Network Monitor MCP Server
A server for real-time network packet monitoring and security analysis.
Network Monitor MCP Server
A Model Context Protocol (MCP) server for real-time network packet monitoring and security analysis. This tool enables Claude to inspect network traffic and identify potential security threats.
Features
- Real-time packet capture from WiFi interfaces
- Protocol analysis (TCP, UDP, DNS, HTTP/HTTPS)
- Security threat detection:
- Port scanning detection
- Malicious DNS queries
- Data exfiltration patterns
- Anomaly detection
- MCP tools for Claude integration:
capture_start- Start packet capturecapture_stop- Stop captureget_packets- Retrieve and filter packetsanalyze_traffic- Traffic statisticsget_suspicious- Security threat analysis
Prerequisites
- Go 1.21 or higher
- libpcap development files
- Root/sudo access for packet capture
Installing libpcap
macOS:
brew install libpcap
Linux:
# Ubuntu/Debian
sudo apt-get install libpcap-dev
# RHEL/CentOS
sudo yum install libpcap-devel
Installation
- Clone the repository:
git clone https://github.com/skapa-xyz/network-monitor-mcp.git
cd network-monitor-mcp
- Install dependencies:
go mod download
- Build the server:
go build -o network-monitor-mcp
Usage
Running the MCP Server
The server requires root privileges for packet capture:
sudo ./network-monitor-mcp
Configuring Claude Desktop
⚠️ IMPORTANT SECURITY WARNING:
Claude Desktop cannot directly execute commands with sudo. To use this MCP server with Claude Desktop, you have two options:
Option 1: Sudoers Configuration (NOT RECOMMENDED for production)
You can configure sudo to allow the network-monitor-mcp binary to run without a password prompt. This has SIGNIFICANT SECURITY IMPLICATIONS and should only be done in isolated development environments where security is not a concern.
-
Edit the sudoers file:
sudo visudo -
Add the following line (replace username and path):
username ALL=(ALL) NOPASSWD: /path/to/network-monitor-mcp -
Update Claude Desktop configuration (
~/Library/Application Support/Claude/claude_desktop_config.jsonon macOS):{ "mcpServers": { "network-monitor": { "command": "/path/to/network-monitor-mcp" } } }
⚠️ SECURITY RISKS:
- This grants passwordless root access to the binary
- If the binary is compromised, an attacker gains root access
- Network packet capture can expose sensitive data
- Only use this in isolated development/testing environments
- Never use this configuration on production systems or machines with sensitive data
Option 2: Run Claude Desktop with elevated privileges (ALSO NOT RECOMMENDED)
You could run Claude Desktop itself with sudo, but this gives the entire application root access, which poses even greater security risks.
Recommended Approach
For production use, consider:
- Running the MCP server as a system service with proper permissions
- Using a dedicated monitoring system with appropriate access controls
- Implementing proper authentication and authorization mechanisms
Example Claude Commands
-
Start monitoring your WiFi interface:
Use the capture_start tool to monitor interface "en0" with a filter for TCP traffic -
Check for suspicious activity:
Use get_suspicious to show any detected security threats -
Analyze traffic patterns:
Use analyze_traffic to show network statistics and connection patterns -
Filter specific packets:
Use get_packets to show all DNS queries or traffic to port 443
Security Considerations
- This tool requires root access to capture packets
- Only use on networks you own or have permission to monitor
- Captured data may contain sensitive information
- The tool is designed for legitimate security monitoring in enterprise environments
Architecture
network-monitor-mcp/
├── main.go # Entry point
├── mcp/ # MCP protocol implementation
│ ├── server.go # MCP server core
│ └── handlers.go # Tool handlers
├── capture/ # Packet capture functionality
│ ├── sniffer.go # Packet capture engine
│ └── analyzer.go # Traffic analysis
└── security/ # Security detection
└── detector.go # Threat detection algorithms
Troubleshooting
-
Permission denied errors:
- Ensure you're running with sudo
- Check libpcap installation
-
Interface not found:
- List available interfaces:
ifconfigorip link - Common WiFi interfaces:
en0(macOS),wlan0(Linux)
- List available interfaces:
-
No packets captured:
- Verify the interface is active
- Check your BPF filter syntax
- Ensure there's network traffic to capture
Development
To contribute or modify:
- Follow Go best practices
- Add tests for new features
- Update documentation
- Test with Claude Desktop before submitting
License
This project is for authorized security monitoring only. Use responsibly and in compliance with all applicable laws and regulations.
관련 서버
Scout Monitoring MCP
스폰서Put performance and error data directly in the hands of your AI assistant.
Alpha Vantage MCP Server
스폰서Access financial market data: realtime & historical stock, ETF, options, forex, crypto, commodities, fundamentals, technical indicators, & more
Feishu MCP Server
An MCP server with built-in Feishu OAuth authentication, deployable on Cloudflare Workers.
Advent of Code MCP Server
Interact with the Advent of Code website. Requires a session cookie for authentication.
Smart AI Bridge
Intelligent Al routing and integration platform for seamless provider switching
Lokalise MCP Tool
Add translation keys to Lokalise projects. Requires a Lokalise API key.
Hashkey MCP Server
Provides onchain tools for AI applications to interact with the Hashkey Network.
Cycode
Boost security in your dev lifecycle via SAST, SCA, Secrets & IaC scanning with Cycode.
PureScript MCP Server
An MCP server offering PureScript development tools for AI assistants. Requires Node.js and the PureScript compiler for full functionality.
Webhook Tester MCP Server
Interact with webhook-test.com to automate and manage webhook tokens, inspect incoming requests, and perform analytics.
mcp-openapi
Turn any OpenAPI/Swagger spec into Claude tools. Zero config, zero code.
LangSmith MCP Server
An MCP server for fetching conversation history and prompts from the LangSmith observability platform.