Ask Your Question

Revision history [back]

click to hide/show revision 1
initial version

I am not sure, if this is possible at all. If you start NPF in safe mode it is IMHO an ugly hack.

The safest way (and possibly the only supported way) is to ask your administrator to install Wireshark. For me, it works great out of the box.

Details for the Curious Reader

Wireshark relies on the driver NPF.SYS. The driver is defined in the registry under HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NPF

Each driver has a start type. Possible values and lot are documented by Microsoft. NPF has a start type 2, which is for a "Non-PnP driver that must be started by the service control manager."

Theoretically, you could tinker with the start type, so that NPF looks like an essential driver to Windows. Personally, I think this is a bad idea. It could leave your system unbootable to a point that you require a reinstallation.

In safe mode, Windows will only load very essential drivers. These drivers have only very small to no requirements.

NPF certainly requires a driver for the network card. There might be other dependencies, like NDIS or some mini driver. I don't know, if NPF has error handling for such harsh and unexpected conditions. One of the developers might be able to add a few details.

Dependencies boil down to the registry key HKLM\SYSTEM\CurrentControlSet\Control\ServiceGroupOrder. Microsoft gives a nice overview over the driver load order on a dedicated web site.