Getting the most out of Wireshark - Wireshark Tutorial

- [Instructor] In this segment, we'll review how you install Wireshark on a PC or a Mac and we'll cover some choices during installation. And then we'll learn why you should update Wireshark, when prompted. Now I'm here at Wireshark.org which is the Wireshark home page. On the top of the page you'll see information about SharkFest which is Wireshark's annual conference. In the middle, you'll also see more ways you can learn about Wireshark and then on the left, you'll see a link to download Wireshark. On the left-hand side, you'll see three segments. I'll select Documentation and then I'll select Online Multiple Pages which brought me this Web page. This is the Wireshark User's Guide. In here, you can find out a lot of the questions that you might have to improve your functionality while using Wireshark. You'll also see Old Stable Release and Stable Release. Now we'll drop this down. Now the Old Stable Release has versions that were stable in the past and for whatever reason you might want to roll back to an old stable release because the newer version caused some problems. I'll bring this back up and we'll drop down the Stable Release which most of us will use. The Stable Release lists newer versions of Wireshark. Now you'll see the Windows Installer, that's listed first. And here, you see a standard download for either Windows 32- or 64-bit operating systems. And then down below, you'll see Windows Portable. This is a portable app that will only run on an older version of Windows, as you can see. It's a 32-bit application. You'll also find an install for Mac operating systems. To install it on a Mac, you download and unpack the mountable disk image and then simply run the install. In some cases, you may have to complete additional configuration options in order to resolve any errors, but that's rare. If you select Source Code, you'll get an archive of the source code where you can study the various files. If you're serious about development, you should obtain and update your code from Wireshark's Git Repository. I've selected the 64-bit Windows Download and then I'm going to install this. Now this is a standard installation and this gives you your license agreement, and here, you can select some of the components. I generally leave it at the default. Here, you can put additional tasks such as creating a shortcut and associate file extensions. And as you can see, there are a lot of file extensions that allow you to work with other software products that allow you to do some haptic captures. We'll leave this as the default where to install Wireshark. Now once we get here, I want you to take a look, it says Currently installed Npcap version. When installing Wireshark, and especially the first time, you're going to see an option to install Npcap. You'll need to install this if you want to capture packets. Now Npcap comes from the Endmap project and it's the packet sniffing library for Windows. Windows documentation suggests that you use Npcap if you're using Windows 10. So most of us will be using this. Then I'm going to select or leave that default. As you can see here, the current version will be uninstalled so it can give me the latest version of Npcap. Now here is something else you can choose, USB capture. Now that's something you may want to use if you're going to be doing some troubleshooting and you want to see what's happening on your USB interface. Now here, we see the Licensing Agreement for Npcap and I'll select I agree. And here, during the installation options, is what you can also select some other options including Restrict Npcap's drivers access to administrators only. And in this one, I want to Support raw 802.11 traffic, which is wifi. I'll just select that and then I'll say Install. Once the new version of Npcap is installed, select Next and finish the Wizard. The installation is complete. We'll select Next and I'll say to Manually reboot later. So once installed, you're then ready to start using Wireshark. Every once in a while, you'll see a software update. In this case, you'll see a new version of Wireshark is available. It will let you know the version you already have and what's new. Then take a look at this and then you can see one of the things that it's going to do is fix bugs, things that alter the functionality of Wireshark. If there are any new or updated features, they're listed here. And then sometimes they update protocol support. So what I would suggest in most of the cases is you should update so you get the best out of Wireshark.