An MCP server that exposes Wireshark/tshark capabilities to AI tools and IDEs. Capture live traffic, analyze .pcap files, apply display filters, follow TCP/UDP streams, and export to JSON — all via Claude Desktop, VS Code Copilot, or any MCP-compatible client. - Python 3.10+ - Wireshark/tshark installed and on PATH Linux: add your user to the wireshark group for non-root capture: Or with uv: ~/Lib
Add this skill
npx mdskills install khuynh22/mcp-wiresharkComprehensive network analysis toolkit with clear tool descriptions and practical examples
Community-maintained. Not affiliated with Wireshark or Anthropic.
An MCP server that exposes Wireshark/tshark capabilities to AI tools and IDEs. Capture live traffic, analyze .pcap files, apply display filters, follow TCP/UDP streams, and export to JSON — all via Claude Desktop, VS Code Copilot, or any MCP-compatible client.
PATHLinux: add your user to the wireshark group for non-root capture:
sudo usermod -aG wireshark $USER
pip install mcp-wireshark
Or with uv:
uvx mcp-wireshark
~/Library/Application Support/Claude/claude_desktop_config.json (macOS)
%APPDATA%\Claude\claude_desktop_config.json (Windows)
{
"mcpServers": {
"wireshark": {
"command": "mcp-wireshark"
}
}
}
.vscode/mcp.json in your workspace:
{
"servers": {
"wireshark": {
"command": "mcp-wireshark"
}
}
}
On Windows, if tshark isn't on PATH, add it explicitly:
{
"servers": {
"wireshark": {
"command": "mcp-wireshark",
"env": { "PATH": "C:\\Program Files\\Wireshark;${env:PATH}" }
}
}
}
| Tool | Description |
|---|---|
check_installation | Verify tshark is installed and show version |
list_interfaces | List available network interfaces |
live_capture | Capture live traffic from an interface |
read_pcap | Read packets from a .pcap/.pcapng file |
display_filter | Apply a Wireshark display filter to a pcap file |
summarize_pcap | High-level summary: packet count, duration, top protocols, top talkers |
stats_by_proto | Protocol hierarchy statistics |
follow_tcp | Extract payload from a TCP stream |
follow_udp | Extract payload from a UDP stream |
export_json | Export packets to a JSON file |
List my network interfaces
Capture 30 seconds of traffic on eth0 filtered to tcp.port == 443
Read the first 100 packets from /tmp/capture.pcap
Summarize /tmp/capture.pcap
Follow TCP stream 0 from /tmp/capture.pcap
Export HTTP packets from /tmp/capture.pcap to /tmp/http.json
tcp.port == 80 HTTP
tcp.port == 443 HTTPS
dns All DNS
http.request HTTP requests only
ip.addr == 10.0.0.1 Traffic to/from specific IP
tcp.flags.syn == 1 TCP SYN packets
git clone https://github.com/khuynh22/mcp-wireshark.git
cd mcp-wireshark
python -m venv venv && source venv/bin/activate # Windows: venv\Scripts\activate
pip install -e ".[dev]"
pytest # run tests
black src tests # format
ruff check src tests # lint
mypy src # type check
See CONTRIBUTING.md for contribution guidelines.
MIT — see LICENSE.
Install via CLI
npx mdskills install khuynh22/mcp-wiresharkMCP Wireshark is a free, open-source AI agent skill. An MCP server that exposes Wireshark/tshark capabilities to AI tools and IDEs. Capture live traffic, analyze .pcap files, apply display filters, follow TCP/UDP streams, and export to JSON — all via Claude Desktop, VS Code Copilot, or any MCP-compatible client. - Python 3.10+ - Wireshark/tshark installed and on PATH Linux: add your user to the wireshark group for non-root capture: Or with uv: ~/Lib
Install MCP Wireshark with a single command:
npx mdskills install khuynh22/mcp-wiresharkThis downloads the skill files into your project and your AI agent picks them up automatically.
MCP Wireshark works with Claude Code, Claude Desktop, Cursor, Vscode Copilot, Windsurf, Continue Dev, Gemini Cli, Amp, Roo Code, Goose. Skills use the open SKILL.md format which is compatible with any AI coding agent that reads markdown instructions.