Tag Archives: Grab a bag

(transfer) using Wireshark package capture software to prompt the NPF driver isn’t running solution

Wireshark is a powerful packet capture analysis tool. When it is first used on win7/10 64 bit system, unexpected situations may occur. The NPF driver isn’t running. This may be because WinPcap driver is not installed or WinPcap option is not selected when WinPcap is installed.

resolvent:

    WinPcap is not installed. Generally, there is an installation package with WinPcap in the installation directory of Wireshark. The installation package of the green version of Wireshark is usually in the following location: wiresharkportable/APP/Wireshark/WinPcap_ x_ x_ x.exe。 Run the installation once, and then restart the system. Note that there is an auto start option to be selected during the installation process. Otherwise, you may need to manually start the NPF driver every time you use Wireshark. If the installation of WinPcap is wrong, please try to uninstall WinPcap first, and restart the system after the uninstall is completed. If there is a file locking error during the uninstall process, you do not need to pay attention to it. When you restart the computer and re install WinPcap, you may be prompted that WinPcap has been installed in your system. You don’t need to worry about it. Just continue to install it. After the installation, restart the system so that Wireshark can be used normally

    3. None of the above two situations can be solved. First, you need to confirm whether the NPF service has been installed in the system correctly. First, you need to confirm whether the npf.sys file exists in the folder C: windows?System32?Drivers. If the file does not exist, please re install WinPcap. If the file exists, then run CMD (win7/Vista user needs to press start, input CMD search, right-click the icon of cmd.exe in the search program results, and select run as administrator.

    3.1 enter the command to query whether the NPF service is installed

    C:\Windows\system32> sc qc npf
    [SC] QueryServiceConfig SUCCESS

    SERVICE_ NAME: npf
    TYPE : 1 KERNEL_ DRIVER
    START_ TYPE : 2 AUTO_ START
    ERROR_ CONTROL : 1 NORMAL
    BINARY_ PATH_ NAME : system32\drivers\npf.sys
    LOAD_ ORDER_ GROUP :
    TAG : 0
    DISPLAY_ NAME : NetGroup Packet Filter Driver
    DEPENDENCIES :
    SERVICE_ START_ Name:
    with the above results, the output is normal. If not, re install WinPcap and try again.

    3.2 start NPF service manually:

    C:\Windows\system32> SC start NPF
    if there is no error prompt, Wireshark can be used normally.

    3.3 if start in the query result of NPF service_ The value of type is not auto_ If you want to start, you don’t want to run the NPF driver manually every time. You can use the following command to change the NPF service to start automatically.

    C:\Windows\system32> sc config npf start= auto

    The source text of the post is from the website
    and http://blog.sina.com.cn/s/blog_ 718ccdb90102uzqr.html