Run TShark as a Windows Service with AlwaysUp

How to Run TShark as a Windows Service with AlwaysUp

Ensure that Wireshark's TShark utility starts automatically at boot and captures your network traffic 24/7

Wireshark is a popular set of network protocol analyzer tools; TShark is a command line component designed to capture network traffic.

To configure TShark to run as a service with AlwaysUp:

  1. Download and install AlwaysUp, if necessary.

  2. Download and install Wireshark, if necessary. Please make a note of where you installed it as we will need that location in a later step.

  3. Start AlwaysUp.

  4. Select Application > Add to open the Add Application window:

    Add Application

  5. On the General tab:

    • In the Application field, enter the full path to the TShark executable, tshark.exe. If you installed Wireshark in the default location, this is

      C:\Program Files\Wireshark\tshark.exe

    • In the Arguments field, enter your command line flags for tshark.exe. For this tutorial, we specify the following parameters to capture raw output from a specific device to a set of revolving data files (but none of these parameters are uniquely required to run TShark as a service):

      -i \Device\NPF_{77740E6A-E850-4762-B761-B1D2DEF6ADFB} -b filesize:10000 -b files:5 -w "c:\TShark-Logs\raw-packet-data.pcap"

      Note that you can run tshark.exe -D to list the interfaces available on your system.

      And be sure to put quotes around any file names containing spaces! Indeed, certain commands like -f and -w require double quotes around their values.

    • In the Name field, enter the name that you will call your application in AlwaysUp. We have used TShark but you can specify almost anything you like.

    TShark Windows Service: General Tab

  6. By default, TShark will display a DOS command window when it is run by AlwaysUp. This can be useful for debugging purposes, but if you wish to avoid seeing it, click over to the Logon tab and check the When a user logs on, don't show the application's windows... box.

    TShark Windows Service: Logon Tab

  7. Click over to the Startup tab and check the Ensure that the Windows Networking components have started box. This informs AlwaysUp that TShark needs the TCP/IP networking stack properly initialized before it can start its work.

    TShark Windows Service: Startup Tab

  8. Click the Save button. In a couple of seconds, an application called TShark (or whatever you called it) will appear in the AlwaysUp window. It is not yet running though.

    TShark Windows Service: Created

  9. To start the network capture, choose Application > Start "TShark".

    TShark Windows Service: Running

  10. That's it! Next time your computer boots, TShark will start logging your network traffic immediately, before anyone logs on. We encourage you to edit the application in AlwaysUp and check out the many other settings that may be appropriate for your environment. For example, configure AlwaysUp to send you an email whenever TShark starts (Email tab), or boost TShark's priority to give it preferential treatment on your computer (General tab).



TShark not working properly as a Windows Service?

  • From AlwaysUp, select Application > Report Activity > Today... to bring up a HTML report detailing the interaction between AlwaysUp and your application. The AlwaysUp Event Log Messages page explains the more obscure messages.
  • Are you trying to log data to a network drive? You will need to run your service in a specific account having the necessary permissions (via the LogOn tab) and check the Attempt to automatically reconnect all network drives box on the Startup tab. Read more about the situation in our FAQ.
  • Consult the AlwaysUp FAQ for answers to commonly asked questions and troubleshooting tips
  • Contact us and we will be happy to help!

Download & Try it Free!

Download AlwaysUp and Run as a Service Today! Version 15.5 New!

8.0 MB Installer
Our 12,000+ customers include...
Compatible with Windows 11 Compatible with Windows Server 2022 Compatible with Windows 10
Over 94,000 installations, and counting!
 
AlwaysUp is number 1! Run as a Service with AlwaysUp

Rock-solid for the past 19+ years!