Wireshark

Submit portable freeware that you find here. It helps if you include information like description, extraction instruction, Unicode support, whether it writes to the registry, and so on.
Message
Author
zamolxis
Posts: 3
Joined: Thu Dec 28, 2006 7:19 am
Location: Toronto
Contact:

Wireshark

#1 Post by zamolxis »

From https://www.wireshark.org/

Q 1.1: What is Wireshark?

A: Wireshark is the world's most popular network protocol analyzer. It has a rich and powerful feature set and runs on most computing platforms including Windows, OS X, and Linux. Network professionals, security experts, developers, and educators around the world use it regularly. It is freely available as open source, and is released under the GNU General Public License.

It is developed and maintained by a global team of protocol experts, and it is an example of a disruptive technology. Wireshark used to be known as Ethereal®. See the next question for details about the name change. If you're still using Ethereal, it is strongly recommended that you upgrade to Wireshark.

For more information, please see the About Wireshark page.

There is an experimental U3 package available for download. My USB stick is not U3, so I did not evaluate it. However, the U3 version qualifies it for "portable" IMHO

User avatar
Andrew Lee
Posts: 3116
Joined: Sat Feb 04, 2006 9:19 am
Contact:

#2 Post by Andrew Lee »

There is an experimental U3 package available for download. My USB stick is not U3, so I did not evaluate it. However, the U3 version qualifies it for "portable" IMHO
I tried the U3 version (rename .u3p to .zip and unzip), but it is not really portable. It still requires WinPCap to be installed. After googling their forum, it appears that the U3 version will automatically prompt to install WinPCap if it is currently not installed on the host system. I don't have a U3 stick, so I can't verify this behaviour, but the EXE in the U3 package definitely requires WinPCap to be installed on the host machine.

If anyone knows of a workaround, or some kind of portable wrapper for Wireshark, please share with us.

Thanks!

Teddybear1974NL
Posts: 10
Joined: Wed May 30, 2007 2:20 am
Location: Netherlands
Contact:

#3 Post by Teddybear1974NL »

I tried it on a u3 stick, and it did indeed install after asking (working without the WinPCap is useless) and it even very nicely de-installed the driver after quiting the application and pulling the usb stick out.

Personally, i think it is an trade off you have to make
Wireshark (formerly known as ethereal) is the best software IP Sniffer I know even with the many commercial packages i have seen included.

Unless you are up to no good, however, it seems to me this is not a day to day used application, but a powerful tool to troubleshoot freaked up networks.

linuxamp
Posts: 21
Joined: Sat Jun 23, 2007 2:22 am

Porableapps Wireshark Package available

#4 Post by linuxamp »

Wireshark (ethereal) now distributes a "portableapps" (paf) version

Details can be found here.
http://www.wireshark.org/download.html

v0.99.7 direct download:
http://prdownloads.sourceforge.net/wire ... .7.paf.exe

linuxamp
Posts: 21
Joined: Sat Jun 23, 2007 2:22 am

Maybe not so good

#5 Post by linuxamp »

I just tried the portableapps version of Wireshark and I don't really care for it.

The problem with wireshark is that it requires Pcap which is a driver. This driver must be installed in windows and requires admin privileges. To get around this, the portableapps version will actually run the winpcap installer upon launch and uninstall winpcap on close.

M@tty
Posts: 192
Joined: Wed May 02, 2007 9:32 am
Contact:

#6 Post by M@tty »

There is a "properly" portable Ethereal: http://web.archive.org/web/200607161322 ... hereal.htm

Problem is it's a very old version and has all the assosciated security flaws.

linuxamp
Posts: 21
Joined: Sat Jun 23, 2007 2:22 am

#7 Post by linuxamp »

Thanks, Actually been using that one for some time now and as someone else pointed out it's also available on download.com along with the other tools from that dead site:
http://www.download.com/PacketStuff-Net ... 28838.html

My question is why can't the new version use whatever trick that old version used to sniff packets. They seem to say that there's no way around installing wpcap as a driver.

portackager
Posts: 169
Joined: Sun Apr 29, 2007 2:01 pm

Re: Maybe not so good

#8 Post by portackager »

linuxamp wrote:I just tried the portableapps version of Wireshark and I don't really care for it.

The problem with wireshark is that it requires Pcap which is a driver. This driver must be installed in windows and requires admin privileges. To get around this, the portableapps version will actually run the winpcap installer upon launch and uninstall winpcap on close.
Heres an email discussion of both authors (portableapps, wireshark) discussing a portable version.

http://www.wireshark.org/lists/wireshar ... 00076.html

Unfortunetly wireshark and winpcap can't be thinstalled also. :roll:

User avatar
Ameri-CAIN
Posts: 121
Joined: Thu Nov 01, 2007 9:11 am
Location: Orange County, California

WiresharkPortable

#9 Post by Ameri-CAIN »

Taken from the Wireshark about documentation...
Wireshark® is the world's most popular network protocol analyzer. It has a rich and powerful feature set and runs on most computing platforms including Windows, OS X, Linux, and UNIX. Network professionals, security experts, developers, and educators around the world use it regularly. It is freely available as open source, and is released under the GNU General Public License version 2.
It is developed and maintained by a global team of protocol experts, and it is an example of a disruptive technology.
Wireshark used to be known as Ethereal®
I have seen a few posts on this before but was wondering why it was never admitted into the database. Is it because you must have Admin permissions, or because you need to install/uninstall WinPcap on the machine? The paf launcher takes care of the WinPcap install/uninstall automatically. If the machine were to crash while running I suppose you would leave WinPcap on the machine, but considering the nature of the program, its a risk I am willing to take. In case anyone is interested, they have version 1.0.3 available as a .paf now.

http://www.wireshark.org/download.html

Also if you are interested in this sort of app, you might also be interested in the HTTPFox Firefox extension. It analyzes all incoming and outgoing HTTP traffic between the browser and the web servers.

https://addons.mozilla.org/en-US/firefox/addon/6647

User avatar
guinness
Posts: 4118
Joined: Mon Aug 27, 2007 2:00 am
Contact:

Ethereal

#10 Post by guinness »

TPFC: http://www.portablefreeware.com/index.php?id=825

No longer available, replaced by Wireshark.

User avatar
Ameri-CAIN
Posts: 121
Joined: Thu Nov 01, 2007 9:11 am
Location: Orange County, California

Re: Ethereal

#11 Post by Ameri-CAIN »

And Wireshark appears to have a portable paf associated with it in the downloads section. Its not stealth, as it installs WinPCAP on opening it, and uninstalls it upon closing, but I have been using it on my computers for sometime now...

http://www.wireshark.org/download.html

User avatar
webfork
Posts: 10836
Joined: Wed Apr 11, 2007 8:06 pm
Location: US, Texas
Contact:

Re: Ethereal

#12 Post by webfork »

I just updated the Ethereal entry to the new website and license. Should we go ahead and add Wireshark to the database or make an addendum to the Ethereal entry?

M@tty
Posts: 192
Joined: Wed May 02, 2007 9:32 am
Contact:

Re: Ethereal

#13 Post by M@tty »

It should be noted that the portable Ethereal does not require administrator settings as it does not install a capture driver on the machine then uninstall it after closing, like I believe the 'portable' Wireshark does.

User avatar
webfork
Posts: 10836
Joined: Wed Apr 11, 2007 8:06 pm
Location: US, Texas
Contact:

Re: Porableapps Wireshark Package available

#14 Post by webfork »

As two programs currently on the site are using the WinPcap driver (SmartSniff and WebVideoCap), and the official site is pointing to a PAF format download, could this be considered portable?

User avatar
SYSTEM
Posts: 2045
Joined: Sat Jul 31, 2010 1:19 am
Location: Helsinki, Finland

Re: Porableapps Wireshark Package available

#15 Post by SYSTEM »

webfork wrote:As two programs currently on the site are using the WinPcap driver (SmartSniff and WebVideoCap), and the official site is pointing to a PAF format download, could this be considered portable?
Not in my opinion. I find WinPcap dependency completely unacceptable.

There is already SmartSniff that can capture TCP/IP packets using raw sockets (without WinPcap). If you need to capture low-level (e.g. ARP) packets, you need Wireshark, but that doesn't make Wireshark portable.
My YouTube channel | Release date of my 13th playlist: August 24, 2020

Post Reply