Wireshark Support for MongoDB Protocol

Wireshark, an advanced interactive network traffic sniffer, has full support for the MongoDB Wire protocol.

You can visually inspect MongoDB traffic, do complex filters on specific values of MongoDB wire messages, and dig into individual documents both sent and received.

MongoDB Port

The Mongo protocol definition included in Wireshark assumes that the traffic occurs on the default MongoDB TCP port 27017. To verify or update the TCP port of the MongoDB server (or client), go to Preferences -> Protocols -> Mongo.

To verify the port using the tshark command line interface instead of the GUI, use the following:

tshark -G currentprefs | grep mongo


If the port value preference does not match the port on which your MongoDB runs, no mongo wire protocol data will be captured and all filter expressions will have an empty result.


../../_images/wireshark-support-packet-list.png ../../_images/wireshark-support-filter-expression-profile-default.png ../../_images/wireshark-support-wire-protocol-details.png