by

Wireshark Npf Driver Start

  1. Npf Driver Download
  2. Wireshark Npf Driver Windows 10
Active4 years, 5 months ago

Another issue is driver signing: in Windows 10 x64 that really will be changing, so it will be important for WinPcap to be updated before the RTM release - more about this here. Update 3-27-15: Do you want to use Wireshark on Windows 10? Tweet about this problem! Do a post about this issue. Bring it up at Sharkfest in June.

I just installed WireShark, which also installed WinPcap.

During the installation it said 'do you want xxx to start automatically', which I answered yes.

Now I would like to stop the service when I am not running wireshark, but cannot find a service in the list with name wireshark or winPcap.

Is there a service that I can stop? Or do I need uninstall WireShark?

Shiraz BhaijiShiraz Bhaiji
1,1996 gold badges26 silver badges43 bronze badges

3 Answers

The WinPCap services is known as 'NPF' (NetGroup Packet Filter), you can start/stop it on command line with

To find it in a GUI, you'll have to open 'Properties' for 'My Computer', then select the 'Hardware' tab, open 'Device Manager'.Here, select View -> Show hidden devices, open up Non-Plug and Play Drivers, right-click on NetGroup Packet Filter Driver and select Properties from the menu, thus you will get a 'NetGroup Packet Filter Driver Properties' window.

Cédric JulienCédric Julien

Other commands that may be of interest are:

Change NPF to run manually

sc config npf start= demand

Npf Driver Download

Change NPF to run automatically at boot

sc config npf start= auto

NpfAndrew SAndrew S
3683 gold badges5 silver badges12 bronze badges

Though I've always found the command line method to be simpler, there is a GUI way to do this too.

In device manager, select 'Show Hidden Devices' on the view menu, then under 'Non-Plug and Play Drivers', the 'NetGroup Packet Filter Driver' is listed. Double-click or right-click and select 'Properties'

On the 'Driver' tab of the properties page, the current status and 'Start' or 'Stop' buttons are displayed.

Wireshark Npf Driver Windows 10

davenpcjdavenpcj

Not the answer you're looking for? Browse other questions tagged windows-xpservicewiresharkwinpcap or ask your own question.

  • okay, I gave an attemp according to the above link, but no luck its still saying 'The NPF driver isn't running'
    while dng I got this doubt after extraction Packet.dll has 4 difft versions (Packet_1.dll, 2, 3, 4) in that I opened properties and checked the details
    (Packet.dll- NT5) (Packet_1.dll- Vista) (Packet_2.dll- Vista) (Packet_3.dll- NT5) (Packet_4.dll- NT4) so here first i copied the (Packet.dll- NT5) but didnt work so tried with (Packet_1.dll- Vista) and the other Vista one both but no luck
    so do u have any idea which one exactly I ned to copy ???
    • I've fixed this via copy File and some Powershell stuff.
      I've bypass that issue.
      I've capture the wincap installation.
      For a 32bits app running on a x64 OS, I've make a condition on the nfp.sys file, in order to copy the x64 amd sys file.
      Then with a Custom Action, I created a service using SC DOS command.
      ' sc create npf binPath= system32driversnpf.sys type= kernel start= auto error= normal tag= no DisplayName= ' NetGroup Packet Filter Driver '
      I used Powershell my CA. VBS script should be also working.