Hello When installing Wireshark in a Windows XP Virtual Macine, I saw that WinPcap was installed, yet it is not showing up in the Device Manager.
From the Device Manager you can select View->Show hidden devices, then open Non-Plug and Play Drivers and right click on NetGroup Packet Filter Driver. In the driver properties you can set the startup type as well as start and stop the driver manually.
In Windows XP I could only find the "Computer Management (local)/Device Manager" and the NetGroup does not show up, and neither the NPF.
Question; Does WinPcap/NPF work with a Virtual OS?
The NPF driver does show up in the Registry;
I'm not sure what type of virtual machine you have, but I run Windows XP on a virtual machine under VMware Fusion on Mac OS X. It has Wireshark and WinPcap installed, and if I open "Properties" for "My Computer", select the "Hardware" tab, open "Device Manager" with the button, select View -> Show hidden devices, open up Non-Plug and Play Drivers, and control-click (this is a MacBook Pro, that's the only "right click" I can do :-)) on NetGroup Packet Filter Driver and select Properties from the menu, I get a "NetGroup Packet Filter Driver Properties" window.
And, yes, I can capture traffic with Wireshark on that virtual machine.
What happens if you do the same?
answered 09 Jan '12, 12:23
Guy Harris ♦♦