Wireshark Mcp
What is Wireshark Mcp
wireshark_mcp is a server that connects to Wireshark using the Model Context Protocol (MCP). It provides tools for running Wireshark commands and includes prompts for common data filtering tasks.
Use cases
Use cases for wireshark_mcp include network troubleshooting, performance monitoring, security analysis, and teaching networking concepts through practical packet analysis.
How to use
To use wireshark_mcp, first create and activate a Python virtual environment, install the required dependencies, and ensure Wireshark is installed. Start the server by running ‘python wireshark_mcp_server.py’, which will listen on ‘http://127.0.0.1:3001’. You can also test the server functionality using the provided example client.
Key features
Key features of wireshark_mcp include: connecting to local Wireshark instances, running Wireshark commands, checking installation, retrieving available network interfaces, capturing packets, reading capture files, analyzing captures, and obtaining prompts.
Where to use
wireshark_mcp can be used in various fields such as network analysis, cybersecurity, and educational environments where packet capturing and analysis are required.
Clients Supporting MCP
The following are the main client software that supports the Model Context Protocol. Click the link to visit the official website for more information.
Overview
What is Wireshark Mcp
wireshark_mcp is a server that connects to Wireshark using the Model Context Protocol (MCP). It provides tools for running Wireshark commands and includes prompts for common data filtering tasks.
Use cases
Use cases for wireshark_mcp include network troubleshooting, performance monitoring, security analysis, and teaching networking concepts through practical packet analysis.
How to use
To use wireshark_mcp, first create and activate a Python virtual environment, install the required dependencies, and ensure Wireshark is installed. Start the server by running ‘python wireshark_mcp_server.py’, which will listen on ‘http://127.0.0.1:3001’. You can also test the server functionality using the provided example client.
Key features
Key features of wireshark_mcp include: connecting to local Wireshark instances, running Wireshark commands, checking installation, retrieving available network interfaces, capturing packets, reading capture files, analyzing captures, and obtaining prompts.
Where to use
wireshark_mcp can be used in various fields such as network analysis, cybersecurity, and educational environments where packet capturing and analysis are required.
Clients Supporting MCP
The following are the main client software that supports the Model Context Protocol. Click the link to visit the official website for more information.
Content
Wireshark MCP服务器
这是一个连接Wireshark的MCP (Model Context Protocol) 服务器,提供以下功能:
- 连接本地Wireshark实例
- 提供运行Wireshark命令的工具
- 包含常见数据过滤任务的提示
安装
- 创建并激活Python虚拟环境(推荐):
python -m venv venv
source venv/bin/activate # 在Windows上使用: venv\Scripts\activate
- 安装依赖:
pip install -r requirements.txt
- 确保安装了Wireshark并且tshark命令可用:
tshark --version
使用方法
启动服务器
python wireshark_mcp_server.py
服务器将启动一个SSE应用,监听在http://127.0.0.1:3001,可以通过支持MCP的LLM客户端连接。
测试客户端
提供了一个简单的测试客户端,可以用来验证服务器功能:
python example_client.py
可用工具
服务器提供以下工具:
wireshark_check_installation- 检查Wireshark是否已安装wireshark_get_interfaces- 获取可用网络接口列表wireshark_capture_packets- 捕获网络数据包wireshark_read_capture- 读取捕获文件wireshark_analyze- 分析捕获文件并提供统计数据wireshark_get_prompts- 获取所有提示wireshark_get_prompt- 获取特定提示
详细的API文档请参考DOCUMENTATION.md文件。
所需依赖
- Wireshark必须已安装在系统上
- Python 3.10+
常见问题
缺少权限
在Linux/macOS上,可能需要以root权限运行才能捕获数据包:
sudo python wireshark_mcp_server.py
或者给予dumpcap命令适当的权限:
sudo setcap 'CAP_NET_RAW+eip CAP_NET_ADMIN+eip' /usr/bin/dumpcap
tshark命令未找到
确保Wireshark已正确安装,并且tshark命令在系统PATH中。
服务器启动错误
如果看到错误信息提示找不到某些模块,可能是依赖安装不完整,请确保正确安装了所有依赖:
pip install -r requirements.txt
Dev Tools Supporting MCP
The following are the main code editors that support the Model Context Protocol. Click the link to visit the official website for more information.
