Exposes Wireshark's tshark command-line analyzer through MCP tools so you can drop pcap files into Claude and ask questions in natural English. Built on Python 3.10+, it requires tshark as a minimum dependency but auto-detects the full Wireshark suite (capinfos, mergecap, editcap, dumpcap, text2pcap) to unlock additional analysis capabilities when present. Ships with a CLI that auto-configures two dozen MCP clients including Claude Desktop, Cursor, and VS Code in one command. Useful for security researchers and network engineers who want conversational packet analysis without switching contexts. Live capture works when dumpcap is available but falls back to tshark. Cross-platform CI validates on Windows, Linux, and macOS.
claude mcp add --transport stdio bx33661-wireshark-mcp uvx wireshark-mcp