I get quite a few emails expressing frustration and confusion when people try some of the Windows Wireshark command line utilities like tshark, dumpcap and editcap to mention a few.
The main issue is that many times the Wireshark application folder is not in your path. There are many ways to get around it like
- Change drive and directory to the Wireshark application folder from within the command prompt
- The use full application path for the wireshark utility you are trying to run (ie c:\program files\Wireshark\tshark -D)
- Add the Wireshark application fold to your path – which is the one I will cover in the video
I prefer adding Wireshark to the path so I can type the command from any folder, anytime without having to worry about which folder I’m in as well as typing the fill path with the command.