To start working with Wireshark, go to the Wireshark website and download the latest version of the tool.
An updated version of Wireshark can be found on the website http://www.wireshark.org/; choose Download. This brings you the Download Wireshark page. Download the latest Wireshark Version 2.X.X stable release that is available at https://www.wireshark.org/#download.
Each Wireshark Windows package comes with the latest stable release of WinPcap, which is required for live packet capture. The WinPcap driver is a Windows version of the UNIX libpcap library for traffic capture.
During the installation, you will get the package's installation window, presented in the following screenshot:
Usually in these setup windows, we simply check all and install. In this case, we have some interesting things:
- Wireshark: This is the Wireshark version 2 software.
- TSark: A command-line protocol analyzer.
- Wireshark 1: The good old Wireshark version 1. When you check this, the legacy Wireshark version 1 will be also installed. Personally, I prefer to install it for the next several versions, so if something doesn't work with Wireshark version 2 or you don't know how to work with it, you always have the good old version available.
- Plugins & Extensions:
- Dissector Plugins: Plugins with some extended dissections
- Tree Statistics Plugins: Extended statistics
- Mate: Meta-Analysis and Tracing Engine: User-configurable extension(s) of the display filter engine
- SNMP MIBs: For a more detailed SNMP dissection
- Tools:
- Editcap: Reads a capture file and writes some or all of the packets into another capture file
- Text2Pcap: Reads in an ASCII hex dump and writes the data into a pcap capture file
- Reordercap: Reords a capture file by timestamp
- Mergecap: Combines multiple saved capture files into a single output file
- Capinfos: Provides information on capture files
- Rawshark: Raw packet filter