Network Monitor MCP Server
A server for real-time network packet monitoring and security analysis.
Network Monitor MCP Server
A Model Context Protocol (MCP) server for real-time network packet monitoring and security analysis. This tool enables Claude to inspect network traffic and identify potential security threats.
Features
- Real-time packet capture from WiFi interfaces
- Protocol analysis (TCP, UDP, DNS, HTTP/HTTPS)
- Security threat detection:
- Port scanning detection
- Malicious DNS queries
- Data exfiltration patterns
- Anomaly detection
- MCP tools for Claude integration:
capture_start- Start packet capturecapture_stop- Stop captureget_packets- Retrieve and filter packetsanalyze_traffic- Traffic statisticsget_suspicious- Security threat analysis
Prerequisites
- Go 1.21 or higher
- libpcap development files
- Root/sudo access for packet capture
Installing libpcap
macOS:
brew install libpcap
Linux:
# Ubuntu/Debian
sudo apt-get install libpcap-dev
# RHEL/CentOS
sudo yum install libpcap-devel
Installation
- Clone the repository:
git clone https://github.com/skapa-xyz/network-monitor-mcp.git
cd network-monitor-mcp
- Install dependencies:
go mod download
- Build the server:
go build -o network-monitor-mcp
Usage
Running the MCP Server
The server requires root privileges for packet capture:
sudo ./network-monitor-mcp
Configuring Claude Desktop
⚠️ IMPORTANT SECURITY WARNING:
Claude Desktop cannot directly execute commands with sudo. To use this MCP server with Claude Desktop, you have two options:
Option 1: Sudoers Configuration (NOT RECOMMENDED for production)
You can configure sudo to allow the network-monitor-mcp binary to run without a password prompt. This has SIGNIFICANT SECURITY IMPLICATIONS and should only be done in isolated development environments where security is not a concern.
-
Edit the sudoers file:
sudo visudo -
Add the following line (replace username and path):
username ALL=(ALL) NOPASSWD: /path/to/network-monitor-mcp -
Update Claude Desktop configuration (
~/Library/Application Support/Claude/claude_desktop_config.jsonon macOS):{ "mcpServers": { "network-monitor": { "command": "/path/to/network-monitor-mcp" } } }
⚠️ SECURITY RISKS:
- This grants passwordless root access to the binary
- If the binary is compromised, an attacker gains root access
- Network packet capture can expose sensitive data
- Only use this in isolated development/testing environments
- Never use this configuration on production systems or machines with sensitive data
Option 2: Run Claude Desktop with elevated privileges (ALSO NOT RECOMMENDED)
You could run Claude Desktop itself with sudo, but this gives the entire application root access, which poses even greater security risks.
Recommended Approach
For production use, consider:
- Running the MCP server as a system service with proper permissions
- Using a dedicated monitoring system with appropriate access controls
- Implementing proper authentication and authorization mechanisms
Example Claude Commands
-
Start monitoring your WiFi interface:
Use the capture_start tool to monitor interface "en0" with a filter for TCP traffic -
Check for suspicious activity:
Use get_suspicious to show any detected security threats -
Analyze traffic patterns:
Use analyze_traffic to show network statistics and connection patterns -
Filter specific packets:
Use get_packets to show all DNS queries or traffic to port 443
Security Considerations
- This tool requires root access to capture packets
- Only use on networks you own or have permission to monitor
- Captured data may contain sensitive information
- The tool is designed for legitimate security monitoring in enterprise environments
Architecture
network-monitor-mcp/
├── main.go # Entry point
├── mcp/ # MCP protocol implementation
│ ├── server.go # MCP server core
│ └── handlers.go # Tool handlers
├── capture/ # Packet capture functionality
│ ├── sniffer.go # Packet capture engine
│ └── analyzer.go # Traffic analysis
└── security/ # Security detection
└── detector.go # Threat detection algorithms
Troubleshooting
-
Permission denied errors:
- Ensure you're running with sudo
- Check libpcap installation
-
Interface not found:
- List available interfaces:
ifconfigorip link - Common WiFi interfaces:
en0(macOS),wlan0(Linux)
- List available interfaces:
-
No packets captured:
- Verify the interface is active
- Check your BPF filter syntax
- Ensure there's network traffic to capture
Development
To contribute or modify:
- Follow Go best practices
- Add tests for new features
- Update documentation
- Test with Claude Desktop before submitting
License
This project is for authorized security monitoring only. Use responsibly and in compliance with all applicable laws and regulations.
Related Servers
RefactorMCP
Automated refactoring tools for C# code transformation using Roslyn.
ComfyUI MCP Server
Integrates ComfyUI with MCP, allowing the use of custom workflows. Requires a running ComfyUI server.
WordPress MCP
A Python MCP server for interacting with a local WordPress instance.
AI Agent Playwright
An AI agent for the Playwright MCP server, enabling automated web testing and interaction.
Terraform MCP Server
Integrates with Terraform Registry APIs for Infrastructure as Code development, supporting provider and module discovery.
Remote MCP Server (Authless)
An example of a remote MCP server deployable on Cloudflare Workers without authentication.
Homebrew MCP
Interact with Homebrew (the package manager for macOS and Linux) using natural language commands.
Root Signals
Equip AI agents with evaluation and self-improvement capabilities with Root Signals.
Awesome LLMs Txt
Access documentation from the Awesome-llms-txt repository directly in your conversations.
Ghost MCP
An MCP server for the Ghost blogging platform with Server-Sent Events (SSE) transport support.