A community-driven registry for the Claude Code ecosystem. Not affiliated with Anthropic.
Are you the author? Sign in to claim
Wireshark-MCP,Give your AI assistant a packet analyzer. Drop a .pcap file, ask questions in plain English — get answers
Give your AI assistant a packet analyzer.
Drop a .pcap file, ask questions in plain English — get answers backed by real tshark data.
English • 中文 • Changelog • Contributing
An MCP server that wraps tshark (and optional Wireshark suite tools) into a structured analysis interface. Works with Claude Desktop, Claude Code, Cursor, VS Code, and 18+ other MCP clients.
You: "Find all DNS queries going to suspicious domains in this capture."
Claude: [calls wireshark_extract_dns_queries → wireshark_check_threats]
"Found 3 queries to domains flagged by URLhaus: ..."
Prerequisites: Python 3.10+ and Wireshark with tshark on PATH.
pip install wireshark-mcp
wireshark-mcp install # auto-configures all detected MCP clients
Restart your AI client — done.
Run wireshark-mcp doctor if anything looks off. See docs/manual-configuration.md for manual setup or platform-specific notes.
Point your AI client at a .pcap file and try:
Analyze capture.pcap using the Wireshark MCP tools.
Start with wireshark_open_file, then run wireshark_security_audit.
Write findings to report.md.
40+ tools organized into categories:
| Category | Highlights | Count |
|---|---|---|
| Agentic Workflows | wireshark_security_audit, wireshark_quick_analysis, wireshark_open_file | 4 |
| Packet Analysis | Packet list, details, bytes, context, stream follow, search | 7 |
| Data Extraction | HTTP requests, DNS queries, TLS handshakes, field extraction | 6 |
| Statistics | Protocol hierarchy, endpoints, conversations, I/O graph, expert info | 6 |
| Security | Threat intel, credential scan, port scan, DNS tunnel, DoS detection | 6 |
| Protocol Deep Dive | TCP health, ARP spoofing, SMTP, DHCP | 5 |
| File Ops & Capture | Live capture, merge, filter-save, file info | 5 |
| Suite Utilities | editcap trim/split/dedup, text2pcap import | 5 |
| Decode & Visualize | Payload decode, traffic plot, protocol tree | 3 |
The server starts with only tshark required. Optional tools (capinfos, mergecap, editcap, dumpcap, text2pcap) are auto-detected and enable extra features when present.
| Topic | Link |
|---|---|
| Platform setup (macOS/Linux/Windows) | docs/platform-validation.md |
| Manual client configuration | docs/manual-configuration.md |
| Prompt templates | docs/prompt-engineering.md |
| Release checklist | docs/release-checklist.md |
| Contributing | CONTRIBUTING.md |
| Changelog | CHANGELOG.md |
| Security policy | SECURITY.md |
pip install -e ".[dev]"
pytest tests/ -v
ruff check src/ tests/
See CONTRIBUTING.md for the full guide.
Run Claude Code as an MCP server so any agent can delegate coding tasks to it
Browser automation using accessibility snapshots instead of screenshots
English-first Korean equity intelligence MCP — DART filings, foreign-holder 5%-rule flows, activist filings, KRX news. F
Unity MCP acts as a bridge between AI assistants and your Unity Editor. Give your LLM tools to manage assets, control sc
