The official Windows packages can be downloaded from the Wireshark main page or the download page. Installer names contain the version and platform. For example, Wireshark-4.1.0-x64.exe installs Wireshark 4.1.0 for Windows on 64-bit Intel processors. The Wireshark installer includes Npcap which is required for packet capture. Windows packages automatically update. See Section 2.8, “Updating Wireshark” for details.
Simply download the Wireshark installer from https://www.wireshark.org/download.html and execute it. Official packages are signed by Wireshark Foundation. You can choose to install several optional components and select the location of the installed package. The default settings are recommended for most users.
On the Choose Components page of the installer you can select from the following:
Plugins & Extensions - Extras for the Wireshark and TShark dissection engines
Tools - Additional command line tools to work with capture files and troubleshoot
External Capture (extcap) - External Capture Interfaces
By default Wireshark installs into
%ProgramFiles%\Wireshark on 32-bit Windows
%ProgramFiles64%\Wireshark on 64-bit Windows. This expands to
Files\Wireshark on most systems.
The Wireshark installer contains the latest Npcap installer.
If you don’t have Npcap installed you won’t be able to capture live network traffic but you will still be able to open saved capture files. By default the latest version of Npcap will be installed. If you don’t wish to do this or if you wish to reinstall Npcap you can check the Install Npcap box as needed.
For more information about Npcap see https://npcap.com/ and https://gitlab.com/wireshark/wireshark/-/wikis/Npcap.
For special cases, there are some command line parameters available:
/Sruns the installer or uninstaller silently with default values. The silent installer will not install Npcap.
/desktopiconinstallation of the desktop icon,
=yes- force installation,
=no- don’t install, otherwise use default settings. This option can be useful for a silent installer.
/quicklaunchiconinstallation of the quick launch icon,
=yes- force installation,
=no- don’t install, otherwise use default settings.
/Dsets the default installation directory ($INSTDIR), overriding InstallDir and InstallDirRegKey. It must be the last parameter used in the command line and must not contain any quotes even if the path contains spaces.
/NCRCdisables the CRC check. We recommend against using this flag.
/EXTRACOMPONENTS comma separated list of optional components to install.
The following extcap binaries are supported.
androiddump- Provide interfaces to capture from Android devices
ciscodump- Provide interfaces to capture from a remote Cisco router through SSH
randpktdump- Provide an interface to generate random captures using randpkt
sshdump- Provide interfaces to capture from a remote host through SSH using a remote capture binary
udpdump- Provide a UDP receiver that gets packets from network devices
> Wireshark-4.2.5-x64.exe /NCRC /S /desktopicon=yes /quicklaunchicon=no /D=C:\Program Files\Foo > Wireshark-4.2.5-x64.exe /S /EXTRACOMPONENTS=sshdump,udpdump
Running the installer without any parameters shows the normal interactive installer.
As mentioned above, the Wireshark installer also installs Npcap. If you prefer to install Npcap manually or want to use a different version than the one included in the Wireshark installer, you can download Npcap from the main Npcap site at https://npcap.com/.
Wireshark updates may also include a new version of Npcap. Manual Npcap updates instructions can be found on the Npcap web site at https://npcap.com/. You may have to reboot your machine after installing a new Npcap version.
You can uninstall Wireshark using the Programs and Features control panel. Select the “Wireshark” entry to start the uninstallation procedure.
The Wireshark uninstaller provides several options for removal. The default is to remove the core components but keep your personal settings and Npcap. Npcap is kept in case other programs need it.