This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

Any way to run wireshark standalone (not installing it)

We have some XP machines that have an app that periodically stop communicating with the network. Problem is we have 2500 machines and it's random that they stop. We can't put Wireshark on every machine so I'm wondering if there's a way that when I see one with this app not talking, i can remote in and plop down an executable and run it that way without having to actually install the program. I don't think I can but figured I'd ask.

Thanks.

wireshark

asked 14 Dec '11, 14:38

kelemvor
1●2●2●2
accept rate: 0%

One Answer:

You've got several options. Here are the ones I can think of off the top of my head:

Run the PortableApps version (http://portableapps.com) of Wireshark. When a machine stops communicating, plug your USB flash drive in to that machine, and launch Wireshark Portable. Wireshark itself will run without being installed on the PC. Wireshark requires Winpcap in order to capture traffic, so it will install Winpcap if Winpcap is not already installed on the PC, but it will offer to remove it and clean up when you exit Wireshark.
Download the Windows port of tcpdump found at http://www.microolap.com. You can use this to capture the traffic and save it to disk, then move the file to another machine that has Wireshark installed for the actual analysis. Tcpdump requires no installation. You can simply copy it to the hard drive and execute it. Or not copy it to the hard drive, and execute it from a network share or from a flash drive.
Install Wireshark on a laptop. When a machine stops communicating with the app, assuming you can break the link momentarily, throw a hub inline between the PC and the switch and connect Wireshark to the hub to capture traffic.

answered 14 Dec '11, 16:00

Jim Aragon
7.2k●7●33●118
accept rate: 24%