In this section we explore installing Wireshark under Windows from the binary packages.
You may acquire a binary installer of Wireshark named something like:
wireshark-setup-x.y.z.exe.
Simply download the Wireshark installer from: http://www.wireshark.org/download.html#releases and execute it.
![[Note]](/file/23504/CHIP CD (4 - 2007).iso/admin/secure/wireshark-setup-0.99.5.exe/user-guide.chm/wsug_chm/wsug_graphics/note.png) | Note! |
|---|---|
The WinPcap installer has become part of the main Wireshark installer, so you don't need to download and install two separate packages |
You can simply start the Wireshark installer without any command line parameters, it will show you the usual interactive installer.
There are some command line parameters available:
/NCRC disables the CRC check
/S runs the installer or uninstaller silently with default values. Please note: The silent installer won't install WinPCap!
/desktopicon installation of the desktop icon, =yes - force installation, =no - don't install, otherwise use defaults / user settings. This option can be useful for a silent installer.
/quicklaunchicon installation of the quick launch icon, =yes - force installation, =no - don't install, otherwise use defaults / user settings.
/D sets the default installation directory ($INSTDIR), overriding InstallDir and InstallDirRegKey. It must be the last parameter used in the command line and must not contain any quotes, even if the path contains spaces.
Example:
wireshark-setup-0.99.5.exe /NCRC /S /desktopicon=yes /quicklaunchicon=no /D=C:\Program Files\Foo
Beside the usual installer options like where to install the program, there are several optional components.
![[Tip]](/file/23504/CHIP CD (4 - 2007).iso/admin/secure/wireshark-setup-0.99.5.exe/user-guide.chm/wsug_chm/wsug_graphics/tip.png) | Tip! |
|---|---|
If you are unsure which settings to select, just keep the default settings. |
The Components (both Wireshark GTK1 and 2 cannot be installed at the same time):
Wireshark GTK1 - Wireshark is a GUI network protocol analyzer.
Wireshark GTK2 - Wireshark is a GUI network protocol analyzer (using the modern GTK2 GUI toolkit, recommended).
GTK-Wimp - GTKWimp is the GTK2 windows impersonator (native Win32 look and feel, recommended).
TShark - TShark is a command-line based network protocol analyzer.
The dissection extensions for Wireshark and TShark:
Dissector Plugins - Plugins with some extended dissections.
Tree Statistics Plugins - Plugins with some extended statistics.
Mate - Meta Analysis and Tracing Engine (experimental) - user configurable extension(s) of the display filter engine, see http://wiki.wireshark.org/Mate for details.
Lua Plugin (experimental) - a language for prototyping and scripting, see http://wiki.wireshark.org/Lua for details.
SNMP MIBs - SNMP MIBs for a more detailed SNMP dissection.
The Tools:
Editcap - Editcap is a program that reads a capture file and writes some or all of the packets into another capture file.
Text2Pcap - Text2pcap is a program that reads in an ASCII hex dump and writes the data into a libpcap-style capture file.
Mergecap - Mergecap is a program that combines multiple saved capture files into a single output file.
Capinfos - Capinfos is a program that provides information on capture files.
The Additional Tasks:
Start Menu Shortcuts - add some start menu shortcuts.
Desktop Icon - add an Wireshark icon to the desktop.
Quick Launch Icon - add an Wireshark icon to the Explorer quick launch toolbar.
Associate file extensions to Wireshark - Associate standard network trace files to Wireshark.
| Note! |
|---|---|
As mentioned above, the Wireshark installer takes care of the installation of WinPcap, so usually you don't have to worry about WinPcap at all! |
If you do not have WinPcap installed you will be able to open saved capture files, but you will not be able to capture live network traffic.
While running, the Wireshark installer detects which WinPcap version is currently installed and will install WinPcap, if none or an older version is detected.
More WinPcap info:
Wireshark related: http://wiki.wireshark.org/WinPcap
General WinPcap info: http://www.winpcap.org
The following is only necessary if you want to try a different version than the one included in the Wireshark installer, e.g. because a new WinPcap (beta) version was released.
Additional WinPcap versions (including newer alpha or beta releases) can be downloaded from the following locations:
The main WinPcap site: http://www.winpcap.org
The Wiretapped.net mirror: http://www.mirrors.wiretapped.net/security/packet-capture/winpcap
At the download page you will find a single installer exe called something like "auto-installer", which can be installed under various Windows systems, including 9x/Me/NT4.0/2000/XP.
From time to time you may want to update your installed Wireshark to a more recent version. If you join Wireshark's announce mailing list, you will be informed about new Wireshark versions, see Section 1.6.4, “Mailing Lists” for details how to subscribe to this list.
New versions of Wireshark usually become available every 4-8 weeks. Updating Wireshark is done the same way as installing it, you simply download and start the installer exe. A reboot is usually not required and all your personal settings remain unchanged.
New versions of WinPcap are less frequently available, maybe only once in a year. You will find WinPcap update instructions where you can download new WinPcap versions. Usually you have to reboot the machine after installing a new WinPcap version.
![[Warning]](/file/23504/CHIP CD (4 - 2007).iso/admin/secure/wireshark-setup-0.99.5.exe/user-guide.chm/wsug_chm/wsug_graphics/warning.png) | Warning! |
|---|---|
If you have an older version of WinPcap installed, you must un-install it before installing the current version. Recent versions of the WinPcap installer will take care of this. |
You can uninstall Wireshark the usual way, using the "Add or Remove Programs" option inside the Control Panel. Select the "Wireshark" entry to start the uninstallation procedure.
The Wireshark uninstaller will provide several options which things to be uninstalled, the default is to remove the core components but keep the personal settings, WinPcap and alike.
WinPcap won't be uninstalled by default, as other programs than Wireshark may use it as well.