This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

Wireshark 1.0.6 - Compatibility in Windows 7 x 64 bit environment

0

Hi,

We use “Wireshark 1.0.6” in Windows Vista. I was trying to run this in Windows 7 x 64 bit environment and was getting the below error when the shortcut is launched.

"The NPF driver isn't running. You may have trouble capturing or listing interfaces."

Please let me know whether this is compatible with Windows 7 x64 bit environment.

asked 24 May '11, 07:34

Chevron's gravatar image

Chevron
1111
accept rate: 0%

retagged 25 May '11, 21:39

helloworld's gravatar image

helloworld
3.1k42041

3

What version of WinPcap comes with Wireshark 1.0.6? WinPcap 4.1 was the first version to support 64-bit Windows, so if an earlier version of WinPcap came with 1.0.6, you will either have to manually install a newer version of WinPcap or switch to a newer version of Wireshark.

I also don't know whether WinPcap supports, on 64-bit Windows, 32-bit applications using it. If not, you will probably have to upgrade to a newer version of WinPcap built 64-bit.

(24 May '11, 15:54) Guy Harris ♦♦

3 Answers:

3

Wireshark 1.0.x shipped (note the past tense) with WinPcap 4.0.2. As Guy points out, WinPcap didn't officially support Windows 7 x64 until 4.1. You might try installing a newer release of WinPcap separately but you might run into additional problems. 64-bit Windows support was greatly improved in Wireshark 1.2 and has steadily improved since.

You should consider installing Wireshark 1.4 or the upcoming 1.6 release. As the Release Life Cycle page on the wiki points out, 1.0 reached end of life last year and 1.2 will reach EOL in a few weeks.

answered 24 May '11, 16:16

Gerald%20Combs's gravatar image

Gerald Combs ♦♦
3.3k92258
accept rate: 24%

1

First of all - is there any reason why you don't move to 1.2.x or 1.4.x?

Otherwise you should check in the windows services if the NPF service is installed and started, otherwise you are not allowed to capture network data unless starting Wireshark with administrative rights.

answered 24 May '11, 07:41

Jasper's gravatar image

Jasper ♦♦
23.8k551284
accept rate: 18%

We just need to make sure whether this works with Windows 7. If not we will move to higher version.

I have checked the regisrty value of "start" under HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesNPF and it was 3. Changed it to 2.

But when I try the command "net start npf" I am getting the following error

"System error 1275 has occured. this driver has been blocked from loading"

(24 May '11, 08:06) Chevron

Maybe it is blocked by Windows x64 because it isn't signed or not signed correctly/outdated. Windows x64 only allows signed drivers to be loaded.

(24 May '11, 08:09) Jasper ♦♦

I suspect (as has been said in a number of places in comments) that it only allows 64-bit drivers to be loaded; the drivers in the version of WinPcap bundled with WinPcap 1.0.6 are, as per Gerald's comment, NOT 64-bit drivers, and will not and CAN not be loaded by 64-bit Windows.

(04 Feb '12, 16:17) Guy Harris ♦♦

0

Try running Wireshark as administrator. That worked for me.

answered 03 Feb '12, 07:27

ePlurb_admin's gravatar image

ePlurb_admin
1
accept rate: 0%

Running Wireshark 1.0.6 as administrator worked on 64-bit Windows 7? If so, then you must have installed a newer version of WinPcap, as the version of WinPcap bundled with Wireshark 1.0.6 does NOT support 64-bit Windows.

(03 Feb '12, 10:41) Guy Harris ♦♦

You might also want to think very carefully about running Wireshark with Administrator privileges because of security concerns. See the Capture Privileges wiki page for more info.

(03 Feb '12, 15:40) grahamb ♦