Wireshark
Wireshark MCP 是一个基于 Model Context Protocol (MCP) 的服务器,允许 AI 助手通过 tshark 命令行工具进行交互。该工具提供了丰富的网络数据分析功能,支持实时抓包和离线分析。
What is Wireshark?
Wireshark is a Model Context Protocol (MCP) server that allows AI assistants like Claude, Cursor, and VS Code to wireshark mcp 是一个基于 model context protocol (mcp) 的服务器,允许 ai 助手通过 tshark 命令行工具进行交互。该工具提供了丰富的网络数据分析功能,支持实时抓包和离线分析。
Wireshark MCP 是一个基于 Model Context Protocol (MCP) 的服务器,允许 AI 助手通过 tshark 命令行工具进行交互。该工具提供了丰富的网络数据分析功能,支持实时抓包和离线分析。
This server falls under the Monitoring & Observability category on MCPgee, the world's largest MCP server directory with 33,000+ servers.
Features
- Wireshark MCP 是一个基于 Model Context Protocol (MCP) 的服务器,允许 AI
Use Cases
Maintainer
Works with
Installation
NPM
npx -y wiresharkManual Installation
npx -y wiresharkConfiguration
Configuration Details
claude_desktop_config.json
Performance
Response Metrics
Resource Usage
How to Set Up and Use Wireshark
Wireshark MCP connects AI assistants to the tshark command-line tool, enabling natural-language network packet analysis without leaving your chat interface. It exposes a suite of statistical and detail-level tools — from bandwidth time-slicing to protocol breakdowns and error detection — so you can ask questions like 'Is there a DDoS pattern here?' and get meaningful answers from real capture files. The server emphasizes a statistics-first workflow that keeps responses within LLM context limits by aggregating summaries before sampling raw packets.
Prerequisites
- Python 3.9 or higher installed
- Wireshark / tshark installed and available on your system PATH
- An MCP-compatible client such as Claude Desktop
- Packet capture files (.pcap/.pcapng) you want to analyze, or root/sudo access for live capture
Install tshark
Wireshark MCP delegates all packet parsing to tshark. Install the full Wireshark suite (which includes tshark) from your OS package manager or from wireshark.org, then verify it is on your PATH.
# macOS
brew install wireshark
# Ubuntu/Debian
sudo apt-get install tshark
# Verify
tshark --versionClone the repository and install Python dependencies
Download the server source and install the required Python packages, including the MCP SDK.
git clone https://github.com/jayimu/Wireshark_mcp.git
cd Wireshark_mcp
pip install -r requirements.txtStart the MCP server
Run the server locally. By default it listens on 127.0.0.1:3000 using Server-Sent Events (SSE) transport.
python wireshark_mcp.pyVerify the server is running
Check the status endpoint to confirm the server started successfully before connecting your MCP client.
curl http://127.0.0.1:3000/statusConfigure your MCP client
Add a server entry pointing to the local SSE URL. For Claude Desktop, edit claude_desktop_config.json with the connection details.
{
"mcpServers": {
"wireshark": {
"type": "sse",
"url": "http://127.0.0.1:3000/"
}
}
}Wireshark Examples
Client configuration
SSE-based configuration for Claude Desktop connecting to the locally running Wireshark MCP server.
{
"mcpServers": {
"wireshark": {
"type": "sse",
"url": "http://127.0.0.1:3000/"
}
}
}Prompts to try
Natural-language prompts that exercise the statistical and analysis tools exposed by this server.
- "Get packet statistics for /captures/traffic.pcap and summarize the top talkers"
- "Run an IO stat on /captures/traffic.pcap in 1-second intervals to identify bandwidth spikes"
- "Analyze errors in /captures/session.pcap — are there TCP retransmissions or resets?"
- "Show me conversation stats grouped by IP for /captures/suspicious.pcap"
- "Is there evidence of a DDoS attack in /captures/ddos.pcap? Start with statistics before sampling packets"Troubleshooting Wireshark
tshark not found or 'command not found' error when the server starts
Ensure tshark is installed and on your PATH. Run 'which tshark' to confirm. On macOS you may need to add /Applications/Wireshark.app/Contents/MacOS to PATH or use the Homebrew package.
LLM context limit exceeded when analyzing large pcap files
Always start with statistical tools (get_packet_statistics, io_stat, conversation_stats) before using analyze_pcap. When calling analyze_pcap, set max_packets to 20-50 to limit the number of full packet records returned.
Connection refused when the MCP client tries to reach 127.0.0.1:3000
Make sure wireshark_mcp.py is running before starting your MCP client. Check for port conflicts with 'lsof -i :3000' and restart the server if needed.
Frequently Asked Questions about Wireshark
What is Wireshark?
Wireshark is a Model Context Protocol (MCP) server that wireshark mcp 是一个基于 model context protocol (mcp) 的服务器,允许 ai 助手通过 tshark 命令行工具进行交互。该工具提供了丰富的网络数据分析功能,支持实时抓包和离线分析。 It connects AI assistants to external tools and data sources through a standardized interface.
How do I install Wireshark?
Install via npm with the command: npx -y wireshark. Then add the server configuration to your AI client's JSON config file (e.g., claude_desktop_config.json or .cursor/mcp.json).
Which AI clients work with Wireshark?
Wireshark works with all major MCP-compatible AI clients including Claude Desktop, Claude Code, Cursor, VS Code (GitHub Copilot), Windsurf, and Cline.
Is Wireshark free to use?
Yes, Wireshark is open source and available under the MIT license. You can use it freely in both personal and commercial projects.
Wireshark Alternatives — Similar Monitoring & Observability Servers
Looking for alternatives to Wireshark? Here are other popular monitoring & observability servers you can use with Claude, Cursor, and VS Code.
Netdata
★ 78.9kReal-time infrastructure monitoring with metrics, logs, alerts, and ML-based anomaly detection.
Kubeshark
★ 11.9keBPF-powered network observability for Kubernetes. Indexes L4/L7 traffic with full K8s context, decrypts TLS without keys. Queryable by AI agents via MCP and humans via dashboard.
Mission Control
★ 4.9kSelf-hosted AI agent orchestration platform: dispatch tasks, run multi-agent workflows, monitor spend, and govern operations from one mission control dashboard.
Grafana
★ 3.0kThis MCP server enables natural-language querying of Grafana logs by automatically detecting log sources and service labels. It provides read-only access to log data with intelligent caching for efficient repeat queries.
Sentrux
★ 2.4kReal-time architectural sensor that helps AI agents close the feedback loop, enabling recursive self-improvement of code quality. Pure Rust.
OpenInference
★ 986OpenTelemetry Instrumentation for AI Observability
Browse More Monitoring & Observability MCP Servers
Explore all monitoring & observability servers available in the MCPgee directory. Each server includes setup guides for Claude, Cursor, and VS Code.
Set Up Wireshark in Your Editor
Choose your AI client for step-by-step setup instructions.
Quick Config Preview
Add this to your claude_desktop_config.json or .cursor/mcp.json
Ready to use Wireshark?
Browse our complete directory of 33,000+ MCP servers, read setup guides for your editor, and start building with the Model Context Protocol.