Wireshark MCP server

This Python toolkit enables seamless integration between Wireshark and MCP (Machine Control Protocol), allowing you to interact with Wireshark using natural language through Claude Desktop for advanced network analysis.

Installation

Prerequisites

• Wireshark (latest version recommended)
• Python 3.6+
• Claude Desktop application

Setup Instructions

1. Clone the repository:

   git clone https://github.com/shubham-s-pandey/WiresharkMCP.git
   cd WiresharkMCP
   

2. Install required Python dependencies:

   pip install -r requirements.txt
   

3. Configure the Lua extension for Wireshark:

   cp wireshark_extension.lua ~/.wireshark/plugins/
   

   For Windows users:

   copy wireshark_extension.lua %APPDATA%\Wireshark\plugins\
   

Usage

Starting the MCP Server

Launch the Python MCP server to establish the communication bridge:

python mcp_server.py

The server will initialize and display available network interfaces.

Configuring Wireshark

1. Open Wireshark
2. Go to Analyze > Enable MCP Integration
3. Select your desired network interface from the dropdown menu

Basic Commands

Use the following commands in the CLI interface:

# View all available interfaces
show interfaces

# Analyze specific protocols
analyze http

# Filter packets by IP address
filter ip 192.168.1.100

# Export capture to file
export capture.pcap

Using Natural Language Queries

With Claude Desktop running, you can use natural language to analyze packets:

• "Show me all HTTP traffic in the last 5 minutes"
• "Find packets with suspicious TCP flags"
• "Identify devices making DNS requests"

Smart Buffering

The MCP server implements smart buffering to optimize performance:

# Adjust buffer size (in packets)
set buffer 1000

# Clear current buffer
clear buffer

Saving Analysis Results

Export your analysis results for later review:

# Save current analysis to file
save analysis report.txt

# Export filtered packets
export filtered capture.pcap

Troubleshooting

Common Issues

• Connection Errors: Ensure both Wireshark and the MCP server are running
• Interface Not Found: Run show interfaces to verify available network interfaces
• Missing Packets: Increase buffer size with set buffer command

Logs

Check the log files for detailed error information:

cat ~/.wireshark-mcp/logs/server.log

How to add this MCP server to Cursor

There are two ways to add an MCP server to Cursor. The most common way is to add the server globally in the ~/.cursor/mcp.json file so that it is available in all of your projects.

If you only need the server in a single project, you can add it to the project instead by creating or adding it to the .cursor/mcp.json file.

Adding an MCP server to Cursor globally

To add a global MCP server go to Cursor Settings > MCP and click "Add new global MCP server".

When you click that button the ~/.cursor/mcp.json file will be opened and you can add your server like this:

{
    "mcpServers": {
        "cursor-rules-mcp": {
            "command": "npx",
            "args": [
                "-y",
                "cursor-rules-mcp"
            ]
        }
    }
}

Adding an MCP server to a project

To add an MCP server to a project you can create a new .cursor/mcp.json file or add it to the existing one. This will look exactly the same as the global MCP server example above.

How to use the MCP server

Once the server is installed, you might need to head back to Settings > MCP and click the refresh button.

The Cursor agent will then be able to see the available tools the added MCP server has available and will call them when it needs to.

You can also explictly ask the agent to use the tool by mentioning the tool name and describing what the function does.