- Home
- MCP servers
- Wireshark
Wireshark
- python
6
GitHub Stars
python
Language
6 months ago
First Indexed
2 months ago
Catalog Refreshed
Documentation & install
Readme and setup notes from the catalogue, plus a client-ready config you can copy for your MCP host.
Installation
Add the following to your MCP client configuration file.
Configuration
View docs{
"mcpServers": {
"mixelpixx-wireshark-mcp": {
"command": "wireshark-mcp-server",
"args": [],
"env": {
"ABUSEIPDB_API_KEY": "YOUR_API_KEY_HERE",
"VIRUSTOTAL_API_KEY": "YOUR_API_KEY_HERE"
}
}
}
}You have a comprehensive MCP server that combines Wireshark-based network analysis with Nmap scanning, threat intelligence, and modern MCP workflows. It enables live traffic capture, PCAP analysis, protocol statistics, stream reconstruction, and secure, scalable responses for AI-assisted troubleshooting and security investigations.
How to use
You will interact with the server through an MCP client to perform guided analyses, run scans, and generate structured results. Typical usage patterns include capturing traffic, analyzing capture files, running network scans, checking for threats, and obtaining machine-friendly JSON outputs optimized for large language model responses. Begin by ensuring the MCP server is running, then select a workflow that matches your objective, such as network troubleshooting, security audits, or threat investigations. The server exposes resources for interfaces and captures, prompts for guided workflows, and asynchronous processing to keep responses fast and non-blocking.
How to install
Install prerequisites: Python 3.8+ with pip, Wireshark/TShark installed and in your PATH, Nmap if you plan to use scanning features, and appropriate network capture permissions.
Step-by-step setup locally (example commands shown; run in your terminal):
# Quick install from PyPI
pip install wireshark-mcp-server
# Development install (clone and run in place)
# Clone repository
# git clone https://github.com/yourusername/wireshark-mcp.git
# cd wireshark-mcp
# Install in development mode
pip install -e .
# Optional: install from requirements
pip install -r requirements.txt
Install system dependencies per your platform:
# Ubuntu/Debian
sudo apt-get update
sudo apt-get install tshark nmap
sudo usermod -aG wireshark $USER
# macOS
brew install wireshark nmap
# Windows
# - Install Wireshark
# - Install Nmap
# - Run as Administrator for packet capture
Set up capture permissions (Linux) if you plan to capture packets without root:
# Linux - set capabilities on dumpcap (no root needed)
sudo setcap cap_net_raw,cap_net_admin=eip /usr/bin/dumpcap
# Or add user to wireshark group
sudo usermod -aG wireshark $USER
newgrp wireshark # Apply group without logout
Additional sections
Configuration and environment variables are used to customize threat intelligence sources and runtime behavior. You can provide API keys and feature toggles to tailor your security analysis workflows. The server supports dynamic MCP resources, guided prompts, structured JSON outputs, rate limiting, and asynchronous processing to keep analysis responsive.
Notes
If you intend to run the server locally, ensure your environment has access to the necessary network interfaces and that the required permissions are in place for packet capture. When using threat intelligence integrations, provide your API keys where applicable and respect usage limits outlined by the service providers.
Available tools
get_network_interfaces
List all available network interfaces for live capture.
capture_live_packets
Capture live packets with optional BPF filter and specified output format (JSON or text).
analyze_pcap_file
Analyze a PCAP file using Wireshark display filters to extract insights.
get_protocol_statistics
Generate protocol hierarchy and IP conversation statistics from a capture.
get_capture_file_info
Retrieve metadata about a PCAP capture.
follow_tcp_stream
Reconstruct TCP conversations from a capture file.
follow_udp_stream
Reconstruct UDP conversations from a capture file.
list_tcp_streams
List all TCP conversations contained in a capture.
export_packets_json
Export selected packets to a structured JSON format.
export_packets_csv
Export selected packets to a CSV with chosen fields.
convert_pcap_format
Convert PCAP files between pcap and pcapng formats.
nmap_port_scan
Scan for open ports using different scan types (SYN, connect, UDP).
nmap_service_detection
Detect service versions running on scanned ports.
nmap_os_detection
Identify the operating system of hosts (requires appropriate privileges).
nmap_vulnerability_scan
Run NSE vulnerability scripts against targets.
nmap_quick_scan
Perform a fast top-100 port scan.
nmap_comprehensive_scan
Perform a full, feature-rich scan against targets.
check_ip_threat_intel
Check IPs against threat intelligence providers like URLhaus and AbuseIPDB.
scan_capture_for_threats
Perform a comprehensive threat scan of a PCAP file.
wireshark://interfaces
Dynamic list of network interfaces available for capture.
wireshark://captures
List available PCAP files in common directories.
wireshark://system/info
System capabilities and tool availability information.
network://help
Documentation for MCP tools and workflows.
security_audit
Guided security analysis workflow prompt.
network_troubleshooting
Network diagnostics workflow prompt.
incident_response
Security incident investigation workflow prompt.