To start working with Wireshark, go to the Wireshark website and download the latest version of the tool.

An updated version of Wireshark can be found on the website http://www.wireshark.org/; choose Download. This brings you the Download Wireshark page. Download the latest Wireshark Version 2.X.X stable release that is available at https://www.wireshark.org/#download.

Each Wireshark Windows package comes with the latest stable release of WinPcap, which is required for live packet capture. The WinPcap driver is a Windows version of the UNIX libpcap library for traffic capture.

During the installation, you will get the package's installation window, presented in the following screenshot:

Usually in these setup windows, we simply check all and install. In this case, we have some interesting things:

• Wireshark: This is the Wireshark version 2 software.
• TSark: A command-line protocol analyzer.
• Wireshark 1: The good old Wireshark version 1. When you check this, the legacy Wireshark version 1 will be also installed. Personally, I prefer to install it for the next several versions, so if something doesn't work with Wireshark version 2 or you don't know how to work with it, you always have the good old version available.
• Plugins & Extensions:
  • Dissector Plugins: Plugins with some extended dissections
  • Tree Statistics Plugins: Extended statistics
  •  Mate: Meta-Analysis and Tracing Engine: User-configurable extension(s) of the display filter engine
  • SNMP MIBs: For a more detailed SNMP dissection
• Tools:
  • Editcap: Reads a capture file and writes some or all of the packets into another capture file
  • Text2Pcap: Reads in an ASCII hex dump and writes the data into a pcap capture file
  • Reordercap: Reords a capture file by timestamp
  • Mergecap: Combines multiple saved capture files into a single output file
  • Capinfos: Provides information on capture files
  • Rawshark: Raw packet filter