Wireshark

v1.0.0Monitoring & Observabilitystable

Wireshark MCP 是一个基于 Model Context Protocol (MCP) 的服务器,允许 AI 助手通过 tshark 命令行工具进行交互。该工具提供了丰富的网络数据分析功能,支持实时抓包和离线分析。

wiresharkmcpai-integration
Share:
52
Stars
0
Downloads
0
Weekly
0/5

What is Wireshark?

Wireshark is a Model Context Protocol (MCP) server that allows AI assistants like Claude, Cursor, and VS Code to wireshark mcp 是一个基于 model context protocol (mcp) 的服务器,允许 ai 助手通过 tshark 命令行工具进行交互。该工具提供了丰富的网络数据分析功能,支持实时抓包和离线分析。

Wireshark MCP 是一个基于 Model Context Protocol (MCP) 的服务器,允许 AI 助手通过 tshark 命令行工具进行交互。该工具提供了丰富的网络数据分析功能,支持实时抓包和离线分析。

This server falls under the Monitoring & Observability category on MCPgee, the world's largest MCP server directory with 33,000+ servers.

Features

  • Wireshark MCP 是一个基于 Model Context Protocol (MCP) 的服务器,允许 AI

Use Cases

Network packet analysis and inspection
Real-time traffic monitoring
jayimu

Maintainer

LicenseMIT
Languagepython
Versionv1.0.0
UpdatedMay 14, 2026
Statushealthy
Maintenanceactive

Works with

ClaudeOpenAIwindowsmacoslinux

Installation

NPM

npx -y wireshark

Manual Installation

npx -y wireshark

Configuration

Configuration Details

Config File

claude_desktop_config.json

Performance

Response Metrics

Response Time< 200ms
ThroughputMedium

Resource Usage

Memory UsageLow
CPU UsageLow

How to Set Up and Use Wireshark

Wireshark MCP connects AI assistants to the tshark command-line tool, enabling natural-language network packet analysis without leaving your chat interface. It exposes a suite of statistical and detail-level tools — from bandwidth time-slicing to protocol breakdowns and error detection — so you can ask questions like 'Is there a DDoS pattern here?' and get meaningful answers from real capture files. The server emphasizes a statistics-first workflow that keeps responses within LLM context limits by aggregating summaries before sampling raw packets.

Prerequisites

  • Python 3.9 or higher installed
  • Wireshark / tshark installed and available on your system PATH
  • An MCP-compatible client such as Claude Desktop
  • Packet capture files (.pcap/.pcapng) you want to analyze, or root/sudo access for live capture
1

Install tshark

Wireshark MCP delegates all packet parsing to tshark. Install the full Wireshark suite (which includes tshark) from your OS package manager or from wireshark.org, then verify it is on your PATH.

# macOS
brew install wireshark

# Ubuntu/Debian
sudo apt-get install tshark

# Verify
tshark --version
2

Clone the repository and install Python dependencies

Download the server source and install the required Python packages, including the MCP SDK.

git clone https://github.com/jayimu/Wireshark_mcp.git
cd Wireshark_mcp
pip install -r requirements.txt
3

Start the MCP server

Run the server locally. By default it listens on 127.0.0.1:3000 using Server-Sent Events (SSE) transport.

python wireshark_mcp.py
4

Verify the server is running

Check the status endpoint to confirm the server started successfully before connecting your MCP client.

curl http://127.0.0.1:3000/status
5

Configure your MCP client

Add a server entry pointing to the local SSE URL. For Claude Desktop, edit claude_desktop_config.json with the connection details.

{
  "mcpServers": {
    "wireshark": {
      "type": "sse",
      "url": "http://127.0.0.1:3000/"
    }
  }
}

Wireshark Examples

Client configuration

SSE-based configuration for Claude Desktop connecting to the locally running Wireshark MCP server.

{
  "mcpServers": {
    "wireshark": {
      "type": "sse",
      "url": "http://127.0.0.1:3000/"
    }
  }
}

Prompts to try

Natural-language prompts that exercise the statistical and analysis tools exposed by this server.

- "Get packet statistics for /captures/traffic.pcap and summarize the top talkers"
- "Run an IO stat on /captures/traffic.pcap in 1-second intervals to identify bandwidth spikes"
- "Analyze errors in /captures/session.pcap — are there TCP retransmissions or resets?"
- "Show me conversation stats grouped by IP for /captures/suspicious.pcap"
- "Is there evidence of a DDoS attack in /captures/ddos.pcap? Start with statistics before sampling packets"

Troubleshooting Wireshark

tshark not found or 'command not found' error when the server starts

Ensure tshark is installed and on your PATH. Run 'which tshark' to confirm. On macOS you may need to add /Applications/Wireshark.app/Contents/MacOS to PATH or use the Homebrew package.

LLM context limit exceeded when analyzing large pcap files

Always start with statistical tools (get_packet_statistics, io_stat, conversation_stats) before using analyze_pcap. When calling analyze_pcap, set max_packets to 20-50 to limit the number of full packet records returned.

Connection refused when the MCP client tries to reach 127.0.0.1:3000

Make sure wireshark_mcp.py is running before starting your MCP client. Check for port conflicts with 'lsof -i :3000' and restart the server if needed.

Frequently Asked Questions about Wireshark

What is Wireshark?

Wireshark is a Model Context Protocol (MCP) server that wireshark mcp 是一个基于 model context protocol (mcp) 的服务器,允许 ai 助手通过 tshark 命令行工具进行交互。该工具提供了丰富的网络数据分析功能,支持实时抓包和离线分析。 It connects AI assistants to external tools and data sources through a standardized interface.

How do I install Wireshark?

Install via npm with the command: npx -y wireshark. Then add the server configuration to your AI client's JSON config file (e.g., claude_desktop_config.json or .cursor/mcp.json).

Which AI clients work with Wireshark?

Wireshark works with all major MCP-compatible AI clients including Claude Desktop, Claude Code, Cursor, VS Code (GitHub Copilot), Windsurf, and Cline.

Is Wireshark free to use?

Yes, Wireshark is open source and available under the MIT license. You can use it freely in both personal and commercial projects.

Browse More Monitoring & Observability MCP Servers

Explore all monitoring & observability servers available in the MCPgee directory. Each server includes setup guides for Claude, Cursor, and VS Code.

Quick Config Preview

{ "mcpServers": { "wireshark": { "command": "npx", "args": ["-y", "wireshark"] } } }

Add this to your claude_desktop_config.json or .cursor/mcp.json

Read the full setup guide →

Ready to use Wireshark?

Browse our complete directory of 33,000+ MCP servers, read setup guides for your editor, and start building with the Model Context Protocol.

33,000+ ServersFree & Open SourceStep-by-Step Guides