Wireshark MCP Server
Bridges AI assistants with network packet analysis, enabling PCAP investigation, protocol discovery, packet filtering, stream analysis, and live capture through natural language.
README
π Wireshark MCP Server
π Overview
Wireshark MCP Server bridges AI assistants and network packet analysis by exposing Wireshark/TShark functionality through the Model Context Protocol (MCP).
Instead of manually searching through packet captures, AI clients can interact with PCAP data using natural language and structured MCP tools.
This project enables:
- PCAP investigation
- Protocol discovery
- Packet filtering
- Stream analysis
- Traffic statistics
- Network conversation mapping
- Live packet capture
- AI-assisted network troubleshooting
β¨ Features
| Feature | Description |
|---|---|
| π Protocol Discovery | Identify all protocols present in a PCAP |
| π¦ Packet Search | Search packets using Wireshark display filters |
| π Conversation Analysis | Analyze communications between hosts |
| π Stream Following | Follow TCP and UDP streams |
| π Traffic Statistics | Generate protocol and traffic summaries |
| π― Interface Discovery | Enumerate available capture interfaces |
| β‘ Live Capture | Capture network traffic in real time |
| π€ MCP Integration | Compatible with MCP clients and AI agents |
| π HTTP Transport | Expose tools through HTTP |
| π» STDIO Transport | Native MCP STDIO support |
π Architecture
ββββββββββββββββββββββββ
β AI Client β
β ( Claude Desktop) β
ββββββββββββ¬ββββββββββββ
β MCP
βΌ
ββββββββββββββββββββββββ
β Wireshark MCP Serverβ
ββββββββββββ¬ββββββββββββ
β
βββββββββββ΄ββββββββββ
β β
βΌ βΌ
TShark Wireshark
Engine Engine
β
βββ PCAP Files
βββ Live Capture
βββ Streams
βββ Conversations
βββ Statistics
π Project Structure
app/
βββ prompts/
β βββ prompts.py
β
βββ resources/
β βββ references.py
β
βββ tools/
β βββ behavior.py
β βββ conversations.py
β βββ discovery.py
β βββ interfaces.py
β βββ live_capture.py
β βββ packets.py
β βββ save_capture.py
β βββ statistics.py
β βββ streams.py
β
βββ transports/
β βββ http_transport.py
β βββ stdio_transport.py
β
βββ utils/
β βββ tshark.py
β
βββ config.py
βββ server.py
βββ .env
run.py
requirements.txt
βοΈ Requirements
Software
- Python 3.11+
- Wireshark
- TShark
Verify TShark installation:
tshark -v
π§ Installation
Clone the repository:
git clone https://github.com/KK-LogicWorks/Wireshark-mcp-server.git
cd Wireshark-mcp-server
Create a virtual environment:
python -m venv venv
Activate it:
Windows:
venv\Scripts\activate
Linux/macOS:
source venv/bin/activate
Install dependencies:
pip install -r requirements.txt
βοΈ Configuration
Create a .env file:
TSHARK_PATH=C:\\Program Files\\Wireshark\\tshark.exe
MAX_TIMEOUT=30
MAX_PACKETS=10000
HTTP_HOST=0.0.0.0
HTTP_PORT=8080
π Running the Server
STDIO Transport
python run.py --transport stdio
HTTP Transport
python run.py --transport http
Server endpoint:
http://localhost:8080
π Available MCP Tools
Protocol Discovery
Discover protocols contained within a packet capture.
Packet Search
Search packets using Wireshark display filters.
Examples:
http
dns
tcp.port == 443
ip.addr == 192.168.1.10
Conversation Analysis
Analyze communication flows between hosts.
Stream Analysis
Follow complete TCP or UDP streams.
Traffic Statistics
Generate protocol and traffic summaries.
Interface Discovery
List available capture interfaces.
Live Capture
Capture traffic directly from selected interfaces.
Save Capture
Persist temporary capture files for later analysis.
Behavior Analysis
Analyze communication patterns and traffic behavior.
π€ Example Use Cases
Incident Response
- Investigate suspicious network activity
- Analyze compromised host communications
- Review attack traffic
Network Troubleshooting
- Identify connectivity issues
- Analyze protocol failures
- Review packet exchanges
Security Operations
- Investigate PCAP files
- Review alerts with packet evidence
- Analyze suspicious traffic patterns
Threat Hunting
- Search for indicators of compromise
- Review communications between hosts
- Identify unusual traffic behavior
π Security Notice
This tool provides packet capture and analysis capabilities.
Only capture or analyze network traffic on systems and networks for which you have explicit authorization.
The maintainers assume no responsibility for misuse of this software.
π£ Roadmap
Current
- [x] Protocol Discovery
- [x] Packet Search
- [x] Stream Analysis
- [x] Conversation Analysis
- [x] Statistics
- [x] Live Capture
- [x] HTTP Transport
- [x] STDIO Transport
Planned
- [ ] IOC Extraction
- [ ] Threat Detection
- [ ] Session Reconstruction
- [ ] AI Investigation Workflows
- [ ] Protocol Anomaly Detection
- [ ] Export Reports
- [ ] MITRE ATT&CK Mapping
π€ Contributing
Contributions, bug reports, and feature requests are welcome.
- Fork the repository
- Create a feature branch
- Commit your changes
- Open a Pull Request
π License
Licensed under the MIT License.
See the LICENSE file for details.
β Support
If you find this project useful:
- Star the repository
- Share feedback
- Submit feature requests
- Contribute improvements
Recommended Servers
playwright-mcp
A Model Context Protocol server that enables LLMs to interact with web pages through structured accessibility snapshots without requiring vision models or screenshots.
Magic Component Platform (MCP)
An AI-powered tool that generates modern UI components from natural language descriptions, integrating with popular IDEs to streamline UI development workflow.
Audiense Insights MCP Server
Enables interaction with Audiense Insights accounts via the Model Context Protocol, facilitating the extraction and analysis of marketing insights and audience data including demographics, behavior, and influencer engagement.
VeyraX MCP
Single MCP tool to connect all your favorite tools: Gmail, Calendar and 40 more.
graphlit-mcp-server
The Model Context Protocol (MCP) Server enables integration between MCP clients and the Graphlit service. Ingest anything from Slack to Gmail to podcast feeds, in addition to web crawling, into a Graphlit project - and then retrieve relevant contents from the MCP client.
Kagi MCP Server
An MCP server that integrates Kagi search capabilities with Claude AI, enabling Claude to perform real-time web searches when answering questions that require up-to-date information.
E2B
Using MCP to run code via e2b.
Neon Database
MCP server for interacting with Neon Management API and databases
Exa Search
A Model Context Protocol (MCP) server lets AI assistants like Claude use the Exa AI Search API for web searches. This setup allows AI models to get real-time web information in a safe and controlled way.
Qdrant Server
This repository is an example of how to create a MCP server for Qdrant, a vector search engine.