How to Install Wireshark on Windows 10

Wireshark is a free tool that should be part of every networking professional’s arsenal. While it can be a rather intimidating and cumbersome tool, it allows for inspection of packets in their dissected form.

The beauty of that is packets never lie. When you’re experiencing networking issues or just need to know what’s going on in your network you can trust the data from Wireshark.

Wireshark is potentially one of the best packet analyzer tools available today.

Fortunately, downloading and installing Wireshark is super simple.

How to Download Wireshark for Windows 10 (or Windows Server 2019)

  1. Head over to and click on the appropriate installer for your operating system (Windows 10 64-bit in this example).
  2. Download link for Wireshark for Windows 10 64-bit on the wireshark website.
  3. Note that a Wireshark-win64-2.6.1.exe file (file name as of July 2018) will be saved to your default downloads location.

How to Install Wireshark for Windows 10 (or Windows Server 2019)

  1. Run the exe installer that was downloaded.
  2. Click Next on the Welcome to Wireshark screen.
    Welcome to wireshark 2.6.1 64-bit setup screen.
  3. Read the license agreement and click I Agree.
    Wireshark license agreement page.
  4. At the Choose Components screen leave the defaults checked and click Next. You can read more about the different components here.
    Wireshark installer screen showing list of components to install, including tshark, plugins & extensions, tools, & user's guide.
  5. At the Select Additional Tasks screen choose your preferred shortcuts and leave the radio button for “associate trace file extensions to Wireshark” selected. Click Next.
    Wireshark installer screen showing different shortcut options and file extension options.
  6. Choose the install location you prefer and click Next.
    Wireshark installer screen showing default location for installing the application.
  7. At the Packet Capture page make sure Install WinPcap 4.1.3 is selected. You need this to capture traffic with Wireshark. Without it you can still view Wireshark capture files. Click Next.
    Installer screen showing option to install winpcap 4.1.3.
  8. At the USB Capture page you can choose to Install USBPcap. Check the box next to Install USBPcap if you desire to capture raw usb traffic as well (such as from a USB to RJ45 Ethernet adapter). Click Install.
  9. Installer screen showing the option to install usbpcap (experimental).
  10. The software will begin installing.
    Wireshark install progress bar screen.
  11. Eventually the installer will pause at “Execute: “C:\Program Files\Wiresharek\WinPcap_4_1_3.exe” and lunch a new installer window for WinPcap. Click Next in this window.
    Welcome to the WinPcap 4.1.3 Setup Wizard installer screen.
  12. Read the license agreement and click I Agree.
    WinPcap License Agreement screen.
  13. Make sure the check box is checked next to “Automatically start the WinPcap driver at boot time” unless you have a good reason for disabling this and click Install.
    WinPcap installer screen showing option to automatically start the winpcap driver at boot time.
  14. The install will begin and eventually complete. Click Finish.
  15. Next the installer for USBPcap will launch. Read the USBPcap Driver license agreement, check the “I accept” box, and click Next.
    GNU General Public License Agreement page for USBPcap driver.
  16. Read the USBPcapCMD license, check the “I accept” box, and click Next.
    License agreement screen for the USBPcapCMD license.
  17. Leave the Installation Options set to Full and click Next.
    USBPcap Options screen showing USBPcap Driver, USBPcapCMD, and Detect USB 3.0 options.
  18. Choose your Installation Folder and click Install. The install will begin.
    USBPcap installer screen showing option for setting default install location.
  19. When the USBpcap install finishes click close and the Wireshark install will continue.
  20. At the Installation Complete screen click Next.
    Wireshark installer screen showing the install has completed successfully.
  21. Wireshark will now ask to reboot your machine to complete installation. You can either choose to reboot now or manually reboot later. You will not be able to run packet captures until you reboot your machine. I suggest rebooting right away.
    Wireshark prompting to reboot the computer now or to manually reboot later.

Once your machine has rebooted you should find the Wireshark shortcuts in the locations you specified in the install. For this example the shortcut was found in the Start Menu.

Related: Wireshark User Interface (GUI) Overview

Things You Can Do with Wireshark

  • Deep inspection of numerous protocols
  • Live capture with offline analysis
  • Standard three-pane packet browser
  • Run it on Windows, Linux, OS X, Solaris, FreeBSD, NetBSD, and many others
  • Browse captured network data via a GUI, or via the TTY-mode TShark utility
  • Rich VoIP analysis
  • Read/write  numerous capture file formats
  • Read live data from Ethernet, IEEE 802.11, PPP/HDLC, ATM, Bluetooth, USB, Token Ring, Frame Relay, and FDDI
  • Apply coloring rules to the packet list for quick, intuitive analysis
  • Export output to XML, PostScript, CSV, or plain text

What’s new in Wireshark 2.6.1

  • The Windows installers are now shipped with Qt 5.9.5.
  • Wireshark 2.6 last version that supports the legacy (GTK+) UI. Wireshark 3.0 will not support it.
  • Many UI improvements

Bug Fixes

  • Dumpcap might not quit if Wireshark or TShark crashes. (Bug 1419)

New and updated Wireshark features since 2.5.0

  • HTTP Request sequences now supported
  • Wireshark supports MaxMind DB files
  • Support for GeoIP and GeoLite Legacy databases removed
  • Windows packages built using Microsoft Visual Studio 2017
  • IP map has been removed
  • Display filter buttons can be edited, disabled, and removed directly from the toolbar
  • Drag & Drop filter fields to the display filter toolbar or edit to create a button on the fly or apply the filter as a display filter
  • TShark now supports color
  • Matches display filter operator is now case-insensitive
  • Display expression preferences converted to a UAT
  • SMI private enterprise numbers now read from the enterprises.tsv config file
  • QUIC dissector renamed to Google QUIC (quic → gquic)
  • Show selected packet number in the Status Bar by enabling Preferences → Appearance → Layout → Show selected packet number
  • File load time in Status Bar is disabled by default
  • Support for G.729A codec in RTP Player is added through the bcg729 library
  • Support for hardware-timestamping of packets

See the full release notes for 2.6.1 here.

Recommended for You: Solarwinds Network Performance Monitor (NPM)

Do you know the health of your networking equipment? Know when something goes down before a user reports problems? Know where your bandwidth is going or where you’re losing your packets?

Automate data collection and alerting of your networking infrastructure with Solarwinds NPM so you know exactly what is going on in your network and can sleep easy.

Unlike other tools, NPM is ready to out of the box with most common makes and models of networking equipment. No messing around with custom templates, xml files, or code to extract important information.

Chase Smith, CCNP

Chase Smith, CCNP is a Network Engineer III who has spent the last decade elbow deep in enterprise system administration and networking. He can usually be found trying to warm up behind the storage in the datacenter.

Leave a Reply

Your email address will not be published. Required fields are marked *