1. The Npf Driver Isn't Running You May Have Trouble Wireshark
2. Npf Driver Isn't Running Wireshark Windows 7

Wireshark relies on the driver NPF.SYS. The driver is defined in the registry under HKEYLOCALMACHINESYSTEMCurrentControlSetServicesNPF. Each driver has a start type. Possible values and lot are documented by Microsoft. NPF has a start type 2, which is for a 'Non-PnP driver that must be started by the service control manager.' Ryan, Just to keep you uptodate. The Wireshark portable app does not seem to be working correctly on Vista. I've tried it on several different machines. I keep getting the message 'The NPF driver isn't running. You may have trouble capturing or listing interfaces.' Wireshark – The NPF driver isn’t running. As soon as I opened my wireshark, the message popped up: “The NPF driver isn’t running As a local administrator do this: net start npf. Now go back and open WireShark. Everything will be ok 😉.

When I start up Wireshark, why do I see this message?

'The NPF driver isn't running. You may have trouble capturing or listing interfaces.'

Matthew SimoneauMatthew Simoneau

4 Answers

You need to run Wireshark with administrator privileges.

1. Exit Wireshark.
2. Find Wireshark on the Start Menu.
3. Right-click on it.
4. Select 'Run as administrator',
5. Click 'Yes' in the user account control dialog.

Matthew SimoneauMatthew Simoneau

It's really best not to run Wireshark as Administrator. See here for an explanation - bugs in the dissector can do a lot more damage when it runs as administrator. A better solution (offered here) is the following:

• Open a command prompt (cmd.exe) using the 'Run as administrator' option
• Run the command sc qc npf
  You will see output similar to this:

• If it looks like this, you will need to start the service using sc start npf
  so that it displays STATE : 4 RUNNING.

• To start the service automatically in future, use sc config npf start= auto
  (that space after the equals sign is important)

Run 'cmd.exe' as Administrator, and go

then

To make sure type 'sc qc npf', you will get the output:

To make it back type:

RTI Protocol Analyzer with Wireshark uses the Windows Packet capture (WinPcap) driver called NPF driver when it starts to capture live data. Loading the driver requires Administrator privileges.

To cllear this error, you need to open the file called npf.sys which is located at

in Windows 7. Follow the below guide to open the npf.sys file.

Firstly, make sure that you have installed winpcap, if you didn't install it, just go to its official site and download it for installation: http://www.winpcap.orgNext, find cmd.exe which is located at

in Windows 7, right click and 'Run as administrator'. When it opened, input net start npf, then the NPF driver is successfully opened. That is,the file npf.sys is opened. At last, restart Wireshark, it will be OK now.

Note:
If you are using Linux or Ubuntu, after WinpCap is installed, use the common ' >$ su Administrator ' to switch to the highest authority account, then input net start npf .

If you are using Windows XP, login with administrator account then open cmd, input net start npf.

The Npf Driver Isn't Running You May Have Trouble Wireshark

Jan Doggen

Not the answer you're looking for? Browse other questions tagged wireshark or ask your own question.

When I start up Wireshark, why do I see this message?

'The NPF driver isn't running. You may have trouble capturing or listing interfaces.'

Matthew SimoneauMatthew Simoneau

4 Answers

You need to run Wireshark with administrator privileges.

1. Exit Wireshark.
2. Find Wireshark on the Start Menu.
3. Right-click on it.
4. Select 'Run as administrator',
5. Click 'Yes' in the user account control dialog.

Matthew SimoneauMatthew Simoneau

Npf Driver Isn't Running Wireshark Windows 7

It's really best not to run Wireshark as Administrator. See here for an explanation - bugs in the dissector can do a lot more damage when it runs as administrator. A better solution (offered here) is the following:

• Open a command prompt (cmd.exe) using the 'Run as administrator' option
• Run the command sc qc npf
  You will see output similar to this:

• If it looks like this, you will need to start the service using sc start npf
  so that it displays STATE : 4 RUNNING.

• To start the service automatically in future, use sc config npf start= auto
  (that space after the equals sign is important)

Run 'cmd.exe' as Administrator, and go

then

To make sure type 'sc qc npf', you will get the output:

To make it back type:

RTI Protocol Analyzer with Wireshark uses the Windows Packet capture (WinPcap) driver called NPF driver when it starts to capture live data. Loading the driver requires Administrator privileges.

To cllear this error, you need to open the file called npf.sys which is located at

in Windows 7. Follow the below guide to open the npf.sys file.

Firstly, make sure that you have installed winpcap, if you didn't install it, just go to its official site and download it for installation: http://www.winpcap.orgNext, find cmd.exe which is located at

in Windows 7, right click and 'Run as administrator'. When it opened, input net start npf, then the NPF driver is successfully opened. That is,the file npf.sys is opened. At last, restart Wireshark, it will be OK now.

Note:
If you are using Linux or Ubuntu, after WinpCap is installed, use the common ' >$ su Administrator ' to switch to the highest authority account, then input net start npf .

If you are using Windows XP, login with administrator account then open cmd, input net start npf.

Jan Doggen

Not the answer you're looking for? Browse other questions tagged wireshark or ask your own question.