NPF driver Problem in Windows 7

2
1

I am using Windows 7 64bit edition; when i first installed Wireshark it worked, but after restart its constantly telling me NPF driver is not running error and therefore I cannot see any of my network cards. Please help

asked 07 Dec '10, 23:42

Engr%20Mansoor%20Habib's gravatar image

Engr Mansoor...
31124
accept rate: 0%

edited 20 Jan '11, 12:11

Jaap's gravatar image

Jaap ♦
6.0k568

Hi all, I have the exact same symptoms but without the NPF driver error and also I get the proper output from the SC command. Any ideas?

(16 Dec '11, 14:07) Jim Willows
3 Answers:
oldestnewestmost voted
9

I am using Wireshark on the 64-bit edition of Windows 7 without problem.

The npf driver is not visible in your regular "Computer Management" WMI-interface. The npf status is best checked with the command line.

Run a cmd.exe as administrator and run the command sc qc npf.

You should get some output like this:

C:\Windows\system32>sc qc npf
[SC] QueryServiceConfig SUCCESS

SERVICE_NAME: npf
        TYPE               : 1  KERNEL_DRIVER
        START_TYPE         : 2   AUTO_START
        ERROR_CONTROL      : 1   NORMAL
        BINARY_PATH_NAME   : system32\drivers\npf.sys
        LOAD_ORDER_GROUP   :
        TAG                : 0
        DISPLAY_NAME       : NetGroup Packet Filter Driver
        DEPENDENCIES       :
        SERVICE_START_NAME :

If your driver is not properly started, activate it with the command sc start npf

Finally, to start the service automatically, use the command sc config npf start=auto

Remember to run your cmd.exe as administrator when issuing these command.

link

answered 08 Dec '10, 01:26

packethunter's gravatar image

packethunter
1.2k61134
accept rate: 5%

I am running Windows 7 and I have the same issue with the NPF file not running. I tried your command line stuff. I am set as the administrator on this machine and I get an Access Denied error when I try the sc start npf. Any suggestions?

(19 Jan '11, 21:11) Joshua

I have also activated NPF fow windows 7. And wireshark 1.4.3 still says it is not active. And also says there are no interfaces that a capture can be done. I'm running an HP Desktop and Windows 7 Home Premium.

(20 Jan '11, 17:39) yate4899
2

There must be a space after equal sign, i.e.

sc config npf start= auto

The rest is perfect:

sc qc npf
Run as Administrator:
sc start npf

(02 Aug '11, 22:54) Champion

Thank you packethunter, your answer enabled me to get working with Wireshark. One thing though, I can't find the npf service - whose DISPLAY_NAME is given as "NetGroup Packet Filter Driver" listed in the Windows Services. Can anyone enlighten me please?

(17 Oct '11, 16:56) pcwizard
2

You can find the NPF driver under Non-Plug and Play Drivers
To open the Computer Management console go to:
Start | Run
type: compmgmt.msc and hit OK
Select:
Computer Management (Local) | System tools | Device Manager
Pull-down menu View | Show Hidden Devices
Non-Plug and Play Drivers | NetGroup Packet Filter Driver

(17 Oct '11, 21:14) joke

I had to go into the non-plug and play how do I get it to start once I get there?

(10 May '12, 20:01) angelar

right-click NetGroup Packet Filter Driver
select Properties
select tab Driver
Current status: hit Start
BTW
Here you can read more about Startup - Type

(10 May '12, 21:18) joke
1

This solution also works for Windows 8.

(09 Oct '12, 13:41) SamsonSF

Tanx alot, was really helpfull.

(02 Mar, 13:28) s_atayi379

You need to add a space between "start=" and "auto".

(14 Jun, 03:10) Mladen B
showing 5 of 10 show 5 more comments
0

try to run cmd.exe as an administrator (i mean right click it then choose run as administrator) and then use the command sc start npf

link

answered 09 Feb '11, 13:23

EssAm's gravatar image

EssAm
11
accept rate: 0%

edited 10 Feb '11, 09:44

Great!! it is working...BIG THANKS to you. Back to business!

(12 Jan '12, 07:35) deo

Sorry: I meant for the above "Great ..." to have been converted to a comment under answer #1 (not this answer).

(12 Jan '12, 08:05) Bill Meier ♦
0

Just run the shark under administrator and it will work as well.

link

answered 04 Aug '11, 00:44

projek7r's gravatar image

projek7r
15
accept rate: 0%

1

While this may well "work" it isn't really recommended.

There is a huge amount of code in Wireshark that attempts to interpret network data, and allowing that code to run as administrator does open a window (albeit quite small) to "bad stuff" gaining access to the host system as the administrator.

(04 Aug '11, 01:18) grahamb ♦
Your answer
toggle preview

Follow this question

By Email:

Once you sign in you will be able to subscribe for any updates here

By RSS:

Answers

Answers and Comments

Markdown Basics

  • *italic* or _italic_
  • **bold** or __bold__
  • link:[text](http://url.com/ "Title")
  • image?![alt text](/path/img.jpg "Title")
  • numbered list: 1. Foo 2. Bar
  • to add a line break simply add two spaces to where you would like the new line to be.
  • basic HTML tags are also supported

learn more about Markdown

Tags:

×60
×9
×5

Asked: 07 Dec '10, 23:42

Seen: 98,675 times

Last updated: 14 Jun, 03:10

Related questions

The NPF driver isn't running. You may have trouble capturing or listing interfaces.

NPF Driver not working; says service name is invalid when I try to start in cmd!

NTLMSSP_AUTH domain and username truncated to first letter with IE8/Windows 7

Ping Packets Sent & Received Yet Host Unreachable

Wireshark does not detect my Sierra Aircard mobile broadband adapter

win7 64bit wireshark 1.8.2 only can capture receive packets

Closing file please wait - hang

TCP Recieve Window Autotuning and window scaling

Cannot capture wireless traffic anymore?

interface problem

about | faq | privacy | support | contact

powered by OSQA