PacketMaster

PacketMaster

MCP server for network-troubleshooting PCAP analysis via tshark, enabling users to analyze PCAP files, detect anomalies, and troubleshoot network issues.

Category
Visit Server

README

PacketMaster

MCP server for network-troubleshooting PCAP analysis via tshark. Pairs with Cursor skills pcap-troubleshooting (domain workflows) and packetmaster-mcp (MCP tool usage).

Prerequisites

  • Python 3.10+
  • uv (recommended) or pip
  • Wireshark with CLI tools: tshark, capinfos
brew install wireshark   # macOS

PacketMaster auto-detects `/Applications/Wireshark.app/Contents/MacOS/tshark` if not on PATH.

Install

cd "/Users/networkze/Documents/Claude Projects/PacketMaster"
uv sync --extra dev

Cursor MCP Configuration

Install the launcher (once), then add to ~/.cursor/mcp.json:

mkdir -p ~/.packetmaster-mcp
cp scripts/start-mcp.sh ~/.packetmaster-mcp/start-mcp.sh
chmod +x ~/.packetmaster-mcp/start-mcp.sh

{
  "mcpServers": {
    "packetmaster": {
      "command": "/Users/networkze/.packetmaster-mcp/start-mcp.sh",
      "env": {
        "FASTMCP_SHOW_SERVER_BANNER": "false"
      }
    }
  }
}

Uses a launcher script (like flipper-zero) because Cursor can break uv run paths that contain spaces.

PCAP paths must be absolute. By default any readable .pcap on disk is allowed. Set PM_ALLOWED_DIRS only if you want an opt-in sandbox.

Environment Variables

Variable Default Description
PM_ALLOWED_DIRS (unset) Optional colon-separated allowlist; when set, paths must stay inside
PM_REQUIRE_ALLOWED_DIRS false If true, PM_ALLOWED_DIRS must be set or startup validation fails
PM_MAX_FILE_SIZE 10GB Max PCAP file size
PM_MAX_PACKETS 10000 Max packets per extraction request
PM_MAX_STDOUT_BYTES 10MB Max subprocess stdout
PM_TIMEOUT 300 Subprocess timeout (seconds)
PM_HASH_MAX_BYTES 500MB Skip SHA-256 above this size unless requested
PM_REDACT_SENSITIVE true Redact credentials in stream/field output
TSHARK_PATH auto Override tshark binary path

Tools

Tool Description
pm_check_install Verify tshark/capinfos installation
pm_file_info capinfos + optional SHA-256
pm_protocol_hierarchy Protocol distribution
pm_conversations Top conversations by bytes
pm_endpoints Top IP endpoints
pm_expert_info Wireshark expert information
pm_tcp_anomalies TCP retrans/dup ACK/zero window/OOO/RST
pm_latency_summary Per-flow RTT statistics
pm_io_stats Traffic over time
pm_extract_fields Paginated field extraction
pm_follow_stream Follow TCP/UDP/HTTP/TLS stream (redacted)
pm_filter_packets Packet summaries by display filter
pm_detect_capture_type Start here — wlan vs ethernet + tool routing
pm_wired_quick_scan EPC/SPAN — DHCP, DNS, ICMP, VLAN, L2 infra, TCP
pm_dhcp_analysis DHCP phases, stuck patterns, optional MAC filter
pm_dns_analysis DNS queries/responses, NXDOMAIN, top names
pm_asymmetric_hints One-sided capture / path asymmetry heuristics
pm_troubleshoot_quick_scan L3 TCP-focused composite (alternate to wired scan)
pm_troubleshoot_flow Deep dive between two IPs
pm_wifi_quick_scan 802.11 monitor — retries, mgmt, roaming, BSSIDs
pm_wifi_client_analysis Deep dive on one STA by MAC
pm_wifi_roaming_analysis 802.11k/v roam timeline for one STA

Workflow with NetOps EPC

  1. Capture via ios_xe_epc_capture_run (user-netops MCP) with pull_pcap=true
  2. Run pm_troubleshoot_quick_scan on the returned local_path
  3. Drill down with pm_troubleshoot_flow on suspect IPs

Development

uv run pytest -q
uv run packetmaster-mcp   # stdio MCP server

Security

  • PCAP paths must be absolute; optional PM_ALLOWED_DIRS sandbox for locked-down setups
  • Symlinks rejected
  • Stream/field output redacts Authorization, Bearer tokens, passwords by default
  • Confirm with user before pm_follow_stream on production captures

Recommended Servers

playwright-mcp

playwright-mcp

A Model Context Protocol server that enables LLMs to interact with web pages through structured accessibility snapshots without requiring vision models or screenshots.

Official
Featured
TypeScript
Magic Component Platform (MCP)

Magic Component Platform (MCP)

An AI-powered tool that generates modern UI components from natural language descriptions, integrating with popular IDEs to streamline UI development workflow.

Official
Featured
Local
TypeScript
Audiense Insights MCP Server

Audiense Insights MCP Server

Enables interaction with Audiense Insights accounts via the Model Context Protocol, facilitating the extraction and analysis of marketing insights and audience data including demographics, behavior, and influencer engagement.

Official
Featured
Local
TypeScript
VeyraX MCP

VeyraX MCP

Single MCP tool to connect all your favorite tools: Gmail, Calendar and 40 more.

Official
Featured
Local
graphlit-mcp-server

graphlit-mcp-server

The Model Context Protocol (MCP) Server enables integration between MCP clients and the Graphlit service. Ingest anything from Slack to Gmail to podcast feeds, in addition to web crawling, into a Graphlit project - and then retrieve relevant contents from the MCP client.

Official
Featured
TypeScript
Kagi MCP Server

Kagi MCP Server

An MCP server that integrates Kagi search capabilities with Claude AI, enabling Claude to perform real-time web searches when answering questions that require up-to-date information.

Official
Featured
Python
E2B

E2B

Using MCP to run code via e2b.

Official
Featured
Neon Database

Neon Database

MCP server for interacting with Neon Management API and databases

Official
Featured
Exa Search

Exa Search

A Model Context Protocol (MCP) server lets AI assistants like Claude use the Exa AI Search API for web searches. This setup allows AI models to get real-time web information in a safe and controlled way.

Official
Featured
Qdrant Server

Qdrant Server

This repository is an example of how to create a MCP server for Qdrant, a vector search engine.

Official
Featured