[Unofficial/Community] MCP server for Wireshark/tshark integration with AI tools
Project description
mcp-wireshark
Community-maintained. Not affiliated with Wireshark or Anthropic.
An MCP server that exposes Wireshark/tshark capabilities to AI tools and IDEs. Capture live traffic, analyze .pcap files, apply display filters, follow TCP/UDP streams, and export to JSON — all via Claude Desktop, VS Code Copilot, or any MCP-compatible client.
Prerequisites
- Python 3.10+
- Wireshark/tshark installed and on
PATH
Linux: add your user to the wireshark group for non-root capture:
sudo usermod -aG wireshark $USER
Installation
pip install mcp-wireshark
Or with uv:
uvx mcp-wireshark
Configuration
Claude Desktop
~/Library/Application Support/Claude/claude_desktop_config.json (macOS)
%APPDATA%\Claude\claude_desktop_config.json (Windows)
{
"mcpServers": {
"wireshark": {
"command": "mcp-wireshark"
}
}
}
VS Code
.vscode/mcp.json in your workspace:
{
"servers": {
"wireshark": {
"command": "mcp-wireshark"
}
}
}
On Windows, if tshark isn't on PATH, add it explicitly:
{
"servers": {
"wireshark": {
"command": "mcp-wireshark",
"env": { "PATH": "C:\\Program Files\\Wireshark;${env:PATH}" }
}
}
}
Tools
| Tool | Description |
|---|---|
check_installation |
Verify tshark is installed and show version |
list_interfaces |
List available network interfaces |
live_capture |
Capture live traffic from an interface |
read_pcap |
Read packets from a .pcap/.pcapng file |
display_filter |
Apply a Wireshark display filter to a pcap file |
summarize_pcap |
High-level summary: packet count, duration, top protocols, top talkers |
stats_by_proto |
Protocol hierarchy statistics |
follow_tcp |
Extract payload from a TCP stream |
follow_udp |
Extract payload from a UDP stream |
export_json |
Export packets to a JSON file |
Quick examples
List my network interfaces
Capture 30 seconds of traffic on eth0 filtered to tcp.port == 443
Read the first 100 packets from /tmp/capture.pcap
Summarize /tmp/capture.pcap
Follow TCP stream 0 from /tmp/capture.pcap
Export HTTP packets from /tmp/capture.pcap to /tmp/http.json
Useful display filters
tcp.port == 80 HTTP
tcp.port == 443 HTTPS
dns All DNS
http.request HTTP requests only
ip.addr == 10.0.0.1 Traffic to/from specific IP
tcp.flags.syn == 1 TCP SYN packets
Development
git clone https://github.com/khuynh22/mcp-wireshark.git
cd mcp-wireshark
python -m venv venv && source venv/bin/activate # Windows: venv\Scripts\activate
pip install -e ".[dev]"
pytest # run tests
black src tests # format
ruff check src tests # lint
mypy src # type check
See CONTRIBUTING.md for contribution guidelines.
License
MIT — see LICENSE.
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file mcp_wireshark-0.2.0.tar.gz.
File metadata
- Download URL: mcp_wireshark-0.2.0.tar.gz
- Upload date:
- Size: 29.3 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.2.0 CPython/3.12.12
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
3eaeb27bce6fd45c5a25d767c50e91e7549737e0db2e443a90e5f00e5a607e98
|
|
| MD5 |
45609fa6c258263fd0d4ad612d4bce2d
|
|
| BLAKE2b-256 |
3c00f878e7fd34dd946e22ac51697bccc528e37d096f18b868ab1aff45adfdce
|
File details
Details for the file mcp_wireshark-0.2.0-py3-none-any.whl.
File metadata
- Download URL: mcp_wireshark-0.2.0-py3-none-any.whl
- Upload date:
- Size: 11.6 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.2.0 CPython/3.12.12
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
ff2e4b27dec376d4a6b9a80e1480d81cf43c668e85f96f25b680d0f74e238656
|
|
| MD5 |
e1efd582bdedc45c01d6a3c5a691ec7b
|
|
| BLAKE2b-256 |
982b5845d53c2378ac5a145e2deeae87ed4ba9e7f34d46f40750584224e228ec
|
