demo_usage.cpython-310.pyc•7.93 kB
o
����R�Uhw%�����������������������@���sV���d�Z�d�d�l�Z�d�d�l�Z�d�d�l�m�Z���d�d���Z�d�d���Z�d�d ��Z�d
d���Z�e d�k�r)e�����d�S�d�S�)
z�
Wireshark MCP Server - Usage Demonstration
This script demonstrates how the Wireshark MCP server would be used
by an AI assistant to help users with network analysis tasks.
�����N)���Pathc��������������������C���s����t�d�����t�d�����d�d�g�d���d���d�d�g�d ��d���d
d�g�d���d���d
d�g�d���d���g�}�t�|�d���D�]G\�}�}�t�d�|���d�|�d�����������t�d�����t�d�|�d�����������t�����t�|�d���d���D�]�\�}�}�|���d���rgt�d�|���������t�d�����n�t�d�|���������t�����qRq+t�d�����t�d�����t�d�����t�d�����t�d�����t�d ����d!S�)"z_
Demonstrate typical conversations between user and AI using the Wireshark MCP server.
u-���🌐 Wireshark MCP Server - AI Assistant Demoz2==================================================z�Network TroubleshootingzgI'm having connectivity issues with my web server. Can you help me capture and analyze network traffic?)�zlI'll help you troubleshoot your network connectivity. Let me start by checking available network interfaces.z"MCP Call: get_network_interfaces()z_I can see your network interfaces. Now let's capture some live traffic to see what's happening.zuMCP Call: capture_live_packets(interface='eth0', count=200, capture_filter='tcp port 80 or tcp port 443', timeout=60)zUI've captured 200 packets of HTTP/HTTPS traffic. Let me analyze the patterns I see...zgBased on the capture, I can see several TCP retransmissions and connection timeouts to your web server.)���scenario��user��ai_stepsz�Security InvestigationzQI have a suspicious PCAP file. Can you analyze it for potential security threats?)�z[I'll analyze your PCAP file for security threats. Let me start with basic file information.zDMCP Call: get_capture_file_info(filepath='/path/to/suspicious.pcap')zNNow let me generate protocol statistics to understand the traffic composition.zFMCP Call: get_protocol_statistics(filepath='/path/to/suspicious.pcap')zjLet me look for suspicious patterns like unusual ports, failed connections, or data exfiltration attempts.z�MCP Call: analyze_pcap_file(filepath='/path/to/suspicious.pcap', display_filter='tcp.flags.reset==1 or dns.flags.response==0', max_packets=500)z�I found several concerning patterns: unusual DNS queries, failed TCP connections, and potential data exfiltration on non-standard ports.z�Performance AnalysiszNOur network seems slow. Can you help identify bandwidth usage and top talkers?)�zbI'll help you analyze network performance. Let's capture live traffic to identify bandwidth usage.zFMCP Call: capture_live_packets(interface='1', count=1000, timeout=120)zKNow let me analyze the capture for conversation statistics and top talkers.z?MCP Call: get_protocol_statistics(filepath='temp_capture.pcap')zWBased on the analysis, I can see the top bandwidth consumers and protocol distribution.zpThe analysis shows heavy BitTorrent traffic consuming 60% of your bandwidth, followed by streaming video at 25%.z�HTTP Transaction AnalysiszGI need to analyze HTTP transactions in this capture file for debugging.)�zeI'll analyze the HTTP transactions in your capture file. Let me filter for HTTP traffic specifically.z�MCP Call: analyze_pcap_file(filepath='/path/to/web_traffic.pcap', display_filter='http.request or http.response', max_packets=200)z;Let me also look at any HTTP errors or failed transactions.z~MCP Call: analyze_pcap_file(filepath='/path/to/web_traffic.pcap', display_filter='http.response.code >= 400', max_packets=100)zcI found several HTTP 404 and 500 errors, plus some slow response times that indicate server issues.�����u����
📋 Scenario z�: r����z(----------------------------------------u����👤 User: r����r����z MCP Call:u����🤖 AI Assistant: z$ [Executing Wireshark MCP tool...]u����🎯 Key Benefits Demonstrated:z5- AI can directly interact with network capture toolsz@- Complex analysis tasks are simplified through natural languagez-- Security validation ensures safe operationsz0- Real-time and file-based analysis capabilitiesz/- Integration with existing Wireshark expertiseN)���print� enumerate�
startswith)��
conversations��i��conv��step_num��step��r�����
demo_usage.py��demo_conversation
���sJ����������������
���������������
���������3����������
���
�������������������r����c���������������� ���C���s����t�d�����t�d�����d�d�d�d�d���d�d d
d�d���d�d
d�d�d���d�d�d�d�d���d�d�d�d�d���d���}�|�����D�]/\�}�}�t�d�|���������t�d�|�d�����������t�d�|�d�����������t�d�|�d�����������t�d�|�d ����������q-d!S�)"z4Show the available MCP tools and their capabilities.u����
🛠️ Available MCP Toolsz�==============================z&Lists all available network interfaces��Nonez�get_network_interfaces()z!Discovery and interface selection)���description�
parameters��example��use_casez�Captures live network trafficz)interface, count, capture_filter, timeoutz4capture_live_packets('eth0', 100, 'tcp port 80', 30)z.Real-time traffic analysis and troubleshootingz�Analyzes existing PCAP filesz%filepath, display_filter, max_packetsz9analyze_pcap_file('/path/file.pcap', 'http.request', 200)z0Forensic analysis and detailed packet inspectionz.Generates protocol and conversation statistics��filepathz*get_protocol_statistics('/path/file.pcap')z(Traffic profiling and bandwidth analysisz!Gets metadata about capture filesz(get_capture_file_info('/path/file.pcap')z"File validation and quick overview)���get_network_interfaces��capture_live_packets��analyze_pcap_file��get_protocol_statistics��get_capture_file_infou����
📌 z� Description: r����z� Parameters: r����z� Example: r����z
Use Case: r����N)�r������items)���tools� tool_name��infor����r����r������demo_mcp_tools\���sF������������������������������������������������������������!������������r!���c��������������������C���s����t�d�����t�d�����d�d�g�d���d���d�d�g�d ��d���d
d�g�d���d���d
d�g�d���d���d�d�g�d���d���g�}�|�D�]"}�t�d�|�d�����������t�d�|�d�����������|�d���D�] }�t�d�|���������qGq/d�S�)�z8Demonstrate the security features built into the server.u����
🔒 Security Featuresz�====================z�Interface Validationz)Only allows valid network interface names)�u����✅ eth0u ���✅ Wi-Fiu����❌ ../etc/passwdu����❌ interface;rm -rf /)���featurer������examplesz�File Path Sanitizationz"Validates and sanitizes file paths)�u����✅ /valid/path/file.pcapu����❌ ../../../etc/shadowu����❌ file.txtz�Capture Filter Validationz+Validates BPF filter expressions for safety)�u����✅ tcp port 80u����✅ host 192.168.1.1u����❌ filter;rm -rf /u����❌ $(malicious)z�Resource Limitsz5Enforces limits on capture duration and packet counts)�z�Max 300 seconds capturez�Max 10,000 packetsz�Max 100MB file sizez�Input Sanitizationz+All user inputs are validated and sanitized)�z
Length limitsz�Character filteringz�Type validationu
���
🛡️ r"���z� r����r#���N)�r����)���security_featuresr"���r����r����r����r������demo_security_features����s<���������������������������������������������������������������r%���c��������������������C���sv���t�����t�����t�����t�d�����t�d�����t�d�����t�d�����t�d�����t�d�����t�d�����t�d�����t�d ����t�d
����t�d�����t�d�����d
S�)�z�Main demonstration function.u����
🚀 Getting Startedz�=================z81. Install dependencies: pip install -r requirements.txtz'2. Ensure Wireshark/TShark is installedz43. Configure Claude Desktop with the provided configz;4. Start using natural language to analyze network traffic!u����
📚 Example Commands to Try:z%- 'List available network interfaces'z+- 'Capture 100 packets from interface eth0'z+- 'Analyze this PCAP file for HTTP traffic'z0- 'Show protocol statistics for my capture file'z4- 'Help me troubleshoot network connectivity issues'N)�r����r!���r%���r����r����r����r����r������main����s����������������������������������r&�����__main__)
��__doc__��asyncio��json��pathlibr����r����r!���r%���r&�����__name__r����r����r����r������<module>����s���������������O�-�'��
���