/capture.pcap --max-packets 500 --modules dns,dhcp
 ```
 
 ## CLI Reference
@@ -150,7 +178,8 @@ mcpcap [--pcap-path PATH | --pcap-url URL] [OPTIONS]
 
 **Analysis Options**:
 - `--modules MODULES`: Comma-separated modules to load (default: dns)
-- `--protocols PROTOCOLS`: Comma-separated protocols to analyze (default: dns) 
+  - Available modules: `dns`, `dhcp`
+  - Protocols are automatically set to match loaded modules
 - `--max-packets N`: Maximum packets to analyze per file (default: unlimited)
 
 **Examples**:
@@ -161,8 +190,8 @@ mcpcap --pcap-path ./capture.pcap
 # Remote file with packet limit
 mcpcap --pcap-url https://example.com/dns.cap --max-packets 100
 
-# Directory with protocol filter
-mcpcap --pcap-path /captures --protocols dns --modules dns
+# Directory with DHCP analysis
+mcpcap --pcap-path /captures --modules dhcp
 ```
 
 ## Example
@@ -240,6 +269,10 @@ MIT
 - fastmcp (MCP server framework)
 - All dependencies are automatically installed via pip
 
+## Documentation
+
+Full documentation is available at [docs.mcpcap.ai](https://docs.mcpcap.ai)
+
 ## Support
 
 For questions, issues, or feature requests, please open an issue on GitHub.

{mcpcap-0.3.2 → mcpcap-0.4.1}/docs/source/user-guide/mcp-integration.md

@@ -4,7 +4,7 @@ Learn how to integrate mcpcap with different MCP (Model Context Protocol) client
 
 ## What is MCP?
 
-The Model Context Protocol (MCP) enables LLMs to securely access external resources and tools. mcpcap implements an MCP server that provides DNS analysis capabilities to any compatible MCP client.
+The Model Context Protocol (MCP) enables LLMs to securely access external resources and tools. mcpcap implements an MCP server that provides network protocol analysis capabilities (DNS, DHCP, and more) to any compatible MCP client.
 
 ## Available MCP Clients
 
@@ -119,18 +119,38 @@ Lists all PCAP files in the configured directory.
 Analyzes DNS packets in a PCAP file.
 
 **Parameters**:
-- `pcap_file` (optional): Filename to analyze (defaults to "example.pcap")
+- `pcap_file` (optional): Filename to analyze (defaults to first available file)
 
-**Returns**: Structured JSON with packet details and statistics
+**Returns**: Structured JSON with DNS packet details and statistics
+
+### `list_dhcp_packets`
+
+Analyzes DHCP packets in a PCAP file.
+
+**Parameters**:
+- `pcap_file` (optional): Filename to analyze (defaults to first available file)
+
+**Returns**: Structured JSON with DHCP packet details including:
+- Complete DHCP transactions (DISCOVER → OFFER → REQUEST → ACK)
+- Client and server identification (MAC addresses, hostnames)
+- IP address assignments and lease information
+- DHCP options and configurations
+- Transaction timing and statistics
 
 ## Available Prompts
 
-### Analysis Prompts
+### DNS Analysis Prompts
 
 - `security_analysis`: Security-focused DNS analysis guidance
 - `network_troubleshooting`: Network performance troubleshooting
 - `forensic_investigation`: Digital forensics approach
 
+### DHCP Analysis Prompts
+
+- `dhcp_network_analysis`: Network administration and IP management analysis
+- `dhcp_security_analysis`: Security threats and rogue DHCP server detection
+- `dhcp_forensic_investigation`: Forensic analysis of DHCP transactions and timeline
+
 ## Configuration Options
 
 ### Server Configuration
@@ -146,7 +166,7 @@ mcpcap --pcap-path /path/to/specific.pcap
 mcpcap --pcap-url https://example.com/capture.pcap
 
 # With analysis options
-mcpcap --pcap-path /path/to/pcaps --max-packets 1000 --protocols dns --modules dns
+mcpcap --pcap-path /path/to/pcaps --max-packets 1000 --modules dns,dhcp
 ```
 
 ### Client Configuration Examples
@@ -162,7 +182,7 @@ mcpcap --pcap-path /path/to/pcaps --max-packets 1000 --protocols dns --modules d
     },
     "mcpcap-production": {
       "command": "mcpcap",
-      "args": ["--pcap-path", "/production/captures", "--protocols", "dns"],
+      "args": ["--pcap-path", "/production/captures", "--modules", "dns,dhcp"],
       "env": {
         "LOG_LEVEL": "INFO"
       }
@@ -220,9 +240,10 @@ export mcpcap_PCAP_PATH=/default/path
 - Verify no other processes are using the same resources
 
 **Empty results**
-- Confirm PCAP files contain DNS traffic (`port 53`)
+- Confirm PCAP files contain expected traffic (DNS on `port 53`, DHCP on `port 67/68`)
 - Check file extensions are `.pcap` or `.pcapng`
 - Verify files aren't corrupted with `file` command
+- Ensure protocol modules are properly configured (`--modules dns,dhcp`)
 
 **Performance issues**
 - Use smaller PCAP files for initial testing

{mcpcap-0.3.2 → mcpcap-0.4.1}/examples/README.md

@@ -1,10 +1,11 @@
 # mcpcap Examples
 
-This directory contains example PCAP files and usage demonstrations.
+This directory contains example PCAP files and usage demonstrations for different protocol modules.
 
 ## Example Files
 
-- `dns.pcap` - Sample DNS traffic capture for testing mcpcap functionality
+- `dns.pcap` - Sample DNS traffic capture for testing DNS module functionality
+- `dhcp.pcap` - Sample DHCP traffic capture showing complete 4-way handshake (DISCOVER → OFFER → REQUEST → ACK)
 
 ## Usage Examples
 
@@ -17,7 +18,11 @@ mcpcap --pcap-path ./examples
 
 **Analyze specific file:**
 ```bash
+# DNS analysis
 mcpcap --pcap-path ./examples/dns.pcap
+
+# DHCP analysis  
+mcpcap --pcap-path ./examples/dhcp.pcap --modules dhcp
 ```
 
 **With packet limits for faster testing:**
@@ -35,17 +40,23 @@ npx @modelcontextprotocol/inspector mcpcap --pcap-path ./examples/dns.pcap
 
 Then use the web interface to:
 - Call `list_pcap_files()` to see available files
-- Call `list_dns_packets()` (leave filename empty for direct file mode)
-- View structured DNS analysis results
+- Call `list_dns_packets()` or `list_dhcp_packets()` 
+- View structured analysis results
 
 ### Analysis Prompts
 
 Use these specialized prompts in your MCP client:
 
+**DNS Module Prompts:**
 - **`security_analysis`** - Focus on threat detection in DNS traffic
 - **`network_troubleshooting`** - Identify DNS performance issues  
 - **`forensic_investigation`** - Detailed timeline and attribution analysis
 
+**DHCP Module Prompts:**
+- **`dhcp_network_analysis`** - Network administration and IP management
+- **`dhcp_security_analysis`** - Security threats and rogue DHCP detection
+- **`dhcp_forensic_investigation`** - Forensic analysis of DHCP transactions
+
 ## Creating Your Own Examples
 
 To add new example files:
@@ -56,9 +67,17 @@ To add new example files:
 
 ## Sample Output
 
+### DNS Analysis
 When analyzing DNS packets, you'll get structured JSON output including:
-
 - Packet timestamps and network details
 - DNS query/response information
 - Statistics (queries, responses, unique domains)
-- Security-relevant metadata
+- Security-relevant metadata
+
+### DHCP Analysis
+When analyzing DHCP packets, you'll get structured JSON output including:
+- Complete DHCP transaction tracking (DISCOVER/OFFER/REQUEST/ACK)
+- Client and server identification (MAC addresses, IP addresses)
+- Lease information and timing
+- DHCP options and configurations
+- Network statistics and anomaly detection

{mcpcap-0.3.2 → mcpcap-0.4.1}/pyproject.toml

@@ -53,9 +53,9 @@ docs = [
 ]
 
 [project.urls]
-Homepage = "https://github.com/danohn/mcpcap"
-Repository = "https://github.com/danohn/mcpcap"
-Issues = "https://github.com/danohn/mcpcap/issues"
+Homepage = "https://github.com/mcpcap/mcpcap"
+Repository = "https://github.com/mcpcap/mcpcap"
+Issues = "https://github.com/mcpcap/mcpcap/issues"
 
 [project.scripts]
 mcpcap = "mcpcap:main"

{mcpcap-0.3.2 → mcpcap-0.4.1}/src/mcpcap/_version.py

@@ -28,7 +28,7 @@ version_tuple: VERSION_TUPLE
 commit_id: COMMIT_ID
 __commit_id__: COMMIT_ID
 
-__version__ = version = '0.3.2'
-__version_tuple__ = version_tuple = (0, 3, 2)
+__version__ = version = '0.4.1'
+__version_tuple__ = version_tuple = (0, 4, 1)
 
-__commit_id__ = commit_id = 'g1841e69fb'
+__commit_id__ = commit_id = 'gb756064db'

{mcpcap-0.3.2 → mcpcap-0.4.1}/src/mcpcap/cli.py

@@ -42,11 +42,6 @@ def main():
         help="Comma-separated list of modules to load (default: dns)",
         default="dns",
     )
-    parser.add_argument(
-        "--protocols",
-        help="Comma-separated list of protocols to analyze (default: dns)",
-        default="dns",
-    )
     parser.add_argument(
         "--max-packets",
         type=int,
@@ -56,12 +51,16 @@ def main():
     args = parser.parse_args()
 
     try:
+        # Parse modules and automatically set protocols to match
+        modules = args.modules.split(",") if args.modules else ["dns"]
+        protocols = modules  # Protocols automatically match loaded modules
+
         # Initialize configuration
         config = Config(
             pcap_path=args.pcap_path,
             pcap_url=args.pcap_url,
-            modules=args.modules.split(",") if args.modules else ["dns"],
-            protocols=args.protocols.split(",") if args.protocols else ["dns"],
+            modules=modules,
+            protocols=protocols,
             max_packets=args.max_packets,
         )
 

{mcpcap-0.3.2 → mcpcap-0.4.1}/src/mcpcap/core/server.py

@@ -2,6 +2,7 @@
 
 from fastmcp import FastMCP
 
+from ..modules.dhcp import DHCPModule
 from ..modules.dns import DNSModule
 from .config import Config
 
@@ -18,20 +19,34 @@ class MCPServer:
         self.config = config
         self.mcp = FastMCP("mcpcap")
 
-        # Initialize modules
-        self.dns_module = DNSModule(config)
+        # Initialize modules based on configuration
+        self.modules = {}
+        if "dns" in self.config.modules:
+            self.modules["dns"] = DNSModule(config)
+        if "dhcp" in self.config.modules:
+            self.modules["dhcp"] = DHCPModule(config)
 
         # Register tools
         self._register_tools()
 
         # Setup prompts
-        self.dns_module.setup_prompts(self.mcp)
+        for module in self.modules.values():
+            module.setup_prompts(self.mcp)
 
     def _register_tools(self) -> None:
         """Register all available tools with the MCP server."""
-        # Register DNS module tools
-        self.mcp.tool(self.dns_module.list_dns_packets)
-        self.mcp.tool(self.dns_module.list_pcap_files)
+        # Register tools for each loaded module
+        for module_name, module in self.modules.items():
+            if module_name == "dns":
+                self.mcp.tool(module.list_dns_packets)
+            elif module_name == "dhcp":
+                self.mcp.tool(module.list_dhcp_packets)
+
+        # Register shared list_pcap_files tool (same for all modules)
+        if self.modules:
+            # Use the first available module for listing PCAP files
+            first_module = next(iter(self.modules.values()))
+            self.mcp.tool(first_module.list_pcap_files)
 
     def run(self) -> None:
         """Start the MCP server."""

{mcpcap-0.3.2 → mcpcap-0.4.1}/src/mcpcap/modules/__init__.py

@@ -1,6 +1,7 @@
 """Protocol analysis modules for mcpcap."""
 
 from .base import BaseModule
+from .dhcp import DHCPModule
 from .dns import DNSModule
 
-__all__ = ["BaseModule", "DNSModule"]
+__all__ = ["BaseModule", "DHCPModule", "DNSModule"]