This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

How do I run TShark on Windows?

0

how do i do tshark on windows 7?

asked 11 Apr '12, 23:51

misteryuku's gravatar image

misteryuku
20242630
accept rate: 0%

converted 12 Apr '12, 10:19

Guy%20Harris's gravatar image

Guy Harris ♦♦
17.4k335196


2 Answers:

1

Two other methods, both require you to open a command prompt:

  1. Provide the path to tshark as part of the command, e.g. "C:\Program Files\Wireshark\tshark.exe" your options here.
  2. Change directory to the Wireshark directory and run tshark from there, e.g cd C:\Program Files\Wireshark then invoke tshark as tshark your options here

Note that for all of these methods the path might be different if you are running 64 bit windows and have installed the 32 bit version of Wireshark. In this case the path will be C:\Program Files (x86)\Wireshark and the path may also be different if you have installed Wireshark to a different drive or directory.

NOTE: the double backslashes shown in the commands above are an artefact of Ask Wireshark formatting and aren't required in practice, use a single backslash.

NOTE 2: the double quotes around the paths are required because of the space in Program Files.

answered 12 Apr '12, 11:55

grahamb's gravatar image

grahamb ♦
19.8k330206
accept rate: 22%

edited 06 Jan '17, 06:16

What is the full windows 7 command syntax for providing the path to tshark?

(16 Apr '12, 02:45) misteryuku

I think it is path C:\\Program Files\\Wireshark\\tshark.exe

(16 Apr '12, 02:53) misteryuku

It depends as I mentioned in my answer whether your OS is 64 bit and if so, if you have installed the 32 bit or 64 bit version of Wireshark.

Can I also ask you to "accept" any of the answers to your many questions that do solve your issues so others can see what answers are useful. You accept an answer by clicking the checkmark icon.

(16 Apr '12, 11:43) grahamb ♦

0

Make sure that the directory in which Wireshark is installed - by default, it'd be C:\\Program Files\\Wireshark, or whatever "Program Files" is translated to in your version of Windows - is in your command search path.

As indicated by this article, if you open a Properties window for My Computer, and select the Advanced tab, there's an "Environment Variables" button. If you click that button, it pops up a window that lets you edit your environment variables; there will probably be one called "Path" in your user variables (as opposed to the "System variables"). Change Path so that the directory in which Wireshark is installed is one of the directories in it (Path is a semicolon-separated list of directories). The article is about Windows 7, but, for the benefit of others reading this question, the way you do it on Windows XP is exactly the same, so it's probably exactly the same on Windows Vista (and perhaps even on Windows 2000).

Once you've added that directory to your Path, then, if you open a "Command prompt" window, you can run TShark as the tshark command.

Wireshark's installer for Windows should probably add the installation directory for Wireshark to the user's Path.

answered 12 Apr '12, 10:28

Guy%20Harris's gravatar image

Guy Harris ♦♦
17.4k335196
accept rate: 19%

edited 12 Apr '12, 17:45

My PC is running windows 7

(12 Apr '12, 17:12) misteryuku

Yes, I know, that's why I said, in the original version of the answer, "The user interface for this might be different on Windows 7; I don't have a Windows 7 machine on which to test it."

At least according to this article, the way you do this on Windows 7 is the same as the way you do it on Windows XP. I'll update the answer.

(12 Apr '12, 17:42) Guy Harris ♦♦

@Guy Harris

I'm not all that keen on installers adding things willy nilly to my path, especially for what is essentially a gui program. Folks that want to play with the command line tools are generally well versed in what they need to do to access other executables.

(12 Apr '12, 23:53) grahamb ♦

TShark isn't a GUI program at all, and neither are most of the programs distributed as part of a Wireshark package; Wireshark itself is the only GUI program.

Having to type C:\\Program Files\\Wireshark\\{tshark,capinfos,dumpcap,editcap,mergecap,text2pcap} seems a bit excessive.

(13 Apr '12, 00:41) Guy Harris ♦♦

We have it tough on Windows. Tab completion helps, supplementing the path in the current session helps, or for Powershell adding an alias does the job.

My comment about it being essentially a GUI program was aimed at Wireshark. That's what most Windows folks will be running, from a shortcut on the desktop, quick launch or menu.

When installers fiddle with the path, the order in which items are found can cause problems. This can be seen with the occaisional issues on the dev list regarding compilation failures due to some errant executable being found in the path before the required one.

(13 Apr '12, 02:26) grahamb ♦

When you want to run thark from the command line in Windows 10 and your Wireshark directory is located in Program Files or Program File (x86), use " " to encapsulate your command: "c:\Program Files\Wireshark\"tshark will work. This is because of the annoying space between Program and Files. You can also edit your PATH variable, so that you can type thark without the path. In that case you have to open your system panel (right click mouse at the Windows icon in the left under corner) and choose system. Use advanced system settings and click Environment Variables. Select Path (system variables) and add "c:\Program Files\Wireshark\" to the end. I had to restart my Windows to take effect.

(06 Jan '17, 04:49) janjaarsma
showing 5 of 6 show 1 more comments