Wireshark MCP Server
Provides tools for network packet analysis using Wireshark/TShark, including protocol discovery, packet search, conversation analysis, stream following, traffic statistics, live capture, and interface discovery.
Click on "Install Server".
Wait a few minutes for the server to deploy. Once ready, it will show a "Started" state.
In the chat, type
@followed by the MCP server name and your instructions, e.g., "@Wireshark MCP Servershow me DNS queries in capture.pcap"
That's it! The server will respond to your query, and you can continue using it as needed.
Here is a step-by-step guide with screenshots.
π Wireshark MCP Server
π Overview
Wireshark MCP Server bridges AI assistants and network packet analysis by exposing Wireshark/TShark functionality through the Model Context Protocol (MCP).
Instead of manually searching through packet captures, AI clients can interact with PCAP data using natural language and structured MCP tools.
This project enables:
PCAP investigation
Protocol discovery
Packet filtering
Stream analysis
Traffic statistics
Network conversation mapping
Live packet capture
AI-assisted network troubleshooting
Related MCP server: mcp-wireshark
β¨ Features
Feature | Description |
π Protocol Discovery | Identify all protocols present in a PCAP |
π¦ Packet Search | Search packets using Wireshark display filters |
π Conversation Analysis | Analyze communications between hosts |
π Stream Following | Follow TCP and UDP streams |
π Traffic Statistics | Generate protocol and traffic summaries |
π― Interface Discovery | Enumerate available capture interfaces |
β‘ Live Capture | Capture network traffic in real time |
π€ MCP Integration | Compatible with MCP clients and AI agents |
π HTTP Transport | Expose tools through HTTP |
π» STDIO Transport | Native MCP STDIO support |
π Architecture
ββββββββββββββββββββββββ
β AI Client β
β ( Claude Desktop) β
ββββββββββββ¬ββββββββββββ
β MCP
βΌ
ββββββββββββββββββββββββ
β Wireshark MCP Serverβ
ββββββββββββ¬ββββββββββββ
β
βββββββββββ΄ββββββββββ
β β
βΌ βΌ
TShark Wireshark
Engine Engine
β
βββ PCAP Files
βββ Live Capture
βββ Streams
βββ Conversations
βββ Statisticsπ Project Structure
app/
βββ prompts/
β βββ prompts.py
β
βββ resources/
β βββ references.py
β
βββ tools/
β βββ behavior.py
β βββ conversations.py
β βββ discovery.py
β βββ interfaces.py
β βββ live_capture.py
β βββ packets.py
β βββ save_capture.py
β βββ statistics.py
β βββ streams.py
β
βββ transports/
β βββ http_transport.py
β βββ stdio_transport.py
β
βββ utils/
β βββ tshark.py
β
βββ config.py
βββ server.py
βββ .env
run.py
requirements.txtβοΈ Requirements
Software
Python 3.11+
Wireshark
TShark
Verify TShark installation:
tshark -vπ§ Installation
Clone the repository:
git clone https://github.com/KK-LogicWorks/Wireshark-mcp-server.git
cd Wireshark-mcp-serverCreate a virtual environment:
python -m venv venvActivate it:
Windows:
venv\Scripts\activateLinux/macOS:
source venv/bin/activateInstall dependencies:
pip install -r requirements.txtβοΈ Configuration
Create a .env file:
TSHARK_PATH=C:\\Program Files\\Wireshark\\tshark.exe
MAX_TIMEOUT=30
MAX_PACKETS=10000
HTTP_HOST=0.0.0.0
HTTP_PORT=8080π Running the Server
STDIO Transport
python run.py --transport stdioHTTP Transport
python run.py --transport httpServer endpoint:
http://localhost:8080π Available MCP Tools
Protocol Discovery
Discover protocols contained within a packet capture.
Packet Search
Search packets using Wireshark display filters.
Examples:
http
dns
tcp.port == 443
ip.addr == 192.168.1.10Conversation Analysis
Analyze communication flows between hosts.
Stream Analysis
Follow complete TCP or UDP streams.
Traffic Statistics
Generate protocol and traffic summaries.
Interface Discovery
List available capture interfaces.
Live Capture
Capture traffic directly from selected interfaces.
Save Capture
Persist temporary capture files for later analysis.
Behavior Analysis
Analyze communication patterns and traffic behavior.
π€ Example Use Cases
Incident Response
Investigate suspicious network activity
Analyze compromised host communications
Review attack traffic
Network Troubleshooting
Identify connectivity issues
Analyze protocol failures
Review packet exchanges
Security Operations
Investigate PCAP files
Review alerts with packet evidence
Analyze suspicious traffic patterns
Threat Hunting
Search for indicators of compromise
Review communications between hosts
Identify unusual traffic behavior
π Security Notice
This tool provides packet capture and analysis capabilities.
Only capture or analyze network traffic on systems and networks for which you have explicit authorization.
The maintainers assume no responsibility for misuse of this software.
π£ Roadmap
Current
Protocol Discovery
Packet Search
Stream Analysis
Conversation Analysis
Statistics
Live Capture
HTTP Transport
STDIO Transport
Planned
IOC Extraction
Threat Detection
Session Reconstruction
AI Investigation Workflows
Protocol Anomaly Detection
Export Reports
MITRE ATT&CK Mapping
π€ Contributing
Contributions, bug reports, and feature requests are welcome.
Fork the repository
Create a feature branch
Commit your changes
Open a Pull Request
π License
Licensed under the MIT License.
See the LICENSE file for details.
β Support
If you find this project useful:
Star the repository
Share feedback
Submit feature requests
Contribute improvements
This server cannot be installed
Resources
Unclaimed servers have limited discoverability.
Looking for Admin?
If you are the server author, to access and configure the admin panel.
Latest Blog Posts
MCP directory API
We provide all the information about MCP servers via our MCP API.
curl -X GET 'https://glama.ai/api/mcp/v1/servers/KhushbooNC/Wireshark-mcp-server'
If you have feedback or need assistance with the MCP directory API, please join our Discord server