Wireshark MCP

Wireshark MCP (Model Context Protocol)

A Model Context Protocol (MCP) server for integrating Wireshark network analysis capabilities with AI systems like Claude. This implementation provides direct integration with Claude without requiring manual copy/paste of prompts.

What is Wireshark MCP?

Wireshark MCP provides a standardized way for AI assistants to access and analyze network packet data through Wireshark. It bridges the gap between low-level network data and high-level AI understanding by implementing the Model Context Protocol.

The server provides tools for:

Capturing live network traffic
Analyzing existing pcap files
Extracting protocol-specific information
Summarizing network flows

Quick Start

Installation

# Clone the repository 
git clone https://github.com/sarthaksiddha/Wireshark-mcp.git 
cd Wireshark-mcp

# Install dependencies
pip install -e .

Running the MCP Server

# Run with stdio transport (for Claude Desktop)
python mcp_server.py --stdio

# Run with SSE transport (for other MCP clients)
python mcp_server.py --host 127.0.0.1 --port 5000

Configuring Claude Desktop

To configure Claude Desktop to use the Wireshark MCP server:

Open Claude Desktop
Go to Settings > Developer > Edit Config
Add the following configuration:

{
  "mcpServers": {
    "wireshark": {
      "command": "python",
      "args": [
        "/path/to/wireshark-mcp/mcp_server.py",
        "--stdio"
      ]
    }
  }
}

Replace /path/to/wireshark-mcp with the actual path to your repository.

Available Tools

The Wireshark MCP server provides the following tools:

capture_live_traffic: Capture live network traffic using tshark
analyze_pcap: Analyze an existing pcap file
get_protocol_list: Get a list of supported protocols

Example Usage in Claude

Once configured, you can use the Wireshark MCP server in Claude with queries like:

"Capture 30 seconds of network traffic on my system and show me what's happening"
"Analyze my network.pcap file and tell me if there are any suspicious activities"
"What protocols can I focus on when analyzing network traffic?"

Key Features

Packet Summarization: Convert large pcap files into token-optimized summaries
Protocol Intelligence: Enhanced context for common protocols (HTTP, DNS, TLS, SMTP, etc.)
Flow Tracking: Group related packets into conversation flows
Anomaly Highlighting: Emphasize unusual or suspicious patterns
Query Templates: Pre-built prompts for common network analysis tasks
Visualization Generation: Create text-based representations of network patterns
Multi-level Abstraction: View data from raw bytes to high-level behaviors
Web Interface: Browser-based UI for easier analysis and visualization
Agent-to-Agent (A2A) Integration: Expose packet analysis as an A2A-compatible agent
Advanced Security Framework: Comprehensive security controls for data protection and communication
IP Address Protection: Multiple strategies for anonymizing sensitive network addresses
Secure Communication: Robust message signatures for secure agent-to-agent communication
Cross-Platform: Works on Windows, macOS, and Linux

Documentation

Claude Integration Guide - Detailed guide for connecting with Claude AI
A2A Module Documentation - Guide for using the Agent-to-Agent integration
A2A Security Guide - Security considerations for A2A integration
IP Protection Guide - Detailed guide on IP address anonymization and obfuscation
Security Manager Guide - Comprehensive guide to the unified security framework
Message Security Signatures - Guide for secure message signing and verification
Web Interface README - Information on using the web interface
Utility Scripts - Helpful scripts for PCAP analysis

Basic Usage

from wireshark_mcp import WiresharkMCP, Protocol
from wireshark_mcp.formatters import ClaudeFormatter

# Initialize with a pcap file
mcp = WiresharkMCP("capture.pcap")

# Generate a basic packet summary
context = mcp.generate_context(
    max_packets=100,
    focus_protocols=[Protocol.HTTP, Protocol.DNS],
    include_statistics=True
)

# Format it for Claude
formatter = ClaudeFormatter()
claude_prompt = formatter.format_context(
    context, 
    query="What unusual patterns do you see in this HTTP traffic?"
)

# Save to file for use with Claude
with open("claude_prompt.md", "w") as f:
    f.write(claude_prompt)

Using with Claude

There are three main ways to use Wireshark MCP with Claude:

1. Direct MCP Integration (NEW)

For seamless integration with Claude Desktop:

# Run the MCP server with stdio transport
python mcp_server.py --stdio

Then configure Claude Desktop as described in the "Configuring Claude Desktop" section above. This method provides direct integration without any copy/paste needed.

2. Simple Script Approach

For quick analysis without complex setup (requires copy/paste):

python scripts/simple_pcap_analysis.py path/to/your/capture.pcap

This generates a markdown file you can copy and paste into Claude at claude.ai.

3. API Integration

For programmatic integration with Claude's API:

from claude_client import ClaudeClient  # Your implementation
from wireshark_mcp import WiresharkMCP
from wireshark_mcp.formatters import ClaudeFormatter

# Process the PCAP file
mcp = WiresharkMCP("capture.pcap")
context = mcp.generate_context()

# Format for Claude
formatter = ClaudeFormatter()
prompt = formatter.format_context(context, query="Analyze this network traffic")

# Send to Claude API
client = ClaudeClient(api_key="your_api_key")
response = client.analyze(prompt)

See the Claude Integration Guide for detailed API instructions.

Requirements

Python 3.8+
Wireshark/tshark installed and in your PATH
fastmcp Python package

Contributing

Contributions are welcome! Areas where help is especially appreciated:

Additional protocol analyzers
Performance optimizations
Documentation and examples
Testing with diverse packet captures
Web interface enhancements

See CONTRIBUTING.md for details on how to contribute.

License

This project is licensed under the MIT License - see the LICENSE file for details.