How do I install MCP Wireshark?

Install MCP Wireshark with a single command: npx mdskills install khuynh22/mcp-wireshark. This downloads the skill files into your project and your AI agent picks them up automatically.

What platforms support MCP Wireshark?

MCP Wireshark works with Claude Code, Claude Desktop, Cursor, Vscode Copilot, Windsurf, Continue Dev, Gemini Cli, Amp, Roo Code, Goose. Skills use the open SKILL.md format which is compatible with any AI coding agent that reads markdown instructions.

← Back to MCP servers

MCP Wireshark

Name: MCP Wireshark: AI Agent Skill
Rating: 8.2 (1 reviews)
Author: khuynh22

Verified

MCP ServerGit & Version ControlIntermediate

An MCP server that exposes Wireshark/tshark capabilities to AI tools and IDEs. Capture live traffic, analyze .pcap files, apply display filters, follow TCP/UDP streams, and export to JSON — all via Claude Desktop, VS Code Copilot, or any MCP-compatible client. - Python 3.10+ - Wireshark/tshark installed and on PATH Linux: add your user to the wireshark group for non-root capture: Or with uv: ~/Lib

by @khuynh220Updated 3/10/2026

Add this skill

npx mdskills install khuynh22/mcp-wireshark

Fork & Edit

Skill Advisor8.2

Comprehensive network analysis toolkit with clear tool descriptions and practical examples

+Provides 10 well-documented tools covering capture, analysis, and export workflows
+Includes practical display filter examples and multi-platform setup instructions
+Appropriate permissions for network capture and pcap file analysis operations
-Lacks guidance on security implications of live capture and stream following

SKILL.md

Edit in Browser

1# mcp-wireshark
2 
3> Community-maintained. Not affiliated with Wireshark or Anthropic.
4 
5An MCP server that exposes Wireshark/tshark capabilities to AI tools and IDEs. Capture live traffic, analyze `.pcap` files, apply display filters, follow TCP/UDP streams, and export to JSON — all via Claude Desktop, VS Code Copilot, or any MCP-compatible client.
6 
7[![PyPI version](https://badge.fury.io/py/mcp-wireshark.svg)](https://badge.fury.io/py/mcp-wireshark)
8[![CI](https://github.com/khuynh22/mcp-wireshark/actions/workflows/ci.yml/badge.svg)](https://github.com/khuynh22/mcp-wireshark/actions/workflows/ci.yml)
9[![License: MIT](https://img.shields.io/badge/License-MIT-yellow.svg)](https://opensource.org/licenses/MIT)
10[![Python 3.10+](https://img.shields.io/badge/python-3.10+-blue.svg)](https://www.python.org/downloads/)
11 
12## Prerequisites
13 
14- Python 3.10+
15- [Wireshark/tshark](https://www.wireshark.org/download.html) installed and on `PATH`
16 
17**Linux:** add your user to the `wireshark` group for non-root capture:
18```bash
19sudo usermod -aG wireshark $USER
20```
21 
22## Installation
23 
24```bash
25pip install mcp-wireshark
26```
27 
28Or with `uv`:
29```bash
30uvx mcp-wireshark
31```
32 
33## Configuration
34 
35### Claude Desktop
36 
37`~/Library/Application Support/Claude/claude_desktop_config.json` (macOS)
38`%APPDATA%\Claude\claude_desktop_config.json` (Windows)
39 
40```json
41{
42  "mcpServers": {
43    "wireshark": {
44      "command": "mcp-wireshark"
45    }
46  }
47}
48```
49 
50### VS Code
51 
52`.vscode/mcp.json` in your workspace:
53 
54```json
55{
56  "servers": {
57    "wireshark": {
58      "command": "mcp-wireshark"
59    }
60  }
61}
62```
63 
64On Windows, if tshark isn't on `PATH`, add it explicitly:
65```json
66{
67  "servers": {
68    "wireshark": {
69      "command": "mcp-wireshark",
70      "env": { "PATH": "C:\\Program Files\\Wireshark;${env:PATH}" }
71    }
72  }
73}
74```
75 
76## Tools
77 
78| Tool | Description |
79|------|-------------|
80| `check_installation` | Verify tshark is installed and show version |
81| `list_interfaces` | List available network interfaces |
82| `live_capture` | Capture live traffic from an interface |
83| `read_pcap` | Read packets from a `.pcap`/`.pcapng` file |
84| `display_filter` | Apply a Wireshark display filter to a pcap file |
85| `summarize_pcap` | High-level summary: packet count, duration, top protocols, top talkers |
86| `stats_by_proto` | Protocol hierarchy statistics |
87| `follow_tcp` | Extract payload from a TCP stream |
88| `follow_udp` | Extract payload from a UDP stream |
89| `export_json` | Export packets to a JSON file |
90 
91### Quick examples
92 
93```
94List my network interfaces
95Capture 30 seconds of traffic on eth0 filtered to tcp.port == 443
96Read the first 100 packets from /tmp/capture.pcap
97Summarize /tmp/capture.pcap
98Follow TCP stream 0 from /tmp/capture.pcap
99Export HTTP packets from /tmp/capture.pcap to /tmp/http.json
100```
101 
102### Useful display filters
103 
104```
105tcp.port == 80          HTTP
106tcp.port == 443         HTTPS
107dns                     All DNS
108http.request            HTTP requests only
109ip.addr == 10.0.0.1    Traffic to/from specific IP
110tcp.flags.syn == 1      TCP SYN packets
111```
112 
113## Development
114 
115```bash
116git clone https://github.com/khuynh22/mcp-wireshark.git
117cd mcp-wireshark
118python -m venv venv && source venv/bin/activate  # Windows: venv\Scripts\activate
119pip install -e ".[dev]"
120 
121pytest                   # run tests
122black src tests          # format
123ruff check src tests     # lint
124mypy src                 # type check
125```
126 
127See [CONTRIBUTING.md](CONTRIBUTING.md) for contribution guidelines.
128 
129## License
130 
131MIT — see [LICENSE](LICENSE).
132

Full transparency — inspect the skill content before installing.