Wireshark MCP Server

Wireshark MCP Server

Bridges AI assistants with network packet analysis, enabling PCAP investigation, protocol discovery, packet filtering, stream analysis, and live capture through natural language.

Category
Visit Server

README

πŸ” Wireshark MCP Server

πŸš€ Overview

Wireshark MCP Server bridges AI assistants and network packet analysis by exposing Wireshark/TShark functionality through the Model Context Protocol (MCP).

Instead of manually searching through packet captures, AI clients can interact with PCAP data using natural language and structured MCP tools.

This project enables:

  • PCAP investigation
  • Protocol discovery
  • Packet filtering
  • Stream analysis
  • Traffic statistics
  • Network conversation mapping
  • Live packet capture
  • AI-assisted network troubleshooting

✨ Features

Feature Description
πŸ”Ž Protocol Discovery Identify all protocols present in a PCAP
πŸ“¦ Packet Search Search packets using Wireshark display filters
🌐 Conversation Analysis Analyze communications between hosts
πŸ”„ Stream Following Follow TCP and UDP streams
πŸ“Š Traffic Statistics Generate protocol and traffic summaries
🎯 Interface Discovery Enumerate available capture interfaces
⚑ Live Capture Capture network traffic in real time
πŸ€– MCP Integration Compatible with MCP clients and AI agents
🌍 HTTP Transport Expose tools through HTTP
πŸ’» STDIO Transport Native MCP STDIO support

πŸ— Architecture

β”Œβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”
β”‚      AI Client       β”‚
β”‚ ( Claude Desktop)   β”‚
β””β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”¬β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”˜
           β”‚ MCP
           β–Ό
β”Œβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”
β”‚  Wireshark MCP Serverβ”‚
β””β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”¬β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”˜
           β”‚
 β”Œβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”΄β”€β”€β”€β”€β”€β”€β”€β”€β”€β”
 β”‚                   β”‚
 β–Ό                   β–Ό
TShark          Wireshark
 Engine           Engine
 β”‚
 β”œβ”€β”€ PCAP Files
 β”œβ”€β”€ Live Capture
 β”œβ”€β”€ Streams
 β”œβ”€β”€ Conversations
 └── Statistics

πŸ“ Project Structure

app/
β”œβ”€β”€ prompts/
β”‚   └── prompts.py
β”‚
β”œβ”€β”€ resources/
β”‚   └── references.py
β”‚
β”œβ”€β”€ tools/
β”‚   β”œβ”€β”€ behavior.py
β”‚   β”œβ”€β”€ conversations.py
β”‚   β”œβ”€β”€ discovery.py
β”‚   β”œβ”€β”€ interfaces.py
β”‚   β”œβ”€β”€ live_capture.py
β”‚   β”œβ”€β”€ packets.py
β”‚   β”œβ”€β”€ save_capture.py
β”‚   β”œβ”€β”€ statistics.py
β”‚   └── streams.py
β”‚
β”œβ”€β”€ transports/
β”‚   β”œβ”€β”€ http_transport.py
β”‚   └── stdio_transport.py
β”‚
β”œβ”€β”€ utils/
β”‚   └── tshark.py
β”‚
β”œβ”€β”€ config.py
└── server.py
└── .env

run.py
requirements.txt

βš™οΈ Requirements

Software

  • Python 3.11+
  • Wireshark
  • TShark

Verify TShark installation:

tshark -v

πŸ”§ Installation

Clone the repository:

git clone https://github.com/KK-LogicWorks/Wireshark-mcp-server.git

cd Wireshark-mcp-server

Create a virtual environment:

python -m venv venv

Activate it:

Windows:

venv\Scripts\activate

Linux/macOS:

source venv/bin/activate

Install dependencies:

pip install -r requirements.txt

βš™οΈ Configuration

Create a .env file:

TSHARK_PATH=C:\\Program Files\\Wireshark\\tshark.exe

MAX_TIMEOUT=30

MAX_PACKETS=10000

HTTP_HOST=0.0.0.0

HTTP_PORT=8080

πŸš€ Running the Server

STDIO Transport

python run.py --transport stdio

HTTP Transport

python run.py --transport http

Server endpoint:

http://localhost:8080

πŸ›  Available MCP Tools

Protocol Discovery

Discover protocols contained within a packet capture.

Packet Search

Search packets using Wireshark display filters.

Examples:

http

dns

tcp.port == 443

ip.addr == 192.168.1.10

Conversation Analysis

Analyze communication flows between hosts.

Stream Analysis

Follow complete TCP or UDP streams.

Traffic Statistics

Generate protocol and traffic summaries.

Interface Discovery

List available capture interfaces.

Live Capture

Capture traffic directly from selected interfaces.

Save Capture

Persist temporary capture files for later analysis.

Behavior Analysis

Analyze communication patterns and traffic behavior.


πŸ€– Example Use Cases

Incident Response

  • Investigate suspicious network activity
  • Analyze compromised host communications
  • Review attack traffic

Network Troubleshooting

  • Identify connectivity issues
  • Analyze protocol failures
  • Review packet exchanges

Security Operations

  • Investigate PCAP files
  • Review alerts with packet evidence
  • Analyze suspicious traffic patterns

Threat Hunting

  • Search for indicators of compromise
  • Review communications between hosts
  • Identify unusual traffic behavior

πŸ”’ Security Notice

This tool provides packet capture and analysis capabilities.

Only capture or analyze network traffic on systems and networks for which you have explicit authorization.

The maintainers assume no responsibility for misuse of this software.


πŸ›£ Roadmap

Current

  • [x] Protocol Discovery
  • [x] Packet Search
  • [x] Stream Analysis
  • [x] Conversation Analysis
  • [x] Statistics
  • [x] Live Capture
  • [x] HTTP Transport
  • [x] STDIO Transport

Planned

  • [ ] IOC Extraction
  • [ ] Threat Detection
  • [ ] Session Reconstruction
  • [ ] AI Investigation Workflows
  • [ ] Protocol Anomaly Detection
  • [ ] Export Reports
  • [ ] MITRE ATT&CK Mapping

🀝 Contributing

Contributions, bug reports, and feature requests are welcome.

  1. Fork the repository
  2. Create a feature branch
  3. Commit your changes
  4. Open a Pull Request

πŸ“„ License

Licensed under the MIT License.

See the LICENSE file for details.


⭐ Support

If you find this project useful:

  • Star the repository
  • Share feedback
  • Submit feature requests
  • Contribute improvements

Recommended Servers

playwright-mcp

playwright-mcp

A Model Context Protocol server that enables LLMs to interact with web pages through structured accessibility snapshots without requiring vision models or screenshots.

Official
Featured
TypeScript
Magic Component Platform (MCP)

Magic Component Platform (MCP)

An AI-powered tool that generates modern UI components from natural language descriptions, integrating with popular IDEs to streamline UI development workflow.

Official
Featured
Local
TypeScript
Audiense Insights MCP Server

Audiense Insights MCP Server

Enables interaction with Audiense Insights accounts via the Model Context Protocol, facilitating the extraction and analysis of marketing insights and audience data including demographics, behavior, and influencer engagement.

Official
Featured
Local
TypeScript
VeyraX MCP

VeyraX MCP

Single MCP tool to connect all your favorite tools: Gmail, Calendar and 40 more.

Official
Featured
Local
graphlit-mcp-server

graphlit-mcp-server

The Model Context Protocol (MCP) Server enables integration between MCP clients and the Graphlit service. Ingest anything from Slack to Gmail to podcast feeds, in addition to web crawling, into a Graphlit project - and then retrieve relevant contents from the MCP client.

Official
Featured
TypeScript
Kagi MCP Server

Kagi MCP Server

An MCP server that integrates Kagi search capabilities with Claude AI, enabling Claude to perform real-time web searches when answering questions that require up-to-date information.

Official
Featured
Python
E2B

E2B

Using MCP to run code via e2b.

Official
Featured
Neon Database

Neon Database

MCP server for interacting with Neon Management API and databases

Official
Featured
Exa Search

Exa Search

A Model Context Protocol (MCP) server lets AI assistants like Claude use the Exa AI Search API for web searches. This setup allows AI models to get real-time web information in a safe and controlled way.

Official
Featured
Qdrant Server

Qdrant Server

This repository is an example of how to create a MCP server for Qdrant, a vector search engine.

Official
Featured