Tcpdump On Windows May 2026

tshark -D # List interfaces tshark -i 2 # Capture on interface #2 tshark -i 2 -c 10 # Capture 10 packets | tcpdump | tshark equivalent | |---------|------------------| | tcpdump -i eth0 | tshark -i 2 | | tcpdump -c 5 | tshark -c 5 | | tcpdump -w file.pcap | tshark -w file.pcap | | tcpdump -r file.pcap | tshark -r file.pcap | | tcpdump port 80 | tshark -f "port 80" (capture filter) or tshark -Y "tcp.port==80" (display filter) | 💡 Pro tip: tshark supports display filters ( -Y ) which are more powerful than capture filters. 4. Method 3: Using WSL (Windows Subsystem for Linux) This gives you real tcpdump on real Linux kernel inside Windows. Step 1: Install WSL2 # Run in PowerShell as Admin wsl --install Reboot if needed. Install Ubuntu from Microsoft Store. Step 2: Install tcpdump in WSL sudo apt update sudo apt install tcpdump Step 3: Capture traffic from Windows interfaces WSL2 shares the network adapter with Windows. Run:

For a more modern, supported experience on Windows, consider using (comes with Wireshark) or running WSL2 with native tcpdump . But for quick, lightweight captures, windump.exe still works fine. tcpdump on windows