Invoke-PSWireshark

1.2

Invoke-PSWireshark.ps1

                                
<#PSScriptInfo

.VERSION 1.2

.GUID 2300fb4a-c280-4e5f-b55d-50fc5c60609f

.AUTHOR Kalichuza

.COMPANYNAME

.COPYRIGHT

.TAGS

.LICENSEURI

.PROJECTURI

.ICONURI

.EXTERNALMODULEDEPENDENCIES 

.REQUIREDSCRIPTS

.EXTERNALSCRIPTDEPENDENCIES

.RELEASENOTES

.PRIVATEDATA

.DESCRIPTION Run tshark.exe from the current session 

#>

<# 

.DESCRIPTION 

 Run tshark.exe from the current session 

#> 

function Invoke-PSWireshark {

    param(

        [string]

        $WiresharkURL = "https://github.com/Kalichuza/ninjaAdminScripts/raw/refs/heads/main/WireShark/WireShark-Portable/WiresharkPortable64.zip",

        [string]

        $NpcapURL = "https://npcap.com/dist/npcap-1.79.exe"

    )

    # 1) Check if Npcap is already installed

    $NpcapInstalled = Get-Service -Name npcap -ErrorAction SilentlyContinue

    if ($NpcapInstalled) {

        Write-Host "[*] Npcap is already installed. Skipping download and installation..."

    } else {

        # Install Npcap silently

        Write-Host "[+] Downloading Npcap..."

        $NpcapInstaller = Join-Path $env:TEMP "npcap.exe"

        Invoke-WebRequest -Uri $NpcapURL -OutFile $NpcapInstaller

        if (-not (Test-Path $NpcapInstaller)) {

            Write-Host "[-] Failed to download Npcap from $NpcapURL"

            return

        }

        Write-Host "[+] Installing Npcap silently..."

        # The /S switch performs a silent install

        # Additional Npcap silent switches documented here: https://npcap.com/guide/#unattended-installation

        Start-Process -FilePath $NpcapInstaller  -NoNewWindow -Wait

        # Optional: Check if Npcap installed by seeing if wpcap.dll or npcap's service is present

        $NpcapCheck = Get-Service -Name npcap -ErrorAction SilentlyContinue

        if (-not $NpcapCheck) {

            Write-Host "[-] Warning: Npcap service not found. The silent install might have failed."

        } else {

            Write-Host "[+] Npcap installed and service found."

        }

    }

    # 2) SET UP PORTABLE WIRESHARK

    Write-Host "[+] Downloading Wireshark Portable..."

    $TempDir = Join-Path $env:TEMP ("WiresharkPortable_{0}" -f ([System.Guid]::NewGuid().ToString()))

    $ZipPath = Join-Path $TempDir "WiresharkPortable.zip"

    $ExtractDir = Join-Path $TempDir "Extracted"

    New-Item -ItemType Directory -Path $TempDir -Force | Out-Null

    try {

        Invoke-WebRequest -Uri $WiresharkURL -OutFile $ZipPath

    }

    catch {

        Write-Host "[-] Error: Failed to download Wireshark from $WiresharkURL"

        return

    }

    if (-not (Test-Path $ZipPath)) {

        Write-Host "[-] Wireshark ZIP not found after download."

        return

    }

    Write-Host "[+] Extracting Wireshark Portable..."

    Expand-Archive -Path $ZipPath -DestinationPath $ExtractDir -Force

    # Locate WiresharkPortable64 folder

    $WiresharkBinPath = Get-ChildItem -Path $ExtractDir -Recurse -Directory |

        Where-Object { $_.Name -eq "WiresharkPortable64" } |

        Select-Object -ExpandProperty FullName -ErrorAction SilentlyContinue

    if (-not $WiresharkBinPath) {

        Write-Host "[-] Error: Could not find 'WiresharkPortable64' directory after extraction."

        return

    }

    $TsharkPath = Join-Path $WiresharkBinPath "App\Wireshark"

    $TsharkExe  = Join-Path $TsharkPath "tshark.exe"

    if (-not (Test-Path $TsharkExe)) {

        Write-Host "[-] Error: tshark.exe not found in $TsharkPath"

        return

    }

    # Add Wireshark to PATH for the session

    $env:Path = "$TsharkPath;$env:Path"

    Write-Host "[+] Wireshark directory added to PATH."

    # Test capture ability

    Write-Host "[+] Testing tshark with Npcap..."

    tshark -D

    Write-Host "[+] Done! Use 'tshark -i <number>' to start capturing."

    Write-Host "[!] IMPORTANT: Npcap is now installed at the system level. Uninstall from Windows Apps/Programs if needed."

}

Invoke-PSWireshark