Wireshark MCP Server
Server Configuration
Describes the environment variables required to run the server.
| Name | Required | Description | Default |
|---|---|---|---|
| WIRESHARK_PCAP_DIR | No | Directory on remote host for pcap files | /tmp/mcp-pcaps |
| WIRESHARK_SSH_HOST | No | SSH hostname or IP of the remote machine | kali |
| WIRESHARK_SSH_USER | No | SSH username (optional if using SSH config) |
Capabilities
Features and capabilities supported by this server
| Capability | Details |
|---|---|
| tools | {} |
Tools
Functions exposed to the LLM to take actions
| Name | Description |
|---|---|
| tshark_list_interfacesA | List available network interfaces on the remote Kali machine for packet capture |
| tshark_captureB | Start packet capture on the remote Kali machine. Returns captured packets in JSON format. Requires sudo on the remote host. |
| tshark_read_pcapB | Read and analyze a pcap file from the remote Kali machine. Returns packets in JSON format. |
| tshark_filterC | Apply a display filter to a pcap file and return matching packets. Useful for extracting specific traffic. |
| tshark_statsC | Get protocol statistics from a pcap file. Shows protocol hierarchy, conversations, and endpoints. |
| tshark_follow_streamA | Follow and reconstruct a TCP, UDP, or HTTP stream from a pcap file. Shows the full conversation. |
| tshark_extract_filesC | Extract files from HTTP, DICOM, IMF, SMB, or TFTP traffic in a pcap file. |
| tshark_decodeC | Decode specific packets with detailed protocol information. Useful for deep packet inspection. |
| tshark_extract_credentialsB | Search for potential credentials in network traffic (HTTP Basic Auth, FTP, Telnet, etc.) |
| tshark_export_objectsB | List and export HTTP objects (files) from a pcap capture |
Prompts
Interactive templates invoked by user choice
| Name | Description |
|---|---|
No prompts | |
Resources
Contextual data attached and managed by the client
| Name | Description |
|---|---|
No resources | |
Latest Blog Posts
- Your AI Chatbot Just Exposed Your CEO's Salary to an InternBy Om-Shree-0709 on .Agent IdentityMCP SecurityOAuth Delegation
- Why MCP Servers Need Execution Sandboxing (And Why Your Current Stack Isn't Enough)By Om-Shree-0709 on .Agentic AiPrompt InjectionWebAssembly
MCP directory API
We provide all the information about MCP servers via our MCP API.
curl -X GET 'https://glama.ai/api/mcp/v1/servers/schwarztim/sec-wireshark-mcp'
If you have feedback or need assistance with the MCP directory API, please join our Discord server