Wireshark needs a capture engine to gather network traffic, and will query the system to see if one is present. Wireshark also offers a USB capture, which is optional. 

The following prompts deal with capturing traffic, along with what you should expect to see when Wireshark completes the installation:

• Packet Capture: At this point, Wireshark will check whether Npcap or WinPcap is installed. The user is presented with a screen that states Wireshark requires either Npcap or WinPcap to capture live network data, as shown here:

If you have Windows 7 or higher, then Npcap is most likely an appropriate choice. Wireshark presents links for the user to do the following:

• • Get Npcap if needed
  • Learn more about Npcap and WinPcap

• USB Capture: At times, it is necessary to capture USB traffic. This option checks to make sure you have the USBPcap currently installed and gives you an option to install it, which is shown as follows:

You may find the need to use a USB capture, for example, for troubleshooting or monitoring transactions. If you choose not to install the USB capture, then you can install this at a later date.

• Completing Wireshark Setup: Once you have made all of your selections, Wireshark will present a notification that the process has completed. The screen will show the output of the files extracted during the installation. At this time, you can choose to Run Wireshark. In addition, you can also select Show News, which will bring up the latest Wireshark news and information. 

Because of the variety of options available, it may seem overwhelming. There is help. The next section provides an overview of many of the resources found at the Wireshark home page.