{"slug": "show-hn-mcpsnoop-wireshark-for-mcp-transparent-proxy-and-live-tui", "title": "Show HN: Mcpsnoop – Wireshark for MCP (transparent proxy and live TUI)", "summary": "Developer Kerlenton released mcpsnoop, an open-source transparent proxy and terminal UI that captures live MCP (Model Context Protocol) traffic between AI clients and servers, enabling debugging of real tool calls. The tool addresses limitations of the official MCP Inspector by sitting in the actual data path, offering features like replay, capability inspection, and hung-call detection. It is available via Go install, Homebrew, or prebuilt binaries.", "body_md": "**Wireshark for MCP.** A transparent proxy that shows every real tool call\nbetween your AI client and your MCP servers, live in your terminal.\n\nThe official [MCP Inspector](https://github.com/modelcontextprotocol/inspector)\nconnects as its own client. It never sees the traffic between *your* client\n(Claude Desktop, Cursor, Claude Code) and your server. A breakpoint in your own\nserver only fires once a request arrives. It can't show you the call the real\nclient never made, or made with arguments you didn't expect. So when a tool\nsilently isn't called, capabilities don't line up, or a call just hangs, you're\nback to `tail`\n\n-ing a log in `/tmp`\n\nand guessing.\n\nmcpsnoop sits in the real data path instead, so you can debug the actual MCP traffic between your client and server. Wrap your server command with it and watch every JSON-RPC frame in a live terminal UI as your real client and server talk.\n\nWant to see it first, with nothing to set up? Run `mcpsnoop demo`\n\nfor a scripted\nsession that plays into the live UI.\n\nTo use it for real, wrap your server in your client's MCP config:\n\n```\n{ \"mcpServers\": {\n    \"my-server\": { \"command\": \"mcpsnoop\", \"args\": [\"--\", \"node\", \"build/index.js\"] }\n}}\n```\n\nEverything after `--`\n\nis the command that normally launches your server (here, a\nTypeScript build run with `node`\n\n). Swap in whatever you already use, like\n`python server.py`\n\n, `npx -y @scope/server`\n\n, or a compiled binary.\n\nUse your client as usual, then open the UI:\n\n```\nmcpsnoop\n```\n\nNo flags, no socket paths, no startup order to remember. The shim and the UI find each other on their own, and the UI backfills past sessions from disk, so it doesn't matter whether you open it before or after your client.\n\nFor a streamable-HTTP server, run mcpsnoop as a reverse proxy and point your client at it:\n\n```\nmcpsnoop http --target http://localhost:3000/mcp --listen :7000\n```\n\nNo server of your own to test against? [docs/DEMO.md](/kerlenton/mcpsnoop/blob/main/docs/DEMO.md) walks through\npointing Claude at a published test server through mcpsnoop.\n\n**Live JSON-RPC stream.** Requests, responses, notifications and server stderr, colour-coded, with errors and slow calls flagged, including tool-level`result.isError`\n\n, not just JSON-RPC errors.**Replay.** Re-run any captured tool call against a fresh, isolated copy of the server. The fastest loop for iterating on a tool.**Capability inspector**(`c`\n\n). See exactly what the client and server agreed on at the handshake.**Frame inspector**(`enter`\n\n). Full, pretty-printed JSON with in-frame search.**Hung-call detection.** In-flight requests show`PENDING`\n\nwith a live timer, so a stuck tool is obvious at a glance.**A real filter query.** Narrow the stream with`tool:`\n\n,`status:`\n\n,`dir:`\n\n,`kind:`\n\n,`id:`\n\nor plain text.\n\n| MCP Inspector | mcp-trace | mcpsnoop | |\n|---|---|---|---|\n| Sees your real client↔server traffic | no | yes | yes |\n| Interactive terminal UI | no | yes | yes |\n| Zero-config, no flags or ordering | no | no | yes |\n| Capability inspector | partial | no | yes |\n| Replay a captured call | no | no | yes |\n| Single binary, no runtime deps | no | varies | yes |\n\n```\ngo install github.com/kerlenton/mcpsnoop/cmd/mcpsnoop@latest\n```\n\nOr with [Homebrew](https://brew.sh):\n\n```\nbrew tap kerlenton/mcpsnoop\nbrew install mcpsnoop\n```\n\nRecent Homebrew gates third-party taps; if it refuses, trust the tap once with\n`brew trust kerlenton/mcpsnoop`\n\nand re-run the install.\n\nA tap-free `brew install mcpsnoop`\n\n(no tap, no trust) needs Homebrew core, which\nonly accepts projects past a notability bar (stars, forks, watchers). If you'd\nfind that handy, a star on the repo helps it qualify.\n\nOr grab a prebuilt binary for your platform from the\n[Releases](https://github.com/kerlenton/mcpsnoop/releases) page.\n\nThe official Inspector connects as a *second* client, off to the side. mcpsnoop\nsits in the actual pipe, so it sees exactly what your real client and server say\nto each other, whatever the server is written in.\n\nIt's two roles in one binary: `mcpsnoop -- <server>`\n\nis the transparent shim your\nclient spawns (forwarding bytes verbatim while shipping a copy of each frame),\nand `mcpsnoop`\n\nwith no arguments is the hub and TUI. They pair through a\nwell-known socket and on-disk logs, so neither has to start first.\n\n`enter`\n\ndrill in · `esc`\n\nback · `r`\n\nreplay · `c`\n\ncapabilities · `y`\n\ncopy ·\n`/`\n\nfilter · `:`\n\ncommand · `p`\n\npause · `f`\n\nfollow · `ctrl-d`\n\ndelete. Move with\n`j`\n\n/`k`\n\n, page with `ctrl-f`\n\n/`ctrl-b`\n\n, `g`\n\n/`G`\n\nfor top and bottom, `shift`\n\n+column\nto sort. Press `?`\n\nin the app for the full list.\n\nIn a session, press `/`\n\nand combine space-separated tokens (ANDed): plain text\nmatches the method, tool, id and payload, while `tool:`\n\n`method:`\n\n`id:`\n\n`kind:`\n\n`dir:`\n\n`status:`\n\nfilter by field. So `tool:search status:slow`\n\nshows slow calls\nto a search tool, and `dir:s2c kind:req`\n\nsurfaces server-initiated requests\n(sampling, roots). The `?`\n\nhelp lists each token and the values it accepts.\n\nmcpsnoop runs the server command you wrap, so only wrap servers you trust and run untrusted ones in a container. It never executes anything you didn't put in your client config.\n\nIssues and pull requests are welcome. See [CONTRIBUTING.md](/kerlenton/mcpsnoop/blob/main/CONTRIBUTING.md) for\nthe dev setup and the `make check`\n\ngate. mcpsnoop is pre-1.0 and follows\n[SemVer](https://semver.org): while on `0.x`\n\n, minor releases may change\nuser-facing behaviour, and patch releases are bug fixes.", "url": "https://wpnews.pro/news/show-hn-mcpsnoop-wireshark-for-mcp-transparent-proxy-and-live-tui", "canonical_source": "https://github.com/kerlenton/mcpsnoop", "published_at": "2026-07-03 16:53:50+00:00", "updated_at": "2026-07-03 21:34:16.065681+00:00", "lang": "en", "topics": ["developer-tools", "ai-tools", "ai-infrastructure"], "entities": ["Kerlenton", "mcpsnoop", "MCP Inspector", "Claude Desktop", "Cursor", "Claude Code", "Homebrew", "GitHub"], "alternates": {"html": "https://wpnews.pro/news/show-hn-mcpsnoop-wireshark-for-mcp-transparent-proxy-and-live-tui", "markdown": "https://wpnews.pro/news/show-hn-mcpsnoop-wireshark-for-mcp-transparent-proxy-and-live-tui.md", "text": "https://wpnews.pro/news/show-hn-mcpsnoop-wireshark-for-mcp-transparent-proxy-and-live-tui.txt", "jsonld": "https://wpnews.pro/news/show-hn-mcpsnoop-wireshark-for-mcp-transparent-proxy-and-live-tui.jsonld"}}