MCP Wireshark

v1.0.0Monitoring & Observabilitystable

An MCP server that integrates Wireshark/tshark with AI tools and IDEs. Capture live traffic, parse .pcap files, apply display filters, follow streams, and export JSON - all via Claude Desktop, VS Code, or CLI. Cross‑platform, typed, tested, and pip‑i

claude-aimcpmcp-servermodel-context-protocolnetwork-analysis
Share:
39
Stars
0
Downloads
0
Weekly
0/5

What is MCP Wireshark?

MCP Wireshark is a Model Context Protocol (MCP) server that allows AI assistants like Claude, Cursor, and VS Code to mcp server that integrates wireshark/tshark with ai tools and ides. capture live traffic, parse .pcap files, apply display filters, follow streams, and export json - all via claude desktop, vs code, o...

An MCP server that integrates Wireshark/tshark with AI tools and IDEs. Capture live traffic, parse .pcap files, apply display filters, follow streams, and export JSON - all via Claude Desktop, VS Code, or CLI. Cross‑platform, typed, tested, and pip‑i

This server falls under the Monitoring & Observability and Security categories on MCPgee, the world's largest MCP server directory with 33,000+ servers.

Features

  • An MCP server that integrates Wireshark/tshark with AI tools

Use Cases

Capture and analyze live network traffic using Wireshark/tshark. Parse PCAP files, apply filters, and export network data as JSON.
khuynh22

Maintainer

LicenseMIT
Languagepython
Versionv1.0.0
UpdatedMay 19, 2026
Statushealthy
Maintenanceactive

Works with

ClaudeOpenAIwindowsmacoslinux

Installation

Manual Installation

npx mcp-wireshark

Configuration

Configuration Details

Config File

claude_desktop_config.json

Performance

Response Metrics

Response Time< 200ms
ThroughputMedium

Resource Usage

Memory UsageLow
CPU UsageLow

How to Set Up and Use MCP Wireshark

MCP Wireshark is a community-maintained MCP server that gives AI assistants direct access to Wireshark's packet analysis engine (tshark) for network traffic inspection. It exposes 13 tools covering live packet capture, PCAP file reading, display filter application, TCP/UDP stream reassembly, protocol decoding, expert analysis, and JSON export. Network engineers, security analysts, and ICS/SCADA specialists use it to ask Claude natural-language questions about network traffic without switching between tools.

Prerequisites

  • Python 3.10 or higher
  • Wireshark installed with tshark accessible on your system PATH (download from wireshark.org)
  • An MCP-compatible client: Claude Desktop, Claude Code, VS Code, Cursor, or Windsurf
  • pip or uv for package installation
  • Administrator/sudo privileges may be required for live packet capture
1

Install Wireshark and verify tshark

Install Wireshark for your platform. On macOS, use Homebrew; on Linux, use your package manager. Verify tshark is on your PATH after installation.

# macOS
brew install --cask wireshark

# Ubuntu/Debian
sudo apt-get install tshark

# Verify
tshark --version
2

Install the mcp-wireshark Python package

Install via pip or uv. This places the mcp-wireshark binary on your PATH.

pip install mcp-wireshark
# or using uv:
uv pip install mcp-wireshark
3

Add to Claude Code (quickest path)

For Claude Code users, one command installs the server for all projects.

claude mcp add --transport stdio --scope user mcp-wireshark -- mcp-wireshark
4

Configure Claude Desktop

Edit ~/Library/Application Support/Claude/claude_desktop_config.json (macOS) or %APPDATA%\Claude\claude_desktop_config.json (Windows).

{
  "mcpServers": {
    "wireshark": {
      "command": "mcp-wireshark"
    }
  }
}
5

Verify the installation

After restarting your MCP client, ask Claude to run the check_installation tool to confirm tshark is detected.

MCP Wireshark Examples

Client configuration (Claude Desktop)

Minimal Claude Desktop configuration — no environment variables or API keys required.

{
  "mcpServers": {
    "wireshark": {
      "command": "mcp-wireshark"
    }
  }
}

Prompts to try

Drop these prompts into Claude to analyze network traffic with tshark.

- "Summarize ./capture.pcap and tell me which IPs talked the most."
- "From ./traffic.pcap, show me only HTTP requests."
- "Follow TCP stream 0 in ./traffic.pcap and tell me what protocol is inside."
- "Capture 30 seconds of traffic on en0 filtered to tcp.port == 443."
- "Run expert analysis on ./traffic.pcap and group findings by severity."
- "Decode all DNS packets in ./traffic.pcap and show me the queried hostnames."
- "Export every TLS packet from ./capture.pcap to ./tls.json."

Troubleshooting MCP Wireshark

tshark not found on Windows after installing Wireshark

Add the Wireshark installation directory (usually C:\Program Files\Wireshark) to your system PATH environment variable, not just the user PATH. Restart your terminal and MCP client after making the change.

Live capture fails with 'permission denied' or 'no interfaces found'

On Linux, add your user to the wireshark group: 'sudo usermod -aG wireshark $USER' and log out/in. On macOS, run Claude with sudo or adjust tshark permissions. On Windows, ensure Npcap is installed (it comes with Wireshark) and run as Administrator.

read_pcap returns an empty result or errors on a valid .pcap file

Confirm the file path is absolute (not relative) and that the file is a valid pcap or pcapng format. Use the display_filter tool with an empty filter string first to confirm tshark can open the file. Large captures may need the max_packets parameter to avoid timeouts.

Frequently Asked Questions about MCP Wireshark

What is MCP Wireshark?

MCP Wireshark is a Model Context Protocol (MCP) server that mcp server that integrates wireshark/tshark with ai tools and ides. capture live traffic, parse .pcap files, apply display filters, follow streams, and export json - all via claude desktop, vs code, or cli. cross‑platform, typed, tested, and pip‑i It connects AI assistants to external tools and data sources through a standardized interface.

How do I install MCP Wireshark?

Follow the installation instructions on the MCP Wireshark GitHub repository. Clone the repo, install dependencies, and add the server config to your AI client.

Which AI clients work with MCP Wireshark?

MCP Wireshark works with all major MCP-compatible AI clients including Claude Desktop, Claude Code, Cursor, VS Code (GitHub Copilot), Windsurf, and Cline.

Is MCP Wireshark free to use?

Yes, MCP Wireshark is open source and available under the MIT license. You can use it freely in both personal and commercial projects.

Browse More Monitoring & Observability MCP Servers

Explore all monitoring & observability servers available in the MCPgee directory. Each server includes setup guides for Claude, Cursor, and VS Code.

Quick Config Preview

{ "mcpServers": { "mcp-wireshark": { "command": "npx", "args": ["-y", "mcp-wireshark"] } } }

Add this to your claude_desktop_config.json or .cursor/mcp.json

Read the full setup guide →

Ready to use MCP Wireshark?

Browse our complete directory of 33,000+ MCP servers, read setup guides for your editor, and start building with the Model Context Protocol.

33,000+ ServersFree & Open SourceStep-by-Step Guides