Wireshark Mcp

137STDIOregistry active

Summary

Exposes Wireshark's tshark command-line analyzer through MCP tools so you can drop pcap files into Claude and ask questions in natural English. Built on Python 3.10+, it requires tshark as a minimum dependency but auto-detects the full Wireshark suite (capinfos, mergecap, editcap, dumpcap, text2pcap) to unlock additional analysis capabilities when present. Ships with a CLI that auto-configures two dozen MCP clients including Claude Desktop, Cursor, and VS Code in one command. Useful for security researchers and network engineers who want conversational packet analysis without switching contexts. Live capture works when dumpcap is available but falls back to tshark. Cross-platform CI validates on Windows, Linux, and macOS.

CodeRabbit

AI writes the code. CodeRabbit catches the slop.

Try For Free →

Keep your Mac awake

Keep your Mac awake while Claude Code and 40+ AI agents run. Sleeps when they're idle.

One time payment $9 →

Context.dev

Integrate web data into your AI product. One API to scrape website & brand data.

Get API Key Now →

Make your agent a DeFi expert

Agent, run crypto. Access onchain data & trade routes via 1inch.

Install now →

Make money from your Skills

On Capafy, your Skill runs online 24/7 as an agent product, and you get paid every time someone uses it.

Start earning →

AppSignal

Monitor with ease. Code with confidence.

Start Free Trial →

CodeRabbit

AI writes the code. CodeRabbit catches the slop.

Try For Free →

Keep your Mac awake

Keep your Mac awake while Claude Code and 40+ AI agents run. Sleeps when they're idle.

One time payment $9 →

Context.dev

Integrate web data into your AI product. One API to scrape website & brand data.

Get API Key Now →

Make your agent a DeFi expert

Agent, run crypto. Access onchain data & trade routes via 1inch.

Install now →

Make money from your Skills

On Capafy, your Skill runs online 24/7 as an agent product, and you get paid every time someone uses it.

Start earning →

AppSignal

Monitor with ease. Code with confidence.

Start Free Trial →

Wireshark MCP

Give your AI assistant a packet analyzer.

Drop a .pcap file, ask questions in plain English — get answers backed by real tshark data.

English • 中文 • Changelog • Contributing

What is this?

An MCP server that wraps tshark (and optional Wireshark suite tools) into a structured analysis interface. Works with Claude Desktop, Claude Code, Cursor, VS Code, and 18+ other MCP clients.

You:    "Find all DNS queries going to suspicious domains in this capture."
Claude: [calls wireshark_extract_dns_queries → wireshark_check_threats]
        "Found 3 queries to domains flagged by URLhaus: ..."

Install

Prerequisites: Python 3.10+ and Wireshark with tshark on PATH.

pip install wireshark-mcp
wireshark-mcp install   # auto-configures all detected MCP clients

Restart your AI client — done.

Run wireshark-mcp doctor if anything looks off. See docs/manual-configuration.md for manual setup or platform-specific notes.

Quick Start

Point your AI client at a .pcap file and try:

Analyze capture.pcap using the Wireshark MCP tools.
Start with wireshark_open_file, then run wireshark_security_audit.
Write findings to report.md.

Tools

40+ tools organized into categories:

Category	Highlights	Count
Agentic Workflows	`wireshark_security_audit`, `wireshark_quick_analysis`, `wireshark_open_file`	4
Packet Analysis	Packet list, details, bytes, context, stream follow, search	7
Data Extraction	HTTP requests, DNS queries, TLS handshakes, field extraction	6
Statistics	Protocol hierarchy, endpoints, conversations, I/O graph, expert info	6
Security	Threat intel, credential scan, port scan, DNS tunnel, DoS detection	6
Protocol Deep Dive	TCP health, ARP spoofing, SMTP, DHCP	5
File Ops & Capture	Live capture, merge, filter-save, file info	5
Suite Utilities	editcap trim/split/dedup, text2pcap import	5
Decode & Visualize	Payload decode, traffic plot, protocol tree	3

The server starts with only tshark required. Optional tools (capinfos, mergecap, editcap, dumpcap, text2pcap) are auto-detected and enable extra features when present.

Documentation

Topic	Link
Platform setup (macOS/Linux/Windows)	docs/platform-validation.md
Manual client configuration	docs/manual-configuration.md
Prompt templates	docs/prompt-engineering.md
Release checklist	docs/release-checklist.md
Contributing	CONTRIBUTING.md
Changelog	CHANGELOG.md
Security policy	SECURITY.md

Development

pip install -e ".[dev]"
pytest tests/ -v
ruff check src/ tests/

See CONTRIBUTING.md for the full guide.

_{MIT License · Report a Bug}

Featured

CodeRabbit

AI writes the code. CodeRabbit catches the slop.

Try For Free →

Keep your Mac awake

Keep your Mac awake while Claude Code and 40+ AI agents run. Sleeps when they're idle.

One time payment $9 →

Context.dev

Integrate web data into your AI product. One API to scrape website & brand data.

Get API Key Now →

Make your agent a DeFi expert

Agent, run crypto. Access onchain data & trade routes via 1inch.

Install now →

Make money from your Skills

On Capafy, your Skill runs online 24/7 as an agent product, and you get paid every time someone uses it.

Start earning →

AppSignal

Monitor with ease. Code with confidence.

Start Free Trial →

Wireshark Mcp

Wireshark MCP

What is this?

Install

Quick Start

Tools

Documentation

Development

Wireshark Mcp

Wireshark MCP

What is this?

Install

Quick Start

Tools

Documentation

Development

Related Security & Pentesting MCP Servers

Related Security & Pentesting MCP Servers