mcp-wireshark
An MCP server that integrates Wireshark/tshark with AI tools and IDEs. Capture live traffic, parse .pcap files, apply display filters, follow streams, and export JSON - all via Claude Desktop, VS Code, or CLI. Cross‑platform, typed, tested, and pip‑installable.
claude mcp add --transport stdio khuynh22-mcp-wireshark mcp-wireshark
How to use
mcp-wireshark is an MCP server that bridges Wireshark/tshark capabilities with the Model Context Protocol ecosystem. It exposes tools to list interfaces, capture live traffic, read and analyze PCAP files, apply display filters, generate protocol statistics, follow TCP streams, and export results to JSON. This lets Claude Desktop, VS Code, or a CLI session interact with wireless and wired network captures through MCP-compatible commands, enabling AI-assisted network analysis, data extraction, and in-context reasoning over packet data.
To use it, install the Python package, run the MCP server, and connect your MCP client (Claude or VS Code) to the server. You’ll access the provided tools via the MCP protocol: list_interfaces, live_capture, read_pcap, display_filter, stats_by_proto, follow_tcp, and export_json. Each tool accepts parameters described in the README, and outputs structured results that you can pass to AI tools for analysis, summaries, or JSON exports for downstream processing.
How to install
Prerequisites:
- Python 3.10 or higher
- pip (Python package installer)
- Internet access to fetch the package from PyPI (or a local mirror)
Installation from PyPI:
pip install mcp-wireshark
Installation from source:
git clone https://github.com/khuynh22/mcp-wireshark.git
cd mcp-wireshark
pip install -e .
Verify installation by running the server (in a new terminal):
mcp-wireshark
If you prefer to use it via Python module (alternative if the CLI is not on your PATH):
python -m mcp_wireshark # ensure the package name matches your installed module
Additional notes
Tips and common considerations:
- Ensure Wireshark/tshark is installed and accessible on your system, as the MCP server relies on these tools for capture and analysis.
- On Linux, you may need additional permissions to capture traffic (e.g., adding your user to the wireshark group or running with elevated privileges as appropriate for your environment).
- The server communicates over stdio when used via CLI, so integrate it with MCP clients that expect the MCP protocol over standard input/output.
- The available tools map closely to common Wireshark functionality: list_interfaces (shows capture sources), live_capture (real-time capture), read_pcap (static analysis of PCAPs), display_filter (filtering via Wireshark expressions), stats_by_proto (protocol statistics), follow_tcp (stream extraction), and export_json (export to JSON for AI processing).
- If you plan to run in a user environment with restricted permissions, prefer using non-root capture tools (dumpcap/tshark options) and ensure the correct permissions are set for packet capture.
- Check the docs in docs/ for setup and contribution guidelines, as well as development workflows if you’re contributing to the repository.
Related MCP Servers
code-mode
🔌 Plug-and-play library to enable agents to call MCP and UTCP tools via code execution.
mcp_server_filesystem
MCP File System Server: A secure Model Context Protocol server that provides file operations for AI assistants. Enables Claude and other assistants to safely read, write, and list files in a designated project directory with robust path validation and security controls.
code
Code-MCP: Connect Claude AI to your development environment through the Model Context Protocol (MCP), enabling terminal commands and file operations through the AI interface.
mcp-simple-timeserver
Simple MCP to give Claude ability to check current time as well as know when holidays are, what is the time distance between dates etc.
Convert-Markdown-PDF
Markdown To PDF Conversion MCP
mcpbr
Model Context Protocol Benchmark Runner
