playbooks

Home / MCP / Wireshark MCP Server

Wireshark MCP Server

An MCP server that connects to Wireshark, runs Wireshark commands, and provides data-filtering tips.

python
5stars
View on GitHub
Installation
Add the following to your MCP client configuration file.

Configuration

View docs
{
    "mcpServers": {
        "wireshark_mcp": {
            "url": "http://127.0.0.1:3001"
        }
    }
}

You run a Wireshark MCP server that connects to your local Wireshark instance, exposes commands to run Wireshark actions, and provides tips for common data filtering tasks. This server lets an MCP-enabled client control Wireshark tasks remotely, making it easier to automate packet capture, analysis, and reporting from your workflow.

How to use

You can connect an MCP client to either the HTTP endpoint that the server exposes or run the server locally in your environment. The server provides a set of built-in tools to check installation, list interfaces, capture packets, read captures, analyze data, and retrieve prompts. Start the server and then connect your MCP client to the provided URL or run the local process as described below.

How to install

Prerequisites: you need Python 3.10 or newer and Wireshark installed with the tshark command available in your system PATH.

python -m venv venv
source venv/bin/activate  # On Windows use: venv\\Scripts\\activate

pip install -r requirements.txt

tshark --version

Additional setup and usage notes

Start the MCP server locally to listen for MCP clients on http://127.0.0.1:3001. You will be able to connect using any MCP-compatible client and issue Wireshark-related commands through the server.

To run the server, execute the following in your environment after you have installed dependencies and prepared your Python environment.

python wireshark_mcp_server.py

Troubleshooting

If you encounter permission issues when capturing packets on Linux or macOS, try running with elevated privileges or adjust dumpcap permissions as needed.

If the server fails to start due to missing modules, re-install dependencies with the required command.

pip install -r requirements.txt

Test client

A simple test client is available to validate the server’s functionality. Run this command to exercise basic MCP interactions with the server.

python example_client.py

Available tools

wireshark_check_installation

Checks whether Wireshark is installed and tshark is available on the system.

wireshark_get_interfaces

Retrieves the list of available network interfaces that can be used for capturing packets.

wireshark_capture_packets

Captures network packets according to specified parameters and stores them for analysis.

wireshark_read_capture

Reads and processes captured packet files for inspection.

wireshark_analyze

Analyzes capture data and provides statistical insights and summaries.

wireshark_get_prompts

Fetches all available prompts that guide MCP interactions.

wireshark_get_prompt

Fetches a specific prompt to guide a particular task in Wireshark MCP workflows.