Wireshark

A Model Context Protocol (MCP) server that provides AI assistants with direct access to Wireshark network analysis capabilities. This tool enables AI-powered network troubleshooting, packet analysis, and network monitoring through a secure, standardized interface.
  • python

6

GitHub Stars

python

Language

6 months ago

First Indexed

2 months ago

Catalog Refreshed

Documentation & install

Readme and setup notes from the catalogue, plus a client-ready config you can copy for your MCP host.

Installation

Add the following to your MCP client configuration file.

Configuration

View docs
{
  "mcpServers": {
    "mixelpixx-wireshark-mcp": {
      "command": "wireshark-mcp-server",
      "args": [],
      "env": {
        "ABUSEIPDB_API_KEY": "YOUR_API_KEY_HERE",
        "VIRUSTOTAL_API_KEY": "YOUR_API_KEY_HERE"
      }
    }
  }
}

You have a comprehensive MCP server that combines Wireshark-based network analysis with Nmap scanning, threat intelligence, and modern MCP workflows. It enables live traffic capture, PCAP analysis, protocol statistics, stream reconstruction, and secure, scalable responses for AI-assisted troubleshooting and security investigations.

How to use

You will interact with the server through an MCP client to perform guided analyses, run scans, and generate structured results. Typical usage patterns include capturing traffic, analyzing capture files, running network scans, checking for threats, and obtaining machine-friendly JSON outputs optimized for large language model responses. Begin by ensuring the MCP server is running, then select a workflow that matches your objective, such as network troubleshooting, security audits, or threat investigations. The server exposes resources for interfaces and captures, prompts for guided workflows, and asynchronous processing to keep responses fast and non-blocking.

How to install

Install prerequisites: Python 3.8+ with pip, Wireshark/TShark installed and in your PATH, Nmap if you plan to use scanning features, and appropriate network capture permissions.

Step-by-step setup locally (example commands shown; run in your terminal):

# Quick install from PyPI
pip install wireshark-mcp-server

# Development install (clone and run in place)
# Clone repository
# git clone https://github.com/yourusername/wireshark-mcp.git
# cd wireshark-mcp

# Install in development mode
pip install -e .

# Optional: install from requirements
pip install -r requirements.txt

Install system dependencies per your platform:

# Ubuntu/Debian
sudo apt-get update
sudo apt-get install tshark nmap
sudo usermod -aG wireshark $USER

# macOS
brew install wireshark nmap

# Windows
# - Install Wireshark
# - Install Nmap
# - Run as Administrator for packet capture

Set up capture permissions (Linux) if you plan to capture packets without root:

# Linux - set capabilities on dumpcap (no root needed)
sudo setcap cap_net_raw,cap_net_admin=eip /usr/bin/dumpcap

# Or add user to wireshark group
sudo usermod -aG wireshark $USER
newgrp wireshark  # Apply group without logout

Additional sections

Configuration and environment variables are used to customize threat intelligence sources and runtime behavior. You can provide API keys and feature toggles to tailor your security analysis workflows. The server supports dynamic MCP resources, guided prompts, structured JSON outputs, rate limiting, and asynchronous processing to keep analysis responsive.

Notes

If you intend to run the server locally, ensure your environment has access to the necessary network interfaces and that the required permissions are in place for packet capture. When using threat intelligence integrations, provide your API keys where applicable and respect usage limits outlined by the service providers.

Available tools

get_network_interfaces

List all available network interfaces for live capture.

capture_live_packets

Capture live packets with optional BPF filter and specified output format (JSON or text).

analyze_pcap_file

Analyze a PCAP file using Wireshark display filters to extract insights.

get_protocol_statistics

Generate protocol hierarchy and IP conversation statistics from a capture.

get_capture_file_info

Retrieve metadata about a PCAP capture.

follow_tcp_stream

Reconstruct TCP conversations from a capture file.

follow_udp_stream

Reconstruct UDP conversations from a capture file.

list_tcp_streams

List all TCP conversations contained in a capture.

export_packets_json

Export selected packets to a structured JSON format.

export_packets_csv

Export selected packets to a CSV with chosen fields.

convert_pcap_format

Convert PCAP files between pcap and pcapng formats.

nmap_port_scan

Scan for open ports using different scan types (SYN, connect, UDP).

nmap_service_detection

Detect service versions running on scanned ports.

nmap_os_detection

Identify the operating system of hosts (requires appropriate privileges).

nmap_vulnerability_scan

Run NSE vulnerability scripts against targets.

nmap_quick_scan

Perform a fast top-100 port scan.

nmap_comprehensive_scan

Perform a full, feature-rich scan against targets.

check_ip_threat_intel

Check IPs against threat intelligence providers like URLhaus and AbuseIPDB.

scan_capture_for_threats

Perform a comprehensive threat scan of a PCAP file.

wireshark://interfaces

Dynamic list of network interfaces available for capture.

wireshark://captures

List available PCAP files in common directories.

wireshark://system/info

System capabilities and tool availability information.

network://help

Documentation for MCP tools and workflows.

security_audit

Guided security analysis workflow prompt.

network_troubleshooting

Network diagnostics workflow prompt.

incident_response

Security incident investigation workflow prompt.

Built by
VeilStrat
AI signals for GTM teams
© 2026 VeilStrat. All rights reserved.All systems operational