bx33661/Wireshark-MCP

Overview

Wireshark-MCP is a Python-based MCP server that lets AI assistants analyze network packet captures. It accepts .pcap files and answers plain-English questions by running tshark queries against the data.

Best for

Best for
Developers and security analysts who want to query packet captures through an AI assistant

Use cases

• Ask an AI to explain suspicious traffic patterns in a .pcap file
• Automate network forensics by feeding captures to an assistant
• Query packet details without manually writing tshark commands

Notes

Wireshark-MCP is a Python-based MCP server that lets AI assistants analyze network packet captures. It accepts .pcap files and answers plain-English questions by running tshark queries against the data.

131 stars on GitHub. Last updated 2026-05-22. Licensed MIT.

Use cases

• Ask an AI to explain suspicious traffic patterns in a .pcap file
• Automate network forensics by feeding captures to an assistant
• Query packet details without manually writing tshark commands

Pros

• Bridges natural language questions with real tshark analysis
• Lightweight Python server easy to integrate into MCP workflows
• Open source with 131 stars and active community interest

Cons

• Requires tshark installed separately on the host system
• Limited to .pcap file input; no live capture support
• Dependent on the AI assistant’s ability to interpret network data

Indexed from awesome-mcp-servers-punkpeye and enriched against its public facts.