playbooks
Learn Rules MCPs Modes
AI Image Editor
Log in

Wireshark MCP server

Wireshark dissector plugin for analyzing network traffic.
Back to servers
Provider
Wayne Cui
Release date
Mar 30, 2025
Language
Python
Stats
1 star
View on GitHub

The Wireshark MCP server allows you to connect to local Wireshark instances, providing tools to run Wireshark commands and offering prompts for common data filtering tasks. It implements the Model Context Protocol to enable integration with LLM clients.

Installation

Prerequisites

  • Wireshark must be installed on your system
  • Python 3.10 or higher

Setup Steps

  • Create and activate a Python virtual environment (recommended):
python -m venv venv
source venv/bin/activate  # On Windows use: venv\Scripts\activate
  • Install dependencies:
pip install -r requirements.txt
  • Verify that Wireshark and tshark are available:
tshark --version

Usage

Starting the Server

To start the MCP server:

python wireshark_mcp_server.py

The server will launch an SSE application listening at http://127.0.0.1:3001, which can be connected to by any MCP-compatible LLM client.

Testing the Connection

A simple test client is provided to verify server functionality:

python example_client.py

Available Tools

The server provides the following tools:

  • wireshark_check_installation - Verifies if Wireshark is properly installed
  • wireshark_get_interfaces - Lists available network interfaces
  • wireshark_capture_packets - Captures network packets
  • wireshark_read_capture - Reads capture files
  • wireshark_analyze - Analyzes capture files and provides statistics
  • wireshark_get_prompts - Retrieves all available prompts
  • wireshark_get_prompt - Retrieves a specific prompt

Troubleshooting

Permission Issues

On Linux/macOS, you may need root permissions to capture packets:

sudo python wireshark_mcp_server.py

Alternatively, you can grant the required permissions to dumpcap:

sudo setcap 'CAP_NET_RAW+eip CAP_NET_ADMIN+eip' /usr/bin/dumpcap

Command Not Found Errors

If you encounter a "tshark command not found" error, ensure Wireshark is correctly installed and the tshark command is in your system PATH.

Server Startup Errors

If you see error messages about missing modules, ensure all dependencies are correctly installed:

pip install -r requirements.txt

How to add this MCP server to Cursor

There are two ways to add an MCP server to Cursor. The most common way is to add the server globally in the ~/.cursor/mcp.json file so that it is available in all of your projects.

If you only need the server in a single project, you can add it to the project instead by creating or adding it to the .cursor/mcp.json file.

Adding an MCP server to Cursor globally

To add a global MCP server go to Cursor Settings > MCP and click "Add new global MCP server".

When you click that button the ~/.cursor/mcp.json file will be opened and you can add your server like this:

{
    "mcpServers": {
        "cursor-rules-mcp": {
            "command": "npx",
            "args": [
                "-y",
                "cursor-rules-mcp"
            ]
        }
    }
}

Adding an MCP server to a project

To add an MCP server to a project you can create a new .cursor/mcp.json file or add it to the existing one. This will look exactly the same as the global MCP server example above.

How to use the MCP server

Once the server is installed, you might need to head back to Settings > MCP and click the refresh button.

The Cursor agent will then be able to see the available tools the added MCP server has available and will call them when it needs to.

You can also explictly ask the agent to use the tool by mentioning the tool name and describing what the function does.

Want to 10x your AI skills?

Get a free account and learn to code + market your apps using AI (with or without vibes!).

Nah, maybe later