SharkMCP
If you are the rightful owner of SharkMCP and would like to certify it and/or have it hosted online, please leave a comment on the right or send an email to henry@mcphub.com.
SharkMCP is a Model Context Protocol server designed for network packet capture and analysis, integrating with Wireshark/tshark to assist AI agents in network security analysis, troubleshooting, and packet inspection.
SharkMCP is a specialized server that facilitates network packet capture and analysis by leveraging the capabilities of Wireshark/tshark. It is designed to assist AI agents in performing network security analysis, troubleshooting, and packet inspection. The server is particularly useful in scenarios where an agent needs to debug a program that sends requests and verify the packet traffic. SharkMCP provides a streamlined workflow that includes starting a packet capture session, running a tool or performing a request, and then stopping the capture to analyze the results. The architecture of SharkMCP is focused on local development, providing a simple and efficient setup for users. It includes an MCP Protocol Layer for managing capture sessions and configurations, a tshark Integration Layer for cross-platform executable detection and output parsing, and Host System Integration for direct network interface access and file system operations.
Features
- Async Packet Capture: Allows background capture sessions with configurable filters and timeouts.
- PCAP File Analysis: Enables analysis of existing packet capture files.
- Flexible Output Formats: Supports JSON, custom fields, or traditional text output.
- SSL/TLS Decryption: Provides support for SSL keylog files to decrypt HTTPS traffic.
- Reusable Configurations: Allows saving and reusing capture/analysis configurations.
Tools
start_capture_session
Start background packet capture.
stop_capture_session
Stop capture and analyze results.
analyze_pcap_file
Analyze existing PCAP files.
manage_config
Save/load reusable configurations.