wireshark-mcp

wireshark-mcp

Exposes Wireshark CLI tools to AI agents through MCP interfaces for network analysis.

Category
Visit Server

README

English | 简体中文

wiresharkmcp

wiresharkmcp is a standalone MCP server that exposes Wireshark CLI tools to AI agents through MCP tools, resources, and prompts.

Usage Video

A short walkthrough of the repository setup and usage:

<div align="center"> <img src="assets/demo.gif" width="960" /> </div>

5-Minute Setup

1. Install Wireshark CLI

macOS:

  1. Install the official Wireshark .dmg.
  2. Move Wireshark.app to /Applications.
  3. Install ChmodBPF from the same .dmg.

Ubuntu/Debian:

sudo apt update
sudo apt install wireshark-common tshark

If you use another distro, need dftest, or want a source build, use the advanced guide in docs/advanced-install.md.

2. Install this repository

uv sync

3. Generate local config

Run the first-run helper:

uv run python scripts/doctor.py

It prints:

  • your current platform and detected Wireshark binaries
  • a suggested .env with absolute binary paths and a home-directory WIRESHARK_MCP_ALLOWED_ROOTS
  • a suggested stdio mcpServers JSON block

If you want it to create .env for you:

uv run python scripts/doctor.py --write-env

Status meanings:

  • usable: all core Wireshark binaries and dftest were found
  • usable but degraded: core binaries were found, but dftest is missing
  • not ready: one or more core binaries are still missing

Minimal .env shape:

WIRESHARK_MCP_ALLOWED_ROOTS=["/absolute/path/to/wireshark-mcp"]
WIRESHARK_MCP_TRANSPORT=stdio

doctor.py also fills any detected WIRESHARK_MCP_*_PATH entries with absolute paths so GUI clients do not depend on your shell PATH.

4. Paste the MCP config into your client and validate

Copy the Suggested MCP config block printed by doctor.py, or start from examples/mcp.json. The recommended command is:

{
  "mcpServers": {
    "wireshark-mcp": {
      "command": "uv",
      "args": [
        "run",
        "--directory",
        "/absolute/path/to/wiresharkmcp-public",
        "wireshark-mcp"
      ],
      "env": {
        "WIRESHARK_MCP_TRANSPORT": "stdio"
      }
    }
  }
}

Then connect your MCP client and call ws_runtime_info. That one tool is the only required first-run validation step. It tells you:

  • which Wireshark binaries were found
  • which features are currently available
  • which filesystem roots the server can access

What the First-Run Helper Optimizes

  • It prefers explicit absolute binary paths over PATH, which is more reliable for desktop and GUI MCP clients.
  • On macOS it checks /Applications/Wireshark.app/Contents/MacOS first.
  • On Linux it checks PATH and common locations such as /usr/bin.
  • It refuses to overwrite an existing .env; if you already have one, it tells you to merge changes manually.

Advanced Docs

Security

  • The server only reads and writes files inside WIRESHARK_MCP_ALLOWED_ROOTS.
  • Do not commit .env, capture files, or generated logs from real environments.

License

MIT. See LICENSE.

Recommended Servers

playwright-mcp

playwright-mcp

A Model Context Protocol server that enables LLMs to interact with web pages through structured accessibility snapshots without requiring vision models or screenshots.

Official
Featured
TypeScript
Magic Component Platform (MCP)

Magic Component Platform (MCP)

An AI-powered tool that generates modern UI components from natural language descriptions, integrating with popular IDEs to streamline UI development workflow.

Official
Featured
Local
TypeScript
Audiense Insights MCP Server

Audiense Insights MCP Server

Enables interaction with Audiense Insights accounts via the Model Context Protocol, facilitating the extraction and analysis of marketing insights and audience data including demographics, behavior, and influencer engagement.

Official
Featured
Local
TypeScript
VeyraX MCP

VeyraX MCP

Single MCP tool to connect all your favorite tools: Gmail, Calendar and 40 more.

Official
Featured
Local
graphlit-mcp-server

graphlit-mcp-server

The Model Context Protocol (MCP) Server enables integration between MCP clients and the Graphlit service. Ingest anything from Slack to Gmail to podcast feeds, in addition to web crawling, into a Graphlit project - and then retrieve relevant contents from the MCP client.

Official
Featured
TypeScript
Kagi MCP Server

Kagi MCP Server

An MCP server that integrates Kagi search capabilities with Claude AI, enabling Claude to perform real-time web searches when answering questions that require up-to-date information.

Official
Featured
Python
E2B

E2B

Using MCP to run code via e2b.

Official
Featured
Neon Database

Neon Database

MCP server for interacting with Neon Management API and databases

Official
Featured
Exa Search

Exa Search

A Model Context Protocol (MCP) server lets AI assistants like Claude use the Exa AI Search API for web searches. This setup allows AI models to get real-time web information in a safe and controlled way.

Official
Featured
Qdrant Server

Qdrant Server

This repository is an example of how to create a MCP server for Qdrant, a vector search engine.

Official
Featured