← MCP catalog#031 · Digital Forensics
AWS PCAP Analyzer MCP
31 tools: flow reconstruction, anomaly scoring, IOC extraction
AWS-published sample MCP providing layered packet analysis beyond raw tshark output — flow reconstruction, anomaly detection, and IOC extraction from PCAP files.
Cost
Free · no API key
API key
Not required
Slug
aws-pcap-analyzer
MCP.md
---
name: aws-pcap-analyzer
category: digital-forensics
cost: free
api_key_required: no
repo: https://github.com/aws-samples/sample-pcap-analyzer-mcp
paired_skills: ["pcap-and-network-forensics"]
capabilities: ["pcap-analysis", "flow-reconstruction", "ioc-extraction"]
---
# AWS PCAP Analyzer MCP — 31 tools: flow reconstruction, anomaly scoring, IOC extraction
AWS-published sample MCP providing layered packet analysis beyond raw tshark output — flow reconstruction, anomaly detection, and IOC extraction from PCAP files.
## Install
```
git clone https://github.com/aws-samples/sample-pcap-analyzer-mcp
pip install -r requirements.txt
```
## Configuration
```json
{
"mcpServers": {
"pcap-analyzer": {
"command": "python",
"args": ["-m", "pcap_analyzer_mcp"]
}
}
}
```
Update the args path to match your clone directory.
## What it adds
Adds a layer above tshark (030) — flow-level reconstruction to see full conversation context, anomaly scoring to flag unusual traffic patterns, and structured IOC extraction (IP addresses, domains, URIs, hashes from file transfers). Useful for DFIR engagements where the PCAP is large and you need automated triage before manual analysis.
## Pairs with skills
- 084 `pcap-and-network-forensics`
## Cost
Free. AWS-published open-source sample, runs entirely locally. No AWS account required.Pairs with skills
- #084pcap-and-network-forensics
This MCP gives your agent the tools to execute the workflow described by these skills — instead of just describing it.
Bundled in the Toolkit
This MCP is one of 36 pre-configured servers in the Investigator's MCP Toolkit. One-command installer, $149 one-time.
Pricing