Which integrations are available for this server?

Provides tools for analyzing network traffic and pcap files, including packet summarization, deep packet dissection, stream reassembly, and automated extraction of HTTP requests, DNS queries, and credentials.

How do I use Wireshark MCP?

1. Click on "Install Server". 2. Wait a few minutes for the server to deploy. Once ready, it will show a "Started" state. 3. In the chat, type @ followed by the MCP server name and your instructions, e.g., "@Wireshark MCP analyze capture.pcap and check for any plaintext credentials" That's it! The server will respond to your query, and you can continue using it as needed. Here is a step-by-step guide with screenshots.

Wireshark MCP

Simple MCP Server to allow vibe packet analysis in Wireshark.

English | 中文

Prerequisites

Python (3.10 or higher)
Wireshark (ensure tshark is in your PATH)
Supported MCP Client (pick one you like)
- Claude Code
- Claude
- Cursor
- VS Code with generic MCP client extension
- Other MCP Clients

Installation

Install the latest version of the Wireshark MCP package:

pip install wireshark-mcp

Or install directly from source:

pip install git+https://github.com/bx33661/Wireshark-MCP.git

Configuration

Add the server to your MCP client configuration (e.g., claude_desktop_config.json):

{ "mcpServers": { "wireshark": { "command": "uv", "args": [ "tool", "run", "wireshark-mcp" ] } } }

Note: You can also run it directly with python -m wireshark_mcp if installed in your environment.

Prompt Engineering

LLMs are good at general analysis but can struggle with the specifics of packet dissection. Below is a minimal example prompt strategy:

Your task is to analyze a pcap file using Wireshark MCP tools. - Start by getting a packet list summary to understand the traffic flow (`wireshark_get_packet_list`). - If you see interesting packets, get full details for that specific frame (`wireshark_get_packet_details`). - For TCP/HTTP flows, use `wireshark_follow_stream` to see the full conversation. - Use `wireshark_extract_http_requests` or `wireshark_extract_dns_queries` for quick high-level overviews. - NEVER try to guess packet contents; always verify with the tools. - Create a report.md with your findings.

Core Functions

Packet Analysis

wireshark_get_packet_list(pcap_file, limit, offset, display_filter): Get a summary list of packets (like Wireshark's top pane).
wireshark_get_packet_details(pcap_file, frame_number): Get full details for a SINGLE packet (like Wireshark's bottom pane).
wireshark_follow_stream(pcap_file, stream_index, protocol, ...): Reassemble and view complete stream content with pagination and search.

Data Extraction

wireshark_extract_fields(pcap_file, fields, ...): Extract specific fields as tabular data.
wireshark_extract_http_requests(pcap_file): Convenience tool for HTTP method, URI, host.
wireshark_extract_dns_queries(pcap_file): Convenience tool for DNS queries.
wireshark_list_ips(pcap_file): List all unique IP addresses in capture.

Stats & Capture

wireshark_stats_protocol_hierarchy(pcap_file): Protocol distribution.
wireshark_stats_conversations(pcap_file, type): Traffic between endpoints.
wireshark_filter_save(input_file, output_file, display_filter): Save a subset of packets to a new file.

Security

wireshark_check_threats(pcap_file): Check IPs against threat intelligence feeds.
wireshark_extract_credentials(pcap_file): Scan for plaintext credentials.