Wireshark MCP

# Windows Installation & Troubleshooting Guide This guide provides detailed instructions for installing and using Wireshark MCP on Windows systems, including handling common issues. ## Prerequisites Before you begin, ensure you have the following: 1. **Python 3.8+** installed on your system - Download from [python.org](https://www.python.org/downloads/windows/) - Make sure to check "Add Python to PATH" during installation 2. **Git** installed on your system (for cloning the repository) - Download from [git-scm.com](https://git-scm.com/download/win) 3. **Wireshark/TShark** installed on your system - Download from [wireshark.org](https://www.wireshark.org/download.html) - **Important**: During installation, make sure to check the option to install TShark (command-line tools) - Also ensure the "Install USBPcap" option is checked if you need USB traffic capture capabilities ## Installation Methods ### Method 1: Standard Installation (via pip) ```bash pip install wireshark-mcp ``` ### Method 2: From Source (Recommended for Development) ```bash # Clone the repository git clone https://github.com/sarthaksiddha/Wireshark-mcp.git cd Wireshark-mcp # Create a virtual environment (recommended) python -m venv venv venv\Scripts\activate # Install dependencies pip install -r requirements.txt ``` ## Alternate Installation Method (If You Encounter Issues) If you encounter module import errors with the standard installation methods, you can use this approach: 1. Clone the repository: ```bash git clone https://github.com/sarthaksiddha/Wireshark-mcp.git cd Wireshark-mcp ``` 2. Create a virtual environment: ```bash python -m venv venv venv\Scripts\activate ``` 3. Install dependencies directly (without installing the package in development mode): ```bash pip install pyshark scapy pydantic rich requests Jinja2 pip install -r web_interface/requirements.txt ``` 4. Set PYTHONPATH to include the repository directory: ```bash set PYTHONPATH=%CD% ``` This approach avoids issues with the package structure while still allowing you to use all the functionality. ## Using Wireshark MCP with Claude ### Simple Analysis Script For the most reliable method to analyze a PCAP file, especially if you encounter issues with other methods, use the `simple_pcap_analysis.py` script included in the `scripts` directory: ```bash cd scripts python simple_pcap_analysis.py path\to\your\capture.pcap ``` This will: 1. Extract basic information from your PCAP file using TShark directly 2. Format it for Claude 3. Save the output to a markdown file that you can copy and paste into Claude ### Protocol-Specific Analysis To focus on a specific protocol: ```bash cd scripts python analyze_pcap.py path\to\your\capture.pcap HTTP ``` Replace HTTP with the protocol you want to analyze (HTTP, DNS, TLS, SMTP, etc.) ## Web Interface To use the web interface: 1. Ensure you're in the repository directory and the virtual environment is activated: ```bash cd Wireshark-mcp venv\Scripts\activate set PYTHONPATH=%CD% # If needed ``` 2. Start the web interface: ```bash cd web_interface python app.py ``` 3. Open a web browser and navigate to http://localhost:5000 ## Troubleshooting Windows-Specific Issues ### TShark Not Found or Not Working If you get a "TShark not found" error: 1. Verify TShark is installed by running in Command Prompt: ```bash where tshark ``` 2. If not found but Wireshark is installed, specify the path explicitly: ```python # In your Python code mcp = WiresharkMCP("capture.pcap", tshark_path="C:\\Program Files\\Wireshark\\tshark.exe") ``` 3. Add the Wireshark directory to your PATH environment variable: - Right-click on "This PC" or "My Computer" > Properties > Advanced system settings - Click "Environment Variables" - Under "System variables", find "Path" and click "Edit" - Add the Wireshark installation directory (e.g., `C:\Program Files\Wireshark`) - Click OK and restart your Command Prompt ### Permission Issues 1. Run Command Prompt or PowerShell as Administrator 2. Ensure your user has read permissions for the PCAP files 3. Try moving the PCAP files to a directory with appropriate permissions ### Module Import Errors If you see errors like `No module named 'wireshark_mcp.protocols'`: 1. Make sure you're using the correct installation method (see "Alternate Installation Method" above) 2. Verify PYTHONPATH includes the Wireshark-mcp directory 3. Make sure all dependencies are installed ### Package Structure Issues If you encounter errors related to package installation (like multiple top-level packages): 1. Use the "Alternate Installation Method" above 2. Try the simple analysis script which doesn't rely on the package structure ## Getting More Help If you encounter persistent issues: 1. Check the error message carefully for clues 2. Look at the [GitHub issues](https://github.com/sarthaksiddha/Wireshark-mcp/issues) to see if others have had similar problems 3. Create a new issue with detailed information about your environment and the error messages