Skip to main content
Glama

Wireshark MCP Server

by PreistlyPython
GitHub
Python
1
  • Linux
  • Apple
OverviewInspectNewEndpointsSchemaRelated ServersReviewsScore
Need Help?View Source CodeReport Issue

🦈 Wireshark MCP Server - Production Ready

Professional Wireshark MCP server with 18 comprehensive network analysis tools for Claude Desktop integration.

🚀 Features

  • 18 Complete Network Analysis Tools - Comprehensive packet analysis suite
  • Real-time JSON Streaming - Live packet capture in multiple formats
  • Advanced PCAP Operations - Split, merge, time-slice, and convert files
  • Security Analysis - Threat detection and anomaly analysis
  • LLM-Powered Filter Generation - Natural language to Wireshark filters
  • Enterprise-Ready - Production-grade error handling and logging

📦 Quick Setup

Prerequisites

# Linux (Ubuntu/Debian) sudo apt-get install wireshark tshark tcpdump python3-pip # macOS brew install wireshark tcpdump python3 # Windows choco install wireshark python3

Installation

git clone https://github.com/priestlypython/wireshark-mcp.git cd wireshark-mcp pip install -r requirements.txt # Configure permissions (Linux) sudo usermod -a -G wireshark $USER sudo setcap cap_net_raw,cap_net_admin=eip /usr/bin/dumpcap newgrp wireshark

Claude Desktop Configuration

Add to your claude_desktop_config.json:

{ "mcpServers": { "wireshark-mcp": { "command": "python", "args": ["/path/to/wireshark-mcp/enhanced_server.py"], "cwd": "/path/to/wireshark-mcp", "env": { "PYTHONPATH": "/path/to/wireshark-mcp", "WIRESHARK_PATH": "/usr/bin", "TSHARK_PATH": "/usr/bin/tshark", "TCPDUMP_PATH": "/usr/sbin/tcpdump" } } } }

🛠️ All 18 Tools

Core Analysis Tools (8)

ToolPurposeOutput
wireshark_system_infoSystem info & interfacesJSON with capabilities
wireshark_validate_setupValidate installationDependency status
wireshark_generate_filterAI filter generationWireshark display filter
wireshark_live_captureLive packet capturePacket array
wireshark_analyze_pcapPCAP analysisComprehensive stats
wireshark_realtime_json_captureJSON streamingReal-time packets
wireshark_protocol_statisticsProtocol analysisHierarchy & conversations
wireshark_analyze_pcap_enhancedAdvanced analysisSecurity & performance

Advanced Tools (10)

ToolPurposeOutput
wireshark_pcap_time_sliceExtract time windowsTime-sliced PCAP
wireshark_pcap_splitterSplit PCAP filesMultiple split files
wireshark_pcap_mergerMerge PCAP filesMerged PCAP file
wireshark_hex_to_pcapConvert hex to PCAPPCAP file
wireshark_http_analyzerHTTP traffic analysisTransaction details
wireshark_dns_analyzerDNS query analysisQuery patterns & anomalies
wireshark_ssl_inspectorSSL/TLS inspectionCertificate & cipher info
wireshark_latency_profilerPerformance analysisLatency metrics
wireshark_threat_detectorSecurity analysisThreat scores & indicators
wireshark_remote_captureSSH remote captureRemote packet data

💡 Usage Examples

System Information

# Check system capabilities wireshark_system_info(info_type="all") # → Returns interfaces, capabilities, server status

Live Packet Capture

# Capture HTTP traffic for 30 seconds wireshark_live_capture( interface="eth0", duration=30, filter="tcp port 80", max_packets=1000 ) # → Returns captured packets with analysis

PCAP Analysis

# Comprehensive PCAP analysis wireshark_analyze_pcap( filepath="/path/to/capture.pcap", analysis_type="comprehensive" ) # → File info, protocols, security analysis

Filter Generation

# Generate filter from natural language wireshark_generate_filter( description="Show all HTTP traffic from 192.168.1.0/24", complexity="intermediate" ) # → Returns optimized Wireshark filter

PCAP Operations

# Split large PCAP by time wireshark_pcap_time_slice( input_file="/path/to/large.pcap", start_time="2025-01-01T10:00:00", end_time="2025-01-01T11:00:00" ) # → Creates time-sliced PCAP file # Merge multiple PCAPs wireshark_pcap_merger( input_files=["file1.pcap", "file2.pcap"], output_file="merged.pcap", sort_chronologically=true ) # → Creates chronologically sorted merged file

Security Analysis

# Threat detection wireshark_threat_detector( input_file="/path/to/suspicious.pcap", detection_mode="comprehensive", sensitivity="high" ) # → Threat scores, anomalies, behavioral analysis # DNS tunneling detection wireshark_dns_analyzer( input_file="/path/to/capture.pcap", analysis_type="comprehensive", detect_tunneling=true ) # → DNS patterns, suspicious domains, entropy analysis

🔧 Expected Outputs

Structured JSON Results

All tools return well-structured JSON with:

  • Status indicators (✅ Success, ❌ Error)
  • Rich metadata (file sizes, timestamps, statistics)
  • Analysis results (protocols, conversations, threats)
  • Recommendations (filter suggestions, security insights)

File Operations

PCAP manipulation tools create properly formatted files:

  • Time-sliced captures with precise timestamps
  • Split files with organized naming conventions
  • Merged files with chronological packet ordering
  • Converted files maintaining packet integrity

Security Intelligence

Advanced analysis provides:

  • Threat scores (0-100 risk assessment)
  • Anomaly detection (statistical analysis)
  • Pattern recognition (attack signatures)
  • Behavioral analysis (network health indicators)

🚨 Troubleshooting

Permission Issues (Common)

# Linux: Set capabilities sudo setcap cap_net_raw,cap_net_admin=eip /usr/bin/dumpcap sudo usermod -a -G wireshark $USER # macOS: Run Wireshark as admin once sudo /Applications/Wireshark.app/Contents/MacOS/Wireshark # Windows: Run as Administrator

Tool Not Found

  • Ensure Wireshark is installed and in PATH
  • Check wireshark_validate_setup tool for missing dependencies
  • Verify configuration paths in Claude Desktop config

No Packets Captured

  • Check interface permissions with wireshark_system_info
  • Verify network traffic exists on selected interface
  • Try different interface (eth0, wlan0, any)

Test Results

Latest Test Date: 2025-08-20
Success Rate: 94.4% (17/18 tools fully operational)

CategoryToolsStatus
Core System Tools3/3✅ 100%
Capture Tools2/2✅ 100%
Analysis Tools4/4✅ 100%
PCAP Manipulation4/4✅ 100%
Protocol Analyzers4/4✅ 100%
Remote Capture0/1⚠️ Requires SSH

See WIRESHARK_MCP_TEST_REPORT.md for detailed test results.

📊 Performance

  • Processing Rate: 10,000+ packets/second
  • File Support: Multi-GB PCAP files with streaming
  • Memory Efficient: Chunked processing for large files
  • Real-time: Sub-second response times
  • Concurrent: Multiple analysis operations supported
  • Average Response: ~300ms per operation

🛡️ Security

  • Secure Permissions: Linux capabilities instead of root
  • Process Isolation: Sandboxed subprocess execution
  • Automatic Cleanup: Temporary files removed after use
  • Audit Logging: Comprehensive operation logging
  • Error Handling: Graceful failure with informative messages

📄 License

MIT License - see LICENSE for details.

🦈 Professional network analysis powered by AI. Built for enterprise, designed for developers.

This server cannot be installed

-
security - not tested
F
license - not found
-
quality - not tested

How are these scores calculated?

hybrid server

The server is able to function both locally and remotely, depending on the configuration or use case.

Enterprise network analysis platform that enables AI-powered packet analysis, threat detection, and network security capabilities through Claude Desktop integration.

  1. 🚀 Features
    1. 📦 Quick Setup
      1. Prerequisites
      2. Installation
      3. Claude Desktop Configuration
    2. 🛠️ All 18 Tools
      1. Core Analysis Tools (8)
      2. Advanced Tools (10)
    3. 💡 Usage Examples
      1. System Information
      2. Live Packet Capture
      3. PCAP Analysis
      4. Filter Generation
      5. PCAP Operations
      6. Security Analysis
    4. 🔧 Expected Outputs
      1. Structured JSON Results
      2. File Operations
      3. Security Intelligence
    5. 🚨 Troubleshooting
      1. Permission Issues (Common)
      2. Tool Not Found
      3. No Packets Captured
    6. ✅ Test Results
      1. 📊 Performance
        1. 🛡️ Security
          1. 📄 License

            Related MCP Servers

            • MCP Code Analyzer

              emiryasar
              -
              security
              A
              license
              -
              quality
              A comprehensive code analysis and management tool that integrates with Claude Desktop to analyze code at project and file levels, helping adapt changes to projects intelligently.
              Last updated -
              38
              MIT License

            • ethereum-tools

              0xGval
              A
              security
              F
              license
              A
              quality
              A comprehensive toolkit for Ethereum blockchain analysis within Claude AI, enabling contract auditing, wallet analysis, profitability tracking, and on-chain data retrieval.
              Last updated -
              11
              632
              9

            • System Resource Monitor MCP Server

              abhinav7895
              -
              security
              A
              license
              -
              quality
              Provides Claude with real-time system monitoring capabilities, including CPU, memory, disk, network, battery, and internet speed metrics.
              Last updated -
              1
              MIT License
              • Apple

            • IR Toolshed MCP Server

              rossja
              -
              security
              A
              license
              -
              quality
              A Model Context Protocol server that provides network analysis tools for security professionals, enabling AI models like Claude to perform tasks such as ASN lookups, DNS analysis, WHOIS retrieval, and IP geolocation for security investigations.
              Last updated -
              1
              Apache 2.0
              • Linux
              • Apple

            View all related MCP servers

            Appeared in Searches

            New MCP Servers

            MCP directory API

            We provide all the information about MCP servers via our MCP API.

            curl -X GET 'https://glama.ai/api/mcp/v1/servers/PreistlyPython/wireshark-mcp'

            If you have feedback or need assistance with the MCP directory API, please join our Discord server