This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

[closed] The NPF driver isn’t running

1
1

Hello, installed wireshark 1.6.0 with wincap 4.1.2 on windows server 2008 R2. When starting wireshark I get the error "The NPF driver isn't running". Logged on as local administrator did not help. Running "SC QC NPF" in command prompt gave me "[SC] OpenService FAILED 1060: The specified service does not exist as an installed service." Checked in Device Manager and the "NetGroup Packet Filter Driver" does not exist. Please advise. Mario

asked 30 Jun '11, 01:49

Blindpepper's gravatar image

Blindpepper
16122
accept rate: 0%

closed 18 Apr '17, 03:02

grahamb's gravatar image

grahamb ♦
19.8k330206

I have the same problem but I DID consciously selected "No" to the prompt because I DON'T ALWAYS run Wireshark every time my machine is up. Is there a way to automatically/manually load this driver when loading Wireshark? (I don't necessarily need NPF unloaded when Wireshark terminates, as long as it does not auto load during the next reboot.)

As a general rule of thumb, the less stuff you load during boot up the better.

Thanks

(26 Feb '14, 22:16) IfM

@lfm, you are asking a new question, i.e., "Is there a way to automatically/manually load the NPF driver when loading Wireshark?

Please submit a new question rather than piggy-backing on this one.

(27 Feb '14, 08:38) cmaynard ♦♦

humm,

I thought I was just expanding on "kucf Uoy's" post. I did say "I have the same problem..." and he did have the correct solution to the major part of my problem.

but sure, what ever you want...

Just keep in mind that the 2/3 of my question in this new thread will be identical to this thread and anyone who has the same concern will now require to peruse two different thread to obtain the solution. (Assuming there is a solution.)

Hope you see this as an efficient use of this forum.

(28 Feb '14, 00:56) IfM
1

Is there a way to automatically/manually load this driver when loading Wireshark

A (totally) automatic way? No, because you must start the NPF service as administrator, but you shall not run Wireshark as administrator.

You can do it manually (or with a scripted solution):

  • start an elevated DOS box ('Run as Administrator')
  • run: sc start npf
  • start Wireshark in your regular environment, without Admin privileges.
(28 Feb '14, 01:14) Kurt Knochner ♦

Works great! A quick precise productive response instead of ...

Thank you Kurt!!

(28 Feb '14, 01:28) IfM

To ride on Kurt's coat tail;

sc stop npf

will unload the npf drivers.

(28 Feb '14, 01:42) IfM

Thanks - it works!

(09 Mar '14, 05:17) Guby

I closed the question as it's just attracting random answers.

(18 Apr '17, 03:03) grahamb ♦
showing 5 of 8 show 3 more comments

The question has been closed for the following reason “Other” by grahamb 18 Apr ‘17, 03:02


7 Answers:

3

download winpcap. http://www.winpcap.org/install/default.htm problem solve.

answered 07 Jul '12, 13:54

Safiro21's gravatar image

Safiro21
4612
accept rate: 0%

Thank you! Got wireshark up and running again!

(11 Aug '12, 12:11) prittypixy

2

To cllear this error, you need to open the file called npf.sys which is located at

* C:\Windows\System32\Drivers\

in Windows 7. Follow the below guide to open the npf.sys file.

Firstly, make sure that you have installed winpcap, if you didn't install it, just go to its official site and download it for installation: http://www.winpcap.org Next, find cmd.exe which is located at

* C:\Windows\System32

in Windows 7, right click and "Run as administrator". When it opened, input net start npf, then the NPF driver is successfully opened. That is,the file npf.sys is opened.

At last, restart Wireshark, it will be OK now.

BTW, if you have other driver problems or want to update, backup or restore drivers, the free program DriveTheLife (official site: http://www.drivethelife.com) is a perfect one.

Note: If you are using Linux or Ubuntu, after WinpCap is installed, use the common " >$ su Administrator " to switch to the highest authority account, then input net start npf .

If you are using Windows XP, login with administrator account then open cmd, input net start npf.

answered 23 Dec '14, 22:58

OliviaLewis's gravatar image

OliviaLewis
4113
accept rate: 0%

This worked for me and seems to be the best solution if you don't want the WinPCap-Drivers being loaded everytime when Windows starts.

Thank you :)

(20 Jan '15, 10:04) chickenforce

ditto w chickenforce

(22 Sep '15, 01:45) mediawhapper

1

Right-click wireshark, Run As Administrator

answered 19 Feb '13, 12:45

IcebergTitanic's gravatar image

IcebergTitanic
161
accept rate: 0%

Right-click wireshark, Run As Administrator

Don't do that!!. There is a good reason (security) for the privilege separation.

http://wiki.wireshark.org/Development/PrivilegeSeparation

(19 Feb '13, 13:11) Kurt Knochner ♦

Run as Administrator worked for me, Thanks.

(03 Oct '14, 23:33) Wasike

Really not recommended from a security (of your system) point of view, see the Wiki page on Capture Privileges

(04 Oct '14, 01:47) grahamb ♦

You can start WireSharp as admin. It starts winpCap driver then you close WireSharp and start it again as a user without admins privileges.

(18 Sep '15, 09:56) druzh

1

It's possibl that you said "No" to the prompt "start WinPcap driver at boot time." So try restarting the driver.

answered 24 Jul '13, 04:28

Kucf%20Uoy's gravatar image

Kucf Uoy
161
accept rate: 0%

0

If you refer to the CapturePrivileges wiki page, I think you will find the help you need.

answered 30 Jun '11, 07:38

cmaynard's gravatar image

cmaynard ♦♦
9.4k1038142
accept rate: 20%

same problem. this wiki page didn't help. any other sugestions? I'm thinking I have to uninstall and re-install wireshark just to get it working.

(14 May '12, 11:14) desert_dweller5

Although WinPCap is distributed along with Wireshark, it's actually a separate project. You could try un-installing and re-installing WinPCap.

(14 May '12, 12:51) grahamb ♦

0

I used to always unclick for 'pcap to run at startup' and it was not an issue. With the latest version I installed, it seems it does not install pcap if you choose that. To workaround, I just reinstalled Wireshark and selected to run at startup. I guess you could also run manually install pcap from https://www.winpcap.org

answered 31 Mar '15, 14:03

CrazyDazed's gravatar image

CrazyDazed
1
accept rate: 0%

0

open the Setup once the setup gives the Error open CMD as Administrator and type net stop npf now klik on retry it will continue then again in CMD type net start npf and wireshark will work fine

answered 17 Apr '17, 13:13

mathias1xxX's gravatar image

mathias1xxX
61
accept rate: 0%