Show HN: SharkMCP, a Tshark MCP Server
github.comI created a tshark MCP server! This is useful for an agent to debug packet issues.
Async: your agent can run a curl command and get the packets for it Flexible: You choose the capture and display filters Configs: Reusable configs to not go through the hassle of creating filters again or trusting the LLM to know what you need
Let me know what you think!
Great idea! This fills a real gap in network debugging workflows.
I can see this being particularly valuable for: - Debugging weird SSL/TLS handshake issues - Analyzing API response timing problems - Understanding network-level failures that don't show up in application logs
The reusable configs feature is especially clever - manually crafting tshark filters every time is such a pain. How complex can these configs get? Can you chain multiple filters together?
Absolutely!
It's really a tshark wrapper to make it available for LLMs so any capture filter will work. The display filter also accepts any Wireshark accepted filter.
You can also "just" use it to analyse a pcap if you don't need to record traffic as well as pass an SSLKEYLOG file for the decryption.