Skip to main content
Glama

Wireshark MCP Server

Wireshark MCP Server

A Model Context Protocol (MCP) server that provides AI assistants with direct access to Wireshark network analysis capabilities. This tool enables AI-powered network troubleshooting, packet analysis, and network monitoring through a secure, standardized interface.

Features

  • Live Packet Capture: Capture network traffic in real-time from any network interface
  • PCAP File Analysis: Analyze existing packet capture files with advanced filtering
  • Protocol Statistics: Generate comprehensive protocol hierarchy and conversation statistics
  • Network Interface Management: List and interact with available network interfaces
  • Security Controls: Comprehensive input validation and privilege management
  • Async Operations: Non-blocking operations for high-performance analysis

Requirements

System Requirements

  • Python 3.9+ with pip package manager
  • Wireshark/TShark installed and accessible from command line
  • Network capture permissions (see setup instructions below)
  • Windows/Linux/macOS compatibility

Network Permissions Setup

Windows
  1. Install Wireshark with WinPcap/Npcap during installation
  2. Run as Administrator or ensure user has network capture permissions
Linux
# Add user to wireshark group sudo usermod -aG wireshark $USER # Or set capabilities on dumpcap (preferred) sudo setcap cap_net_raw,cap_net_admin=eip /usr/bin/dumpcap # Logout and login again for group changes to take effect
macOS
# Ensure user has admin privileges or use sudo for captures # Wireshark installer typically handles permissions

Installation

  1. Clone or download the project files
  2. Install Python dependencies:
    pip install -r requirements.txt
  3. Verify Wireshark installation:
    tshark --version

Configuration

Claude Desktop Integration

  1. Locate your Claude Desktop config file:
    • Windows: %APPDATA%\Claude\claude_desktop_config.json
    • macOS: ~/Library/Application Support/Claude/claude_desktop_config.json
    • Linux: ~/.config/Claude/claude_desktop_config.json
  2. Add the Wireshark MCP server configuration:
    { "mcpServers": { "wireshark": { "command": "python", "args": ["/absolute/path/to/wireshark-mcp-server.py"], "env": { "PYTHONPATH": "/absolute/path/to/project/directory", "MCP_LOG_LEVEL": "INFO" } } } }
  3. Restart Claude Desktop to load the new server

VS Code/Cursor Integration

For VS Code or Cursor, configure the MCP server in your IDE's MCP settings, pointing to the wireshark-mcp-server.py file.

Available Tools

get_network_interfaces()

Lists all available network interfaces for packet capture.

Usage:

Please list the available network interfaces

capture_live_packets(interface, count, capture_filter, timeout)

Captures live network packets from a specified interface.

Parameters:

  • interface: Network interface name (e.g., "eth0", "Wi-Fi") or number (e.g., "1")
  • count: Number of packets to capture (default: 50, max: 1000)
  • capture_filter: BPF capture filter expression (optional)
  • timeout: Capture timeout in seconds (default: 30, max: 60)

Usage:

Capture 100 packets from interface eth0 with filter "tcp port 80"

analyze_pcap_file(filepath, display_filter, max_packets)

Analyzes existing PCAP/PCAPNG files with optional filtering.

Parameters:

  • filepath: Path to the PCAP/PCAPNG file
  • display_filter: Wireshark display filter expression (optional)
  • max_packets: Maximum number of packets to analyze (default: 100, max: 1000)

Usage:

Analyze the file /path/to/capture.pcap and show only HTTP requests

get_protocol_statistics(filepath)

Generates protocol hierarchy and IP conversation statistics from a capture file.

Parameters:

  • filepath: Path to the PCAP/PCAPNG file

Usage:

Generate protocol statistics for /path/to/capture.pcap

get_capture_file_info(filepath)

Retrieves detailed information about a capture file (size, duration, packet count, etc.).

Parameters:

  • filepath: Path to the PCAP/PCAPNG file

Usage:

Get information about the capture file /path/to/capture.pcap

Filter Examples

Capture Filters (BPF Syntax)

  • "tcp port 80" - HTTP traffic
  • "host 192.168.1.1" - Traffic to/from specific host
  • "net 10.0.0.0/8" - Traffic on specific network
  • "tcp and port 443" - HTTPS traffic
  • "icmp" - ICMP/ping traffic

Display Filters (Wireshark Syntax)

  • "http.request" - HTTP requests only
  • "tcp.flags.syn == 1" - TCP SYN packets
  • "dns.flags.response == 1" - DNS responses
  • "ip.addr == 192.168.1.1" - Traffic to/from specific IP
  • "tcp.analysis.retransmission" - TCP retransmissions

Security Features

  • Input Validation: All user inputs are validated against security patterns
  • File Path Sanitization: File paths are resolved and validated for safety
  • Resource Limits: Capture duration, packet counts, and file sizes are limited
  • Interface Validation: Only valid network interface names are accepted
  • Filter Validation: Capture and display filters are checked for dangerous patterns

Usage Examples

Basic Network Troubleshooting

AI Assistant: "I need to troubleshoot network connectivity issues" User: "Capture 200 packets from the main network interface and look for any issues"

HTTP Traffic Analysis

AI Assistant: "Let me analyze your web traffic" User: "Capture traffic on port 80 and 443 for 60 seconds and show me the top websites accessed"

Security Investigation

AI Assistant: "Analyzing suspicious network activity" User: "Examine this PCAP file for any unusual connections or potential security threats"

Performance Analysis

AI Assistant: "Investigating network performance issues" User: "Generate protocol statistics from this capture file to identify bandwidth usage"

Troubleshooting

Common Issues

  1. "TShark not found" error
    • Ensure Wireshark is installed and tshark is in your PATH
    • On Windows, check C:\Program Files\Wireshark\tshark.exe
  2. Permission denied for packet capture
    • Follow the network permissions setup instructions above
    • On Linux/macOS, you may need to use sudo for live captures
  3. "FastMCP not installed" error
    • Install required dependencies: pip install -r requirements.txt
  4. Interface not found
    • Use get_network_interfaces() to see available interfaces
    • Interface names vary by operating system

Debug Mode

Enable debug logging by setting the environment variable:

export MCP_LOG_LEVEL=DEBUG python wireshark-mcp-server.py

Development

Testing the Server

# Install development dependencies pip install -r requirements.txt # Test the server directly python wireshark-mcp-server.py # Run with debug logging MCP_LOG_LEVEL=DEBUG python wireshark-mcp-server.py

Contributing

  1. Fork the repository
  2. Create a feature branch
  3. Add tests for new functionality
  4. Submit a pull request

License

This project is provided as-is for educational and professional use. Please ensure compliance with your organization's security and network monitoring policies.

Support

For issues and questions:

  1. Check the troubleshooting section above
  2. Verify Wireshark installation and permissions
  3. Check the project logs for detailed error messages
  4. Ensure all requirements are properly installed

Acknowledgments

  • Built on the Model Context Protocol (MCP) by Anthropic
  • Utilizes the Wireshark network analysis toolkit
  • Designed for secure, AI-powered network analysis
-
security - not tested
A
license - permissive license
-
quality - not tested

local-only server

The server can only run on the client's local machine because it depends on local resources.

Provides AI assistants with direct access to Wireshark network analysis capabilities, enabling AI-powered network troubleshooting, packet analysis, and network monitoring through a secure interface.

Related MCP Servers

  • -
    security
    A
    license
    -
    quality
    Enables AI assistants to perform network scanning operations using NMAP, offering a standardized interface for network analysis and security assessments through AI conversations.
    Last updated -
    250
    25
    JavaScript
    MIT License
  • A
    security
    A
    license
    A
    quality
    Provides tools to interact with the Farcaster network, allowing AI models to fetch casts, search channels, and analyze content.
    Last updated -
    3
    2
    JavaScript
    MIT License
    • Apple
  • -
    security
    F
    license
    -
    quality
    An integration that enables AI assistants to interact with network data through a standardized protocol, providing AI-ready tools and interfaces for network automation and management.
    Last updated -
    14
    Python
  • -
    security
    F
    license
    -
    quality
    A Model Context Protocol server that integrates Wireshark's network analysis capabilities with AI systems like Claude, allowing direct analysis of network packet data without manual copying.
    Last updated -
    4
    Python
    • Apple
    • Linux

View all related MCP servers

MCP directory API

We provide all the information about MCP servers via our MCP API.

curl -X GET 'https://glama.ai/api/mcp/v1/servers/mixelpixx/Wireshark-MCP'

If you have feedback or need assistance with the MCP directory API, please join our Discord server