Follow Techotopia on Twitter

On-line Guides
All Guides
eBook Store
iOS / Android
Linux for Beginners
Office Productivity
Linux Installation
Linux Security
Linux Utilities
Linux Virtualization
Linux Kernel
System/Network Admin
Programming
Scripting Languages
Development Tools
Web Development
GUI Toolkits/Desktop
Databases
Mail Systems
openSolaris
Eclipse Documentation
Techotopia.com
Virtuatopia.com
Answertopia.com

How To Guides
Virtualization
General System Admin
Linux Security
Linux Filesystems
Web Servers
Graphics & Desktop
PC Hardware
Windows
Problem Solutions
Privacy Policy

  




 

 

2.8. Installing Wireshark under Windows
Prev Chapter 2. Building and Installing Wireshark Next

2.8. Installing Wireshark under Windows

In this section we explore installing Wireshark under Windows from the binary packages.

2.8.1. Install Wireshark

You may acquire a binary installer of Wireshark named something like: wireshark-setup-x.y.z.exe. The Wireshark installer includes WinPcap, so you don't need to download and install two separate packages.

Simply download the Wireshark installer from: https://www.wireshark.org/download.html and execute it. Beside the usual installer options like where to install the program, there are several optional components.

[Tip] Tip: Just keep the defaults!

If you are unsure which settings to select, just keep the defaults.

2.8.1.1. "Choose Components" page

Wireshark

  • Wireshark GTK - Wireshark is a GUI network protocol analyzer.

  • GTK MS Windows Engine - GTK MS Windows Engine (native Win32 look and feel, recommended).

TShark - TShark is a command-line based network protocol analyzer.

Plugins / Extensions (for the Wireshark and TShark dissection engines):

  • Dissector Plugins - Plugins with some extended dissections.

  • Tree Statistics Plugins - Plugins with some extended statistics.

  • Mate - Meta Analysis and Tracing Engine (experimental) - user configurable extension(s) of the display filter engine, see https://wiki.wireshark.org/Mate for details.

  • SNMP MIBs - SNMP MIBs for a more detailed SNMP dissection.

Tools (additional command line tools to work with capture files):

  • Editcap - Editcap is a program that reads a capture file and writes some or all of the packets into another capture file.

  • Text2Pcap - Text2pcap is a program that reads in an ASCII hex dump and writes the data into a libpcap-style capture file.

  • Mergecap - Mergecap is a program that combines multiple saved capture files into a single output file.

  • Capinfos - Capinfos is a program that provides information on capture files.

User's Guide - Local installation of the User's Guide. The Help buttons on most dialogs will require an internet connection to show help pages if the User's Guide is not installed locally.

2.8.1.2. "Additional Tasks" page

  • Start Menu Shortcuts - add some start menu shortcuts.

  • Desktop Icon - add a Wireshark icon to the desktop.

  • Quick Launch Icon - add a Wireshark icon to the Explorer quick launch toolbar.

  • Associate file extensions to Wireshark - Associate standard network trace files to Wireshark.

2.8.1.3. "Install WinPcap?" page

The Wireshark installer contains the latest released WinPcap installer.

If you don't have WinPcap installed, you won't be able to capture live network traffic, but you will still be able to open saved capture files.

  • Currently installed WinPcap version - the Wireshark installer detects the currently installed WinPcap version.

  • Install WinPcap x.x - if the currently installed version is older than the one which comes with the Wireshark installer (or WinPcap is not installed at all), this will be selected by default.

  • Start WinPcap service "NPF" at startup - so users without administrative privileges can capture.

More WinPcap info:

2.8.1.4. Command line options

You can simply start the Wireshark installer without any command line parameters, it will show you the usual interactive installer.

For special cases, there are some command line parameters available:

  • /NCRC disables the CRC check

  • /S runs the installer or uninstaller silently with default values. Please note: The silent installer won't install WinPCap!

  • /desktopicon installation of the desktop icon, =yes - force installation, =no - don't install, otherwise use defaults / user settings. This option can be useful for a silent installer.

  • /quicklaunchicon installation of the quick launch icon, =yes - force installation, =no - don't install, otherwise use defaults / user settings.

  • /D sets the default installation directory ($INSTDIR), overriding InstallDir and InstallDirRegKey. It must be the last parameter used in the command line and must not contain any quotes, even if the path contains spaces.

Example: 

wireshark-setup-1.2.0.exe /NCRC /S /desktopicon=yes 
  /quicklaunchicon=no /D=C:\Program Files\Foo

2.8.2. Manual WinPcap Installation

[Note] Note!

As mentioned above, the Wireshark installer takes care of the installation of WinPcap, so usually you don't have to worry about WinPcap at all!

The following is only necessary if you want to try a different version than the one included in the Wireshark installer, e.g. because a new WinPcap (beta) version was released.

Additional WinPcap versions (including newer alpha or beta releases) can be downloaded from the following locations:

At the download page you will find a single installer exe called something like "auto-installer", which can be installed under various Windows systems, including NT4.0/2000/XP/Vista.

2.8.3. Update Wireshark

From time to time you may want to update your installed Wireshark to a more recent version. If you join Wireshark's announce mailing list, you will be informed about new Wireshark versions, see Section 1.6.4, “Mailing Lists” for details how to subscribe to this list.

New versions of Wireshark usually become available every 4 to 8 months. Updating Wireshark is done the same way as installing it, you simply download and start the installer exe. A reboot is usually not required and all your personal settings remain unchanged.

2.8.4. Update WinPcap

New versions of WinPcap are less frequently available, maybe only once in a year. You will find WinPcap update instructions where you can download new WinPcap versions. Usually you have to reboot the machine after installing a new WinPcap version.

[Warning] Warning!

If you have an older version of WinPcap installed, you must uninstall it before installing the current version. Recent versions of the WinPcap installer will take care of this.

2.8.5. Uninstall Wireshark

You can uninstall Wireshark the usual way, using the "Add or Remove Programs" option inside the Control Panel. Select the "Wireshark" entry to start the uninstallation procedure.

The Wireshark uninstaller will provide several options as to which things are to be uninstalled; the default is to remove the core components but keep the personal settings, WinPcap and alike.

WinPcap won't be uninstalled by default, as other programs than Wireshark may use it as well.

2.8.6. Uninstall WinPcap

You can uninstall WinPcap independently of Wireshark, using the "WinPcap" entry in the "Add or Remove Programs" of the Control Panel.

[Note] Note!

After uninstallation of WinPcap you can't capture anything with Wireshark.

It might be a good idea to reboot Windows afterwards.

Prev Up Next
2.7. Building from source under Windows Home Chapter 3. User Interface

 
 
  Published under the terms fo the GNU General Public License Design by Interspire