Ask Your Question

How to silently install Wireshark on Windows with the SSHDUMP option

asked 2019-08-23 14:30:27 +0000

LeroyJenkins gravatar image

updated 2019-08-23 18:38:16 +0000

Guy Harris gravatar image

I'm trying to install Wireshark silently while still enabling the SSHdump option. From what I can see, the Wireshark installer does not contain a command line option for ‘SSHdump’. It doesn’t contain a command line for anything other than the defaults.

Currently I'm using: Wireshark-win64-3.0.2.exe /S

Does this option exist? Or is there a way to enable it after it is installed via command line?

edit retag flag offensive close merge delete

2 Answers

Sort by » oldest newest most voted

answered 2020-07-16 15:48:33 +0000

Chuckc gravatar image

The change to install extcap binaries (like sshdump.exe) from the command line in Silent mode has been merged. It is available for testing in the latest builds.

The Bugzilla entry for the patch. See the man page for syntax.

An unrelated issue led to the addition of libssh version in the output of sshdump --version:

C:\Program Files\Wireshark\extcap>sshdump --version
sshdump version 1.0.0
Compiled with libssh version 0.7.3
Running with libssh version 0.7.3/gnutls/zlib
edit flag offensive delete link more

answered 2019-08-28 12:36:02 +0000

LeroyJenkins gravatar image

Figured this out on my own. There doesn't appear to be any command line options to enable this feature.

What I did was install Wireshark with /S, and then once installed in my install script I just copy the sshdump.exe that is contained within the Wireshark.exe installer (use something like 7-zip to open the .exe archive) and copy it to c:\program files\Wireshark\extcap.

Once sshdump.exe is copied to there, it loads everytime Wireshark loads.

edit flag offensive delete link more


You might want to raise an enhancement request at the Wireshark Bugzilla to add suitable switches to the installer.

grahamb gravatar imagegrahamb ( 2019-08-28 12:44:38 +0000 )edit

Hi: Thanks for the steps. I too was able to do this by:

1: Download ... unzip the Windows Wireshark.exe program to a sub-folder
2: You'll find: sshdump.exe inside of the /extcab folder
3: Now: install Wireshark onto your Windows PC like normal
4: After Install: copy over (put) the sshdump.exe file into c:\programfiles\Wireshark\extcab folder
5: Launch Wireshark normally, and you will see the option for ssh remote capture (under the main capture screen)

This was rather helpful
NOTE: By default, the LInux install for Wireshark (comes with) (pre-built) to use the (remote capture process)

Take care

tech9425 gravatar imagetech9425 ( 2020-05-09 17:48:09 +0000 )edit

Should that be the extcap folder?

Chuckc gravatar imageChuckc ( 2020-05-09 18:14:50 +0000 )edit

Request opened to install extcap binaries by default on Windows (Bugzilla )

Chuckc gravatar imageChuckc ( 2020-05-10 16:15:45 +0000 )edit

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Question Tools


Asked: 2019-08-23 14:30:27 +0000

Seen: 7,115 times

Last updated: Jul 16 '20