Deploy Wireshark using SCCM | ConfigMgr

This article covers the steps to deploy Wireshark using SCCM (ConfigMgr). We will download the Wireshark .msi installer, create the application in ConfigMgr and deploy it to endpoints.

Wireshark is the world’s foremost and widely used network protocol analyzer. It is a packet sniffer and analysis tool. It captures network traffic on the local network and stores that data for offline analysis.

Wireshark reminds me of the days when I enrolled for CEH course. I have used this tool a lot, and it is a fantastic tool for network admins and ethical hackers.

If you want to deploy Wireshark application to multiple computers SCCM makes your task easier. If you are using a tool other than SCCM, the deployment should be still easy and thanks to MSI installer.

Download Wireshark Application (MSI installer)

If you go to Wireshark download page, you will probably download an executable (.exe) file. Although you can still package the application using the executable in SCCM, however if you get the Wireshark .msi installer, your effort will be reduced.

Luckily, Wireshark provides the .msi installer for mass deployments. You may not see it on the download page because the link to download is different. Don’t worry I have the download link for you.

Visit the Wireshark automated download page and download the latest version of Wireshark .msi application. Save the Wireshark msi installer to sources folder on your SCCM server. You can also download Wireshark icon and assign it to the application later.

Create Wireshark Application in ConfigMgr

Let’s create Wireshark application in ConfigMgr. Launch the SCCM console and go to Software Library\Overview\Application Management\Applications. Right click Applications and click Create Application.

Create Wireshark Application in SCCM
Create Wireshark Application in SCCM

Select Automatically detect information about this application from installation files. The type of application is Windows Installer (.msi file) and specify the Wireshark .msi installer path. Click Next.

The application details are populated from the Wireshark .msi installer.

Application name: Wireshark
Software version: 

Deployment type name: Wireshark - Windows Installer (*.msi file)
Product Code: {B6A6F6F7-5522-4487-9620-50D1D336C5A5}
Installation behavior: Install for system

Number of files: 2
Content files: 
Create Wireshark Application in SCCM
Create Wireshark Application in SCCM

On the General Information screen, add more details about the Wireshark application. There is something important here about the Wireshark installation command.

The default installation command populated from the Wireshark .msi installer is as follows.

msiexec /i "Wireshark-win64-3.5.1rc0-55-g9cf6caee623e.msi" /q

If you use the same command, the Wireshark application gets installed and there is a Pending hard reboot at the end of the installation. Yes, Wireshark restarts the computer to complete the installation. If you deploy the application as available, the application installs and force reboots the computer.

To avoid the hard reboot, you can append /norestart to the install command. This will prevent the Wireshark application restarting the computer.

Click Next.

Create Wireshark Application in SCCM
Create Wireshark Application in SCCM

Review the settings on Summary window and on Completion window, click Close. This completes the steps to create the Wireshark application in SCCM.

Create Wireshark Application in SCCM
Create Wireshark Application in SCCM

Before you deploy Wireshark using SCCM, you can set an icon for Wireshark application. The icon that you assign here will be visible in Software Center for users.

To set an icon for Wireshark application, go to the application properties, click Software Center tab. At the bottom click Browse and choose the icon. Click Apply and OK.

Assign Icon to Wireshark Application
Assign Icon to Wireshark Application

Deploy Wireshark using SCCM (ConfigMgr)

Let’s look at the steps to deploy Wireshark application using SCCM. In the console, right click Wireshark application and click Deploy.

Deploy Wireshark using SCCM
Deploy Wireshark using SCCM

Click Browse and select a device collection to which you want to target the Wireshark application. Click Next.

Deploy Wireshark using SCCM
Deploy Wireshark using SCCM

On the content window, click Add and select your distribution points. The content must be present on distribution points for the clients to download the content. Click Next.

Deploy Wireshark using SCCM
Deploy Wireshark using SCCM

On the Deployment settings window, select Action as Install and Purpose as Available. Click Next.

Deploy Wireshark using SCCM
Deploy Wireshark using SCCM

Complete the remaining steps in the wizard and close the deploy software wizard. The steps to deploy Wireshark using SCCM is now complete.

Deploy Wireshark using SCCM
Deploy Wireshark using SCCM

Let’s test the Wireshark deployment on few machines. Log in to the client computer and launch the Software Center. From the list of application, select Wireshark and click Install. The client downloads the application content from the distribution point and the Wireshark installation begins.

The Wireshark application installed without any issues. However, I had not used the /norestart switch in the install command which resulted in computer reboot.

+++ Starting Install enforcement for App DT "Wireshark - Windows Installer (*.msi file)" ApplicationDeliveryType - ScopeId_06D36399-9D0B-4B16-B66A-275A46020BC4/DeploymentType_1ea9280c-689b-46b6-8ba7-05f9148fdb5e, Revision - 1, ContentPath - C:\Windows\ccmcache\3, Execution Context - System
Performing detection of app deployment type Wireshark - Windows Installer (*.msi file)
+++ MSI application not discovered [MSI Product Code: {B6A6F6F7-5522-4487-9620-50D1D336C5A5}, MSI Product version: ]
    App enforcement environment: 
	Context: Machine
	Command line: msiexec /i "Wireshark-win64-3.5.1rc0-55-g9cf6caee623e.msi" /q
	Allow user interaction: No
	UI mode: 0
	User token: null
	Session Id: 1
	Content path: C:\Windows\ccmcache\3
	Working directory: 	AppEnforce
    Prepared working directory: C:\Windows\ccmcache\3
Found executable file msiexec with complete path C:\Windows\system32\msiexec.exe
    Prepared command line: "C:\Windows\system32\msiexec.exe" /i "Wireshark-win64-3.5.1rc0-55-g9cf6caee623e.msi" /q /qn
Valid MSI Package path = C:\Windows\ccmcache\3\Wireshark-win64-3.5.1rc0-55-g9cf6caee623e.msi	AppEnforce
    Advertising MSI package [C:\Windows\ccmcache\3\Wireshark-win64-3.5.1rc0-55-g9cf6caee623e.msi] to the system.
    Executing Command line: "C:\Windows\system32\msiexec.exe" /i "Wireshark-win64-3.5.1rc0-55-g9cf6caee623e.msi" /q /qn with user context
    Working directory C:\Windows\ccmcache\3
    Post install behavior is BasedOnExitCode
    Waiting for process 5700 to finish.  Timeout = 120 minutes
    Process 5700 terminated with exitcode: 1641
    Looking for exit code 1641 in exit codes table
    Matched exit code 1641 to a PendingHardReboot entry in exit codes table.
Deploy Wireshark using SCCM
Deploy Wireshark using SCCM