Server Configuration
Describes the environment variables required to run the server.
| Name | Required | Description | Default |
|---|---|---|---|
No arguments | |||
Capabilities
Features and capabilities supported by this server
| Capability | Details |
|---|---|
| tools | {
"listChanged": false
} |
| prompts | {
"listChanged": false
} |
| resources | {
"subscribe": false,
"listChanged": false
} |
| experimental | {} |
Tools
Functions exposed to the LLM to take actions
| Name | Description |
|---|---|
| wireshark_list_interfaces | List available network interfaces for capture. Returns: List of interfaces with index, name, and status Example: wireshark_list_interfaces() |
| wireshark_capture | Capture live network traffic. Args: interface: Interface index or name (from list_interfaces) output_file: Absolute path for output .pcap file duration_seconds: Capture duration (0 = unlimited) packet_count: Stop after N packets (0 = unlimited) capture_filter: BPF filter (e.g. "host 192.168.1.1 and port 80") ring_buffer: Ring buffer config (e.g. "filesize:1024,files:5") Returns: Success message with file path or error JSON Errors: ExecutionError: Capture failed Example: wireshark_capture("eth0", "/tmp/capture.pcap", duration_seconds=30, capture_filter="port 80") |
| wireshark_filter_save | Filter packets from a pcap and save to a new file. Args: input_file: Source pcap file output_file: Destination pcap file display_filter: Wireshark display filter (e.g. "http.request.method == POST") Returns: Success message or error JSON Errors: FileNotFound: input_file does not exist ExecutionError: Filter failed Example: wireshark_filter_save("big.pcap", "http_only.pcap", "http") |
| wireshark_stats_protocol_hierarchy | [PHS] Get Protocol Hierarchy Statistics. Shows distribution of protocols in the capture. Returns: Tree-structured protocol statistics or JSON error Errors: FileNotFound: pcap_file does not exist Example: wireshark_stats_protocol_hierarchy("traffic.pcap") |
| wireshark_stats_endpoints | [Endpoints] List all endpoints and their traffic stats. Args: type: Protocol type - 'eth', 'ip', 'ipv6', 'tcp', 'udp', 'sctp', 'wlan' Returns: Endpoint statistics table or JSON error Errors: FileNotFound: pcap_file does not exist InvalidParameter: Invalid protocol type Example: wireshark_stats_endpoints("traffic.pcap", type="tcp") |
| wireshark_stats_conversations | [Conversations] Show communication pairs and their stats. Args: type: Protocol type - 'eth', 'ip', 'ipv6', 'tcp', 'udp', 'sctp', 'wlan' Returns: Conversation statistics table or JSON error Errors: FileNotFound: pcap_file does not exist InvalidParameter: Invalid protocol type Example: wireshark_stats_conversations("traffic.pcap", type="tcp") |
| wireshark_stats_io_graph | [I/O Graph] Traffic volume over time. Args: interval: Time interval in seconds (default: 1) Returns: Time-series traffic statistics or JSON error Errors: FileNotFound: pcap_file does not exist Example: wireshark_stats_io_graph("traffic.pcap", interval=5) |
| wireshark_stats_expert_info | [Expert Info] Automatic anomaly detection. Detects: retransmissions, errors, warnings, protocol issues. Returns: Expert analysis results or JSON error Errors: FileNotFound: pcap_file does not exist Example: wireshark_stats_expert_info("traffic.pcap") |
| wireshark_stats_service_response_time | [SRT] Service Response Time statistics. Args: protocol: Application protocol - 'http', 'dns', 'smb', etc. Returns: Response time statistics or JSON error Errors: FileNotFound: pcap_file does not exist Example: wireshark_stats_service_response_time("web.pcap", protocol="http") |
| wireshark_get_packet_list | [Summary] Get a summary list of packets (like Wireshark's top pane). Use this first to scan traffic before drilling down. Args: pcap_file: Path to capture file limit: Rows to return (default: 20) offset: Skip first N rows display_filter: Wireshark display filter (e.g. "tcp.port == 80") Returns: Tabular list with columns: No, Time, Source, Destination, Protocol, Length, Info Example: wireshark_get_packet_list("traffic.pcap", display_filter="http") |
| wireshark_get_packet_details | [Detail] Get full details for a SINGLE packet (like Wireshark's bottom pane). Args: pcap_file: Path to capture file frame_number: The packet number (from wireshark_get_packet_list) Returns: Complete JSON structure of the packet Example: wireshark_get_packet_details("traffic.pcap", frame_number=42) |
| wireshark_read_packets | [DEPRECATED] Read packet data in structured JSON format.
WARNING: This tool can return very large, complex JSON.
Prefer Args: pcap_file: Path to capture file limit: Maximum packets to return (default: 100) offset: Skip first N packets (pagination) display_filter: Wireshark display filter (e.g. "tcp.port == 80") Returns: JSON array of packets with full layer details on success JSON error object on failure: {"success": false, "error": {...}} Errors: FileNotFound: pcap_file does not exist ExecutionError: tshark JSON parsing failed Example: wireshark_read_packets("traffic.pcap", limit=10, display_filter="http") |
| wireshark_extract_fields | [Tabular] Extract specific fields as comma/tab-separated data. Args: fields: Comma-separated field names (e.g. "ip.src,tcp.port,http.host") display_filter: Optional filter (e.g. "http.request.method == POST") limit: Max rows to return (default: 100) offset: Skip first N rows (pagination) Returns: Tabular text output or JSON error Errors: FileNotFound: pcap_file does not exist ExecutionError: Field extraction failed Example: wireshark_extract_fields("file.pcap", "ip.src,ip.dst,tcp.port", display_filter="tcp") |
| wireshark_extract_http_requests | [Convenience] Extract HTTP request details (method, URI, host). Pre-configured field extraction for HTTP analysis. Returns: Tabular text with HTTP request data or JSON error Example: wireshark_extract_http_requests("web_traffic.pcap", limit=50) |
| wireshark_extract_dns_queries | [Convenience] Extract DNS query details (name, type). Pre-configured for DNS analysis. Returns: Tabular text with DNS queries or JSON error Example: wireshark_extract_dns_queries("dns_traffic.pcap") |
| wireshark_list_ips | [Convenience] List all unique IP addresses in capture. Args: type: IP type to extract - 'src', 'dst', or 'both' Returns: Newline-separated list of unique IPs or JSON error Example: wireshark_list_ips("traffic.pcap", type="src") |
| wireshark_export_objects | [Export] Extract embedded files from traffic. Args: protocol: Protocol type - 'http', 'smb', 'tftp', 'imf', 'dicom' dest_dir: Destination directory for extracted files Returns: Success message or JSON error Errors: FileNotFound: pcap_file does not exist InvalidParameter: Invalid protocol Example: wireshark_export_objects("traffic.pcap", "http", "/tmp/exported") |
| wireshark_search_content | [Search] Find packets containing specific data. Args: match_pattern: Pattern to search for search_type: Search method - 'string', 'hex', 'regex' limit: Maximum matches to return Returns: Matching packets or JSON error Errors: FileNotFound: pcap_file does not exist Example: wireshark_search_content("traffic.pcap", "password", search_type="string") |
| wireshark_follow_stream | [Stream] Reassemble and view complete stream content. Supports pagination to avoid token limits. Args: stream_index: Stream ID from conversations/stats protocol: Stream protocol - 'tcp', 'udp', 'tls', 'http', 'http2' output_mode: Output format - 'ascii', 'hex', 'raw' limit_lines: Max lines to return (default: 500) offset_lines: Skip first N lines (for pagination) search_content: Optional string to grep/search within the stream Returns: Reconstructed stream data or JSON error Errors: FileNotFound: pcap_file does not exist InvalidParameter: Invalid protocol Example: wireshark_follow_stream("traffic.pcap", stream_index=0, search_content="password") |
| wireshark_verify_ssl_decryption | [SSL] Verify TLS decryption with keylog file. Args: keylog_file: Path to SSL/TLS keylog file (SSLKEYLOGFILE format) Returns: Expert info with decryption status or JSON error Errors: FileNotFound: pcap_file or keylog_file does not exist Example: wireshark_verify_ssl_decryption("https.pcap", "ssl_keylog.txt") |
| wireshark_get_file_info | Get detailed metadata about a capture file. Uses capinfos to show: file type, packet count, duration, size, etc. Returns: Detailed file metadata or JSON error Errors: FileNotFound: pcap_file does not exist ToolNotFound: capinfos not available Example: wireshark_get_file_info("traffic.pcap") |
| wireshark_merge_pcaps | Merge multiple capture files into one. Args: output_file: Path for merged output file input_files: Comma-separated list of input file paths Returns: Success message or JSON error Errors: FileNotFound: One or more input files not found ToolNotFound: mergecap not available Example: wireshark_merge_pcaps("merged.pcap", "file1.pcap,file2.pcap,file3.pcap") |
| wireshark_check_threats | [Security] Check captured IPs against URLhaus threat intelligence. Downloads and caches threat feed from abuse.ch. Returns: Threat analysis summary or JSON error Errors: FileNotFound: pcap_file does not exist DependencyError: Failed to extract IPs NetworkError: Failed to download threat feed Example: wireshark_check_threats("suspicious.pcap") |
| wireshark_extract_credentials | [Security] Scan for plaintext credentials in traffic. Detects: HTTP Basic Auth, FTP passwords, Telnet login attempts. Returns: Credential findings summary or JSON error Errors: FileNotFound: pcap_file does not exist DependencyError: Field extraction failed Example: wireshark_extract_credentials("insecure.pcap") |
Prompts
Interactive templates invoked by user choice
| Name | Description |
|---|---|
No prompts | |
Resources
Contextual data attached and managed by the client
| Name | Description |
|---|---|
No resources | |