Typically when I need to use tshark I do so on a Linux server however there are times where it is convenient to have tshark available on my Windows 7 laptop. The TShark application is installed with Wireshark so installing TShark is very easy using the Wireshark GUI intsaller on Windows. One thing that makes tshark more useful is adding the tshark.exe executable to your PATH on Windows so you can open a command prompt and use TShark from any directory. Follow the directions below to first install Wireshark and then to add the directory that includes tshark.exe to your Windows 7 PATH.
Install Wireshark On Windows 7 :
First visit the Wireshark download page by clicking here. Once downloaded start the installer by double clicking the file downloaded from the Wireshark site which will launch the initial Wireshark installation window.
Follow the instructions until you get to the Choose Components screen as shown below. Make sure that there is a check mark in the box next to TShark.
Verify TShark Component Will Be Installed On Windows 7:
Follow the rest of the steps to complete the Wireshark and TShark installation on your Windows 7 computer. Once Wireshark has been installed open up C:\Program Files\Wireshark to verify that tshark.exe exists within that directory. Once verified we can add that directory to our Windows 7 PATH so whenever tshark is typed from a command prompt it will run the TShark application.
Windows 7 User Accounts Control Panel:
You can open the Windows 7 User Accounts Control Panel by clicking on Control Panel from the Start Menu and then clicking User Accounts. Typically it will open right to the user account you are logged in with and that is typically the account you want to modify the PATH for. Next click the “Change my environment variables” link located in the left side navigation which will open a configuration window similar to the below.
Windows 7 User Account Environment Variables:
In the bottom half of the Environment Variables configuration window scroll down until you see Path in the variable column as shown in the above example image. Double click the row for Path to pop open the Edit System Variable configuration window as shown below.
Edit Windows 7 Path System Variable:
Add “;C:\Program Files\Wireshark” to the end as shown in the above image. Make sure that you first add the semi colon which is used to separate the different directories added to the Path system variable. Click the OK button to save the changes to the Path environment variable and then close all of the Control Panel windows. Now open a command prompt or in this example we use Console2 and then type “tshark -version”. The output should be similar to the below if tshark has been added to the Path variable.
TShark Version Info On Windows 7:
TShark Version Info Text Output:
- TShark 1.4.2 (SVN Rev 34959 from /trunk-1.4)
- Copyright 1998-2010 Gerald Combs <firstname.lastname@example.org> and contributors.
- This is free software; see the source for copying conditions. There is NO
- warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
- Compiled (64-bit) with GLib 2.22.4, with WinPcap (version unknown), with libz
- 1.2.3, without POSIX capabilities, without libpcre, without SMI, with c-ares
- 1.7.1, with Lua 5.1, without Python, with GnuTLS 2.8.5, with Gcrypt 1.4.5,
- without Kerberos, with GeoIP.
- Running on 64-bit Windows 7, build 7600, with WinPcap version 4.1.2 (packet.dll
- version 18.104.22.1681), based on libpcap version 1.0 branch 1_0_rel0b (20091008).
- Built using Microsoft Visual C++ 9.0 build 30729
As you can see above the current TShark version on Windows 7 64-bit is TShark version 1.4.2.