{"id":"khuynh22-mcp-wireshark","name":"mcp-wireshark","homepage":null,"repo_url":"https://github.com/khuynh22/mcp-wireshark","category":"infrastructure","subcategories":[],"tags":["mcp","wireshark","tshark","network-analysis","pcap","packet-capture","python","security-monitoring"],"what_it_does":"mcp-wireshark is a Python-based MCP server that exposes Wireshark/tshark functionality to MCP-compatible AI clients. It can run live packet capture, read/analyze .pcap/.pcapng files, apply display filters, follow TCP/UDP streams, and export analysis results (e.g., JSON) via defined MCP tools.","use_cases":["Investigate network incidents by capturing or analyzing packet traces","Help AI agents summarize pcaps and extract protocol-specific stats","Extract TCP/UDP stream payloads for further analysis","Convert packet data into structured JSON for downstream automation"],"not_for":["Use in environments where running tshark/wireshark binaries is disallowed","Use cases requiring strong authentication/authorization for the MCP endpoint","Large-scale always-on production traffic analytics without performance/operational planning"],"best_when":"Used in a developer/admin workflow where an operator can install dependencies (tshark) and run the MCP server locally or within a controlled network environment.","avoid_when":"Avoid exposing the MCP server broadly to untrusted networks or multi-tenant environments without additional access controls; avoid running it as a privileged process when only offline analysis is needed.","alternatives":["Wireshark GUI/CLI (tshark) directly with scripts","Other MCP servers or wrappers around network analysis tools (if available)","Python libraries for packet parsing (e.g., scapy) for limited parsing needs"],"af_score":58.2,"security_score":29.5,"reliability_score":28.8,"package_type":"mcp_server","discovery_source":["github"],"priority":"high","status":"evaluated","version_evaluated":null,"last_evaluated":"2026-03-30T15:29:17.413567+00:00","interface":{"has_rest_api":false,"has_graphql":false,"has_grpc":false,"has_mcp_server":true,"mcp_server_url":null,"has_sdk":false,"sdk_languages":[],"openapi_spec_url":null,"webhooks":false},"auth":{"methods":[],"oauth":false,"scopes":false,"notes":"No authentication mechanism is described in the README; access is likely controlled by local process/network exposure of the MCP server and the host permissions."},"pricing":{"model":null,"free_tier_exists":false,"free_tier_limits":null,"paid_tiers":[],"requires_credit_card":false,"estimated_workload_costs":null,"notes":"The package is distributed as a Python package (MIT license) and does not describe any paid service tiers in the provided content."},"requirements":{"requires_signup":false,"requires_credit_card":false,"domain_verification":false,"data_residency":[],"compliance":[],"min_contract":null},"agent_readiness":{"af_score":58.2,"security_score":29.5,"reliability_score":28.8,"mcp_server_quality":70.0,"documentation_accuracy":75.0,"error_message_quality":0.0,"error_message_notes":null,"auth_complexity":95.0,"rate_limit_clarity":0.0,"tls_enforcement":20.0,"auth_strength":10.0,"scope_granularity":0.0,"dependency_hygiene":60.0,"secret_handling":70.0,"security_notes":"No authentication/authorization is described for the MCP server; exposing it to untrusted networks could be risky. It relies on external binaries (tshark/wireshark) and privileged capture permissions (e.g., wireshark group), which increases operational/security considerations. TLS/auth at the transport layer are not documented (MCP typically depends on client/server configuration). Secret handling is not discussed; configuration examples show env PATH overrides but no secret management guidance.","uptime_documented":0.0,"version_stability":45.0,"breaking_changes_history":40.0,"error_recovery":30.0,"idempotency_support":"false","idempotency_notes":"Some operations (e.g., live_capture) are inherently non-idempotent; no idempotency guarantees are documented.","pagination_style":"none","retry_guidance_documented":false,"known_agent_gotchas":["Requires tshark to be installed and on PATH (or configured) before tools will function","Live capture may require OS permissions (e.g., wireshark group membership on Linux)","Processing large pcaps/long captures can be slow or resource-intensive; agents should limit capture duration/filter scope"]}}