Hello, installed wireshark 1.6.0 with wincap 4.1.2 on windows server 2008 R2. When starting wireshark I get the error "The NPF driver isn't running". Logged on as local administrator did not help. Running "SC QC NPF" in command prompt gave me "[SC] OpenService FAILED 1060: The specified service does not exist as an installed service." Checked in Device Manager and the "NetGroup Packet Filter Driver" does not exist. Please advise. Mario asked 30 Jun '11, 01:49 Blindpepper closed 18 Apr '17, 03:02 grahamb ♦ showing 5 of 8 show 3 more comments |
The question has been closed for the following reason “Other” by grahamb 18 Apr ‘17, 03:02
7 Answers:
download winpcap. http://www.winpcap.org/install/default.htm problem solve. answered 07 Jul '12, 13:54 Safiro21 Thank you! Got wireshark up and running again! (11 Aug '12, 12:11) prittypixy |
To cllear this error, you need to open the file called npf.sys which is located at
in Windows 7. Follow the below guide to open the npf.sys file. Firstly, make sure that you have installed winpcap, if you didn't install it, just go to its official site and download it for installation: http://www.winpcap.org Next, find cmd.exe which is located at
in Windows 7, right click and "Run as administrator". When it opened, input net start npf, then the NPF driver is successfully opened. That is,the file npf.sys is opened. At last, restart Wireshark, it will be OK now. BTW, if you have other driver problems or want to update, backup or restore drivers, the free program DriveTheLife (official site: http://www.drivethelife.com) is a perfect one. Note: If you are using Linux or Ubuntu, after WinpCap is installed, use the common " >$ su Administrator " to switch to the highest authority account, then input net start npf . If you are using Windows XP, login with administrator account then open cmd, input net start npf. answered 23 Dec '14, 22:58 OliviaLewis This worked for me and seems to be the best solution if you don't want the WinPCap-Drivers being loaded everytime when Windows starts. Thank you :) (20 Jan '15, 10:04) chickenforce ditto w chickenforce (22 Sep '15, 01:45) mediawhapper |
Right-click wireshark, Run As Administrator answered 19 Feb '13, 12:45 IcebergTitanic
Don't do that!!. There is a good reason (security) for the privilege separation.
(19 Feb '13, 13:11) Kurt Knochner ♦ Run as Administrator worked for me, Thanks. (03 Oct '14, 23:33) Wasike Really not recommended from a security (of your system) point of view, see the Wiki page on Capture Privileges (04 Oct '14, 01:47) grahamb ♦ You can start WireSharp as admin. It starts winpCap driver then you close WireSharp and start it again as a user without admins privileges. (18 Sep '15, 09:56) druzh |
It's possibl that you said "No" to the prompt "start WinPcap driver at boot time." So try restarting the driver. answered 24 Jul '13, 04:28 Kucf Uoy |
If you refer to the CapturePrivileges wiki page, I think you will find the help you need. answered 30 Jun '11, 07:38 cmaynard ♦♦ same problem. this wiki page didn't help. any other sugestions? I'm thinking I have to uninstall and re-install wireshark just to get it working. (14 May '12, 11:14) desert_dweller5 Although WinPCap is distributed along with Wireshark, it's actually a separate project. You could try un-installing and re-installing WinPCap. (14 May '12, 12:51) grahamb ♦ |
I used to always unclick for 'pcap to run at startup' and it was not an issue. With the latest version I installed, it seems it does not install pcap if you choose that. To workaround, I just reinstalled Wireshark and selected to run at startup. I guess you could also run manually install pcap from https://www.winpcap.org answered 31 Mar '15, 14:03 CrazyDazed |
open the Setup once the setup gives the Error open CMD as Administrator and type net stop npf now klik on retry it will continue then again in CMD type net start npf and wireshark will work fine answered 17 Apr '17, 13:13 mathias1xxX |
I have the same problem but I DID consciously selected "No" to the prompt because I DON'T ALWAYS run Wireshark every time my machine is up. Is there a way to automatically/manually load this driver when loading Wireshark? (I don't necessarily need NPF unloaded when Wireshark terminates, as long as it does not auto load during the next reboot.)
As a general rule of thumb, the less stuff you load during boot up the better.
Thanks
@lfm, you are asking a new question, i.e., "Is there a way to automatically/manually load the NPF driver when loading Wireshark?
Please submit a new question rather than piggy-backing on this one.
humm,
I thought I was just expanding on "kucf Uoy's" post. I did say "I have the same problem..." and he did have the correct solution to the major part of my problem.
but sure, what ever you want...
Just keep in mind that the 2/3 of my question in this new thread will be identical to this thread and anyone who has the same concern will now require to peruse two different thread to obtain the solution. (Assuming there is a solution.)
Hope you see this as an efficient use of this forum.
A (totally) automatic way? No, because you must start the NPF service as administrator, but you shall not run Wireshark as administrator.
You can do it manually (or with a scripted solution):
sc start npf
Works great! A quick precise productive response instead of ...
Thank you Kurt!!
To ride on Kurt's coat tail;
sc stop npf
will unload the npf drivers.
Thanks - it works!
I closed the question as it's just attracting random answers.