playbooks

home / mcp / sharkmcp server

SharkMCP Server

Provides local network packet capture and analysis via tshark integration for debugging and traffic inspection.

Installation
Add the following to your MCP client configuration file.

Configuration

View docs
{
  "mcpServers": {
    "tuliperis-sharkmcp": {
      "command": "node",
      "args": [
        "/path/to/SharkMCP/dist/index.js"
      ],
      "env": {
        "SSLKEYLOGFILE": "/path/to/sslkeylog.log"
      }
    }
  }
}

SharkMCP provides local network packet capture and analysis capabilities by integrating with tshark, enabling you to start a capture, perform actions, and analyze the results. It helps you debug network traffic, verify requests, and inspect packet data in a focused, repeatable way.

How to use

You interact with SharkMCP through an MCP client to manage capture sessions and analysis tasks. Start a capture session to record traffic, perform the actions you want to inspect, then stop the capture to analyze the results. You can filter what you capture, choose how you display results, and save configurations for reuse.

How to install

Prerequisites: you need a working Node.js environment and a local tshark installation.

Step 1: Install system dependencies for tshark/tshark access.

Step 2: Install Node.js (v18+).

Step 3: Install the project dependencies using your package manager.

Step 4: Build the SharkMCP project.

Step 5: Run the server with the runtime command.

Configuration

You can configure SharkMCP with a local client that runs the MCP server process. The example below shows how to define the local server in your MCP client configuration.

{
  "mcpServers": {
    "sharkmcp": {
      "command": "node",
      "args": ["/path/to/SharkMCP/dist/index.js"]
    }
  }
}

Security considerations

Packet capture requires appropriate system privileges and should be restricted to trusted environments. Be mindful of storing temporary capture files and the sensitivity of decrypted traffic.

Troubleshooting

Common issues include ensuring tshark is installed and accessible, verifying the capture interface and filters, and confirming you have sufficient permissions to access the network interfaces.

Development notes

The project is structured to separate the MCP protocol layer, tshark integration, and host system interactions. You can run development workflows to test capture sessions, analyze results, and verify configuration persistence.

Available tools

start_capture_session

Initiates a background packet capture with configurable interface, capture filters, and timeout.

stop_capture_session

Stops the active capture and analyzes the captured data, producing output in the selected format.

analyze_pcap_file

Analyzes an existing PCAP file and returns structured results according to the chosen output format.

manage_config

Saves, loads, and reuses capture/analysis configurations for quick repeatability.