loading…
/ru
Весь каталог
Wireshark
БесплатноНе проверенAn MCP server that enables LLMs to analyze pcap files by providing tools for packet dissection, stream following, and data extraction via tshark. It supports pr
Описание
An MCP server that enables LLMs to analyze pcap files by providing tools for packet dissection, stream following, and data extraction via tshark. It supports protocol hierarchy analysis, credential scanning, and threat intelligence checks on captured network traffic.
README
Wireshark MCP
Give your AI assistant a packet analyzer.
Drop a .pcap file, ask questions in plain English — get answers backed by real tshark data.
English • 中文 • Changelog • Contributing
What is this?
An MCP server that wraps tshark (and optional Wireshark suite tools) into a structured analysis interface. Works with Claude Desktop, Claude Code, Cursor, VS Code, and 18+ other MCP clients.
You: "Find all DNS queries going to suspicious domains in this capture."
Claude: [calls wireshark_extract_dns_queries → wireshark_check_threats]
"Found 3 queries to domains flagged by URLhaus: ..."
Install
Prerequisites: Python 3.10+ and Wireshark with tshark on PATH.
pip install wireshark-mcp
wireshark-mcp install # auto-configures all detected MCP clients
Restart your AI client — done.
Run wireshark-mcp doctor if anything looks off. See docs/manual-configuration.md for manual setup or platform-specific notes.
Quick Start
Point your AI client at a .pcap file and try:
Analyze capture.pcap using the Wireshark MCP tools.
Start with wireshark_open_file, then run wireshark_security_audit.
Write findings to report.md.
Tools
40+ tools organized into categories:
| Category | Highlights | Count |
|---|---|---|
| Agentic Workflows | wireshark_security_audit, wireshark_quick_analysis, wireshark_open_file |
4 |
| Packet Analysis | Packet list, details, bytes, context, stream follow, search | 7 |
| Data Extraction | HTTP requests, DNS queries, TLS handshakes, field extraction | 6 |
| Statistics | Protocol hierarchy, endpoints, conversations, I/O graph, expert info | 6 |
| Security | Threat intel, credential scan, port scan, DNS tunnel, DoS detection | 6 |
| Protocol Deep Dive | TCP health, ARP spoofing, SMTP, DHCP | 5 |
| File Ops & Capture | Live capture, merge, filter-save, file info | 5 |
| Suite Utilities | editcap trim/split/dedup, text2pcap import | 5 |
| Decode & Visualize | Payload decode, traffic plot, protocol tree | 3 |
The server starts with only tshark required. Optional tools (capinfos, mergecap, editcap, dumpcap, text2pcap) are auto-detected and enable extra features when present.
Documentation
| Topic | Link |
|---|---|
| Platform setup (macOS/Linux/Windows) | docs/platform-validation.md |
| Manual client configuration | docs/manual-configuration.md |
| Prompt templates | docs/prompt-engineering.md |
| Release checklist | docs/release-checklist.md |
| Contributing | CONTRIBUTING.md |
| Changelog | CHANGELOG.md |
| Security policy | SECURITY.md |
Development
pip install -e ".[dev]"
pytest tests/ -v
ruff check src/ tests/
See CONTRIBUTING.md for the full guide.
Как установить
Выполни в терминале:
claude mcp add wireshark-mcp -- npx Похожие MCP
Compare Wireshark with
Не уверен что выбрать?
Найди свой стек за 60 секунд
Автор?
Embed-бейдж для README
Похожее
Все в категории development