What causes the message "The NPF driver isn't running." when running RTI Protocol Analyzer with Wireshark on a Windows Vista system?
RTI Protocol Analyzer with Wireshark uses the Windows Packet capture (WinPcap) driver (called NPF) when it starts to capture live data. Loading the driver requires Administrator privileges. Once the NPF driver is loaded, every local user can capture from the driver until it is stopped. On Windows Vista systems, even though the account may have Administrator privileges, the NPF driver service may not be running.
The article http://wiki.wireshark.org/CaptureSetup/CapturePrivileges recommends a few options on how to start the NPF driver. Specifically, on a Windows Vista system, you can do the following:
- Open a command shell with the "Run as administrator" option.
- Use that shell to enter
net start npf. You should see the following:C:\Windows\system32> net start npf The NetGroup Packet Filter Driver service was started successfully. C:\Windows\system32>
- Close the command shell.
- Restart RTI Protocol Analyzer with Wireshark.