How to use Editcap on Windows?

asked 2021-06-23

Hello. After my last question I found out that I need to use Editcap. I have installed but Editcap is not working, I guess I use it not correctly.

I tried to use it in CMD simply using commands like "editcap -h" and etc, but is not working. I have read the documentation and tried to search any guides on youtube, but still don't understand how to use it on Windows. Please tell me steps I should to do :)

Is the problem that editcap doesn't run at all, so if you try doing "editcap -h" you get "'editcap' is not recognized as an internal or external command, operable program or batch file.", or is the problem that it runs but it doesn't do what you expect?

Guy Harris ( 2021-06-23 )

answered 2021-06-24

You have to be in the "C:\Program Files\Wireshark" directory or add "C:\Program Files\Wireshark\" to your path. Personally, I add to the path because I have all the PCAP files in one folder.

answered 2021-06-23

You'll need to prefix the command with the path to the program and add quotes due to the spaces in the path. Given a default install this would be:

"C:\Program Files\Wireshark\editcap" ...
Asked: 2021-06-23

