Is io.github.bx33661/wireshark-mcp safe to use?

io.github.bx33661/wireshark-mcp has no known CVEs as of the latest MCPpedia security scan. It does not require authentication, so any local process can connect — keep this in mind in shared environments.

How do I install io.github.bx33661/wireshark-mcp?

io.github.bx33661/wireshark-mcp supports copy-paste install configs on its MCPpedia page for Claude Desktop, Cursor, and Claude Code. Scroll to the Quick Install section and select your client.

What AI clients work with io.github.bx33661/wireshark-mcp?

io.github.bx33661/wireshark-mcp is compatible with Claude Desktop, Cursor, Claude Code, and most MCP clients that support stdio transport. It uses stdio and sse and http transport.

Is io.github.bx33661/wireshark-mcp actively maintained?

io.github.bx33661/wireshark-mcp is actively maintained — last commit was 9 days ago. It has 85 GitHub stars.

Should you use this server?

Professional network analysis with tshark. Security audits, deep-dives, and threat detection.

✓

Is it safe?

No known CVEs for wireshark-mcp.

No authentication — any process on your machine can connect.

License not specified.

✓

Is it maintained?

Last commit 9 days ago. 85 stars.

Will it work with my client?

Transport: stdio, sse, http. Works with Claude Desktop, Cursor, Claude Code, and most MCP clients.

Score Breakdown

MCPpedia Score

Click each category to see evidence

53C

Last scored 21h ago

How we score →

Security

20/30

No known vulnerabilities.

✓

Known CVEs — No known CVEs for wireshark-mcpcheck OSV.dev

○

Tool safety — No tools to analyze

○

Tool poisoning — No tools to analyze

○

Injection vectors — No tools to analyze

✓

Tool stability — Tool definitions stable

○

Dependency health — found on deps.dev, recently updated

✗

License — No license specified

○

Authentication — No authentication required

Wireshark MCP

Give your AI assistant a packet analyzer.
Drop a .pcap file, ask questions in plain English — get answers backed by real tshark data.

English · 中文 · Changelog · Contributing

What is this?

Wireshark MCP is an MCP Server that turns tshark into a structured analysis interface, then layers in optional Wireshark suite utilities such as capinfos, mergecap, editcap, dumpcap, and text2pcap when they are available. The result is a packet-analysis server that still works with only tshark, but gets stronger automatically on hosts with more of the Wireshark toolchain installed.

You:    "Find all DNS queries going to suspicious domains in this capture."
Claude: [calls wireshark_extract_dns_queries → wireshark_check_threats]
        "Found 3 queries to domains flagged by URLhaus: ..."

Prerequisites

Python 3.10+
Wireshark installed with tshark
tshark is the only required Wireshark CLI dependency
Optional suite tools such as capinfos, mergecap, editcap, dumpcap, and text2pcap are auto-detected and enable extra MCP features when present
Live capture prefers dumpcap when available, but falls back to tshark so a minimal installation still works
tshark on your PATH is recommended, but wireshark-mcp install also records detected absolute Wireshark tool paths for GUI clients
Any MCP-compatible client: Claude Desktop, Claude Code, Cursor, VS Code, etc.

1.0 Support Matrix

For v1.0, "stable" means the project commits to the following baseline:

| Area | v1.0 baseline | |---|---| | Operating systems | Windows, Linux, and macOS | | CI validation | Test suite runs on all three platforms; packaged CLI smoke tests run on all three platforms; real tshark integration smoke runs on Linux | | Python versions | 3.10, 3.11, 3.12, 3.13 | | Required Wireshark dependency | tshark | | Optional Wireshark suite tools | capinfos, mergecap, editcap, dumpcap, text2pcap auto-detected when present | | Supported install paths | pip install wireshark-mcp, source install, and manual MCP config snippets | | User-facing verification | wireshark-mcp doctor, wireshark-mcp clients, and wireshark-mcp config |

If one of these baseline items stops working, that is a 1.0.x bug, not a "future enhancement".

Demo Videos

Install Demo

Play or download the install demo video

Analysis Demo

Play or download the analysis demo video

Installation

Option 1 — One-click install in Cursor (no pre-install needed)

[![In

... View full README on GitHub

io.github.bx33661/wireshark-mcp

Quick Install

Should you use this server?

Test This Server

Score Breakdown

MCPpedia Score

Security

Help improve this page

Reviews

Frequently Asked Questions

Similar servers

MCPpedia

io.github.xkumakichi/xaip-mcp-server

Ggmcp

Swiss Caselaw MCP Server

Discussion