This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

NPF driver

0

When I start Wireshark Legacy I get the message NFP driver not running. What does that mean?

asked 17 Oct '16, 06:59

liverpool61's gravatar image

liverpool61
6112
accept rate: 0%

edited 24 Oct '16, 07:30

grahamb's gravatar image

grahamb ♦
19.8k330206

Presumably you actually mean the NPF driver. This is the capture driver (WinPcap) used by Wireshark and is installed by default with Wireshark. Do you see the same error with the normal (Qt version)?

(17 Oct '16, 07:05) grahamb ♦

One Answer:

1

Assuming that you refer to the NPF driver (as mentioned by Graham) you might need to start the driver manually.

This is done by running cmd.exe with administrative right. On the command line enter sc qc npf

C:\>sc qc npf
[SC] QueryServiceConfig SUCCESS

SERVICE_NAME: npf TYPE : 1 KERNEL_DRIVER START_TYPE : 2 AUTO_START ERROR_CONTROL : 1 NORMAL BINARY_PATH_NAME : system32\drivers\npf.sys LOAD_ORDER_GROUP : TAG : 0 DISPLAY_NAME : NetGroup Packet Filter Driver DEPENDENCIES : SERVICE_START_NAME :

If your driver is not properly started, activate it with the command sc start npf

To start the service automatically, use the command sc config npf start= auto

Looks like this is still causing grief, since we had the question quite a while back:

https://ask.wireshark.org/questions/1281/npf-driver-problem-in-windows-7?page=1&focusedAnswerId=1282#1282

answered 19 Oct ‘16, 00:51

packethunter's gravatar image

packethunter
2.1k71548
accept rate: 8%

This is a reasonably common complaint, but I’ve never identified how it comes about. I’ve never had this issue and I’ve installed WinPcap on many systems. I’ve tended to put it down to finger trouble and\or overzealous security\management apps or PC speedup apps.

(19 Oct ‘16, 03:21) grahamb ♦