WireMCP Network Analyzer

MCPOpen SourceMIT62.0

by 0xKoda • Analytics & Monitoring

An MCP server that exposes tshark-based tools to let LLMs capture, analyze, and enrich live or recorded network traffic for threat hunting and diagnostics.

Example Use Cases

1
Inspect live network packets and extract structured JSON packet fields (IPs, ports, HTTP methods) for analysis or reasoning.
2
Perform threat-hunting workflows by checking captured IPs against URLhaus and other threat feeds.
3
Analyze PCAP files, extract potential credentials, summarize protocol usage, and generate human-readable reports from packet data.

Description

WireMCP is an MCP server that wraps Wireshark's tshark to provide LLMs with structured, JSON-formatted network context. It offers live packet capture, protocol summary statistics, conversation tracking, PCAP analysis, credential extraction, and basic IOC checks (URLhaus). This enables agents to perform real-time traffic analysis, post-capture forensic work, and integrate simple threat intelligence into reasoning. The project is open-source and intended to run locally where tshark is available.

Quick Actions

View on GitHub

Security

Scanned 3 month(s) ago

Risk Level

MINIMAL

Read-only data retrieval, no side effects

Trust Score

D45/100

8/17 checks passed

Scores are informational only and provided “as is” without warranty. AgentHotspot assumes no liability for actions taken based on these ratings.

Quick Stats

Service TypeMCP

Pricing ModelFree

Capabilities0 Tools / 0 Prompts / 0 Resources

Owner0xKoda

CategoryAnalytics & Monitoring

DependenciesWireshark (tshark)required