Inspecting Claude Code’s Network Traffic with Linux Namespaces and MITM Proxying (Part 1)

This is an analysis of how Claude Code initiates web scraping requests. You might be surprised to find that claude code could scrape from an API endpoint, or from the host that’s running claude code. In this series, you will learn how to use network namespaces, tcpdump and MITMproxy to isolate a client’s network traffic and experimentally discover whether claude code is scraping content from an api endpoint or from the host that’s running claude code. You installed Claude Code. It ships with built-in network tools (WebFetch & WebSearch) that can reach out to the internet on your behalf. Each use requires your explicit approval (unless you’ve configured auto-approve policies). But here’s the question nobody answers in the documentation: What exactly does it send and where is it sending requests from? Inspecting Claude Code’s Network Traffic with Linux Namespaces and MITM Proxying In the proxied fetch model, the request would route through Anthropic’s servers. The target system sees…