MCP Catalogs
Homemcp-wireshark screenshot

mcp-wireshark

by khuynh22·36·Score 44

An MCP server that integrates Wireshark/tshark with AI tools for network analysis.

securitydeveloper-toolsmonitoring
7
Forks
5
Open issues
this month
Last commit
2d ago
Indexed

Overview

mcp-wireshark is a production-ready MCP server that provides Claude Desktop, VS Code, and CLI with direct access to network packet capture and analysis capabilities. It exposes 10 tools divided into read operations (safe inspection) and write operations (capture and export), allowing AI assistants to summarize PCAP files, apply display filters, follow TCP/UDP streams, capture live traffic, and export data to JSON. The server is cross-platform, typed, tested, and pip-installable with clear documentation and maintenance.

Try asking AI

After installing, here are 5 things you can ask your AI assistant:

you:Summarizing network traffic in PCAP files to identify top communication endpoints
you:Following TCP/UDP streams in captures to analyze application protocols
you:Capturing live network traffic with specific filters for security monitoring
you:How do I install tshark on Windows?
you:What are the permissions needed for live capture on Linux?

When to choose this

Choose this MCP server when you need to integrate Wireshark/tshark capabilities into AI workflows for network analysis, debugging, or security monitoring without leaving your chat interface.

When NOT to choose this

Don't choose this if you need advanced Wireshark features not exposed by the MCP server, or if you're working in an environment where installing system dependencies like tshark is restricted.

Tools this server exposes

10 tools extracted from the README
  • check_installation

    Verify tshark is installed and show version

  • list_interfaces

    List network interfaces available to capture from

  • read_pcap

    Read packets from a .pcap/.pcapng file

  • display_filter

    Apply a Wireshark display filter to a pcap

  • summarize_pcap

    Generate high-level summary of pcap including stats and top talkers

  • stats_by_proto

    Get protocol hierarchy statistics from a pcap

  • follow_tcp

    Reassemble a TCP stream and return its payload

  • follow_udp

    Reassemble a UDP stream and return its payload

  • live_capture

    Capture live traffic from an interface

  • export_json

    Export packets from a pcap to a JSON file

Comparable tools

shell-mcptcpdump-cliwireshark-gui

Installation

pip install mcp-wireshark
claude mcp add --transport stdio --scope user mcp-wireshark -- mcp-wireshark

For Claude Desktop, add to claude_desktop_config.json:

{
    "mcpServers": {
        "wireshark": {
            "command": "mcp-wireshark"
        }
    }
}

For VS Code, create .vscode/mcp.json:

{
    "servers": {
        "wireshark": {
            "command": "mcp-wireshark"
        }
    }
}

FAQ

How do I install tshark on Windows?
Install Wireshark from https://www.wireshark.org/download.html and add 'C:\Program Files\Wireshark' to your system PATH.
What are the permissions needed for live capture on Linux?
Add yourself to the 'wireshark' group with 'sudo usermod -aG wireshark $USER', then log out and back in.

Compare mcp-wireshark with

mcp-wireshark vs mcp-server-chartmcp-wireshark vs everythingmcp-wireshark vs filesystemmcp-wireshark vs timemcp-wireshark vs sequentialthinking
GitHub →

Last updated · Auto-generated from public README + GitHub signals.