[Winpcap-users] pcap_findalldevs returns empty list on Vista

Gianluca Varenni gianluca.varenni at cacetech.com
Tue Sep 30 22:33:31 GMT 2008 

BTW, even though in the WinPcap FAQ we clearly say that in order to change 
the startup type of the NPF service from manual to autostart you need to 
change a registry key, the "blessed" way to do that is to you use the 
Service API in the link below (maybe i should update the FAQs :-)

Have a nice day
GV

----- Original Message ----- 
From: "Gerald Combs" <gerald at wireshark.org>
To: <winpcap-users at winpcap.org>
Sent: Tuesday, September 30, 2008 12:19 PM
Subject: Re: [Winpcap-users] pcap_findalldevs returns empty list on Vista


> NPF.sys is a service, and is controlled like any other service on the 
> system. As
> Carlo says, it must be started in order to capture packets, which requires
> administrator privileges. This wasn't a big deal before Vista, but on 
> Vista
> itself it's a hassle.
>
> We get around the problem in Wireshark using the installer. If we're 
> running on
> Vista, the installer by default writes the value "2" (SERVICE_AUTO_START) 
> to
> HKLM\SYSTEM\CurrentControlSet\Services\NPF\Start. It doesn't interact with
> NPF.sys or any other part of Winpcap directly.
>
> There are a number of ways to control NPF.sys, and many of them are 
> described at
> http://wiki.wireshark.org/CaptureSetup/CapturePrivileges. You can also use 
> the
> Service API: http://msdn.microsoft.com/en-us/library/ms686315(VS.85).aspx
>
> Carlo Medas wrote:
>> Dear John,
>>
>> Packet capturing feature requires administration privileges. If
>> Wireshark installs the service, it's a worksaround for that need.
>>
>> In other case if you want to run your application, you must start it
>> with administration privileges; e.g. by right clicking on it and then
>> selecting "Run as administrator".
>>
>> Br,
>>
>> \Carlo Medas
>>
>> On Tue, Sep 30, 2008 at 8:29 PM, John Bruder <johnb at sisconet.com
>> <mailto:johnb at sisconet.com>> wrote:
>>
>>     My application runs fine with Winpcap 4.0.2 on Windows 2000 and XP,
>>     but fails on Vista because "pcap_findalldevs" returns an empty list.
>>
>>     However, if I install Wireshark on Vista, and check the box to have
>>     it "start the Winpcap NPF service", the "pcap_findalldevs" function
>>     in my application works. If I reinstall Wireshark and do NOT check
>>     the box to "start the Winpcap NPF service", pcap_findalldevs fails
>>     again.
>>
>>     I do not want to require Wireshark to use my application, but the
>>     Winpcap documentation does not explain how to "start the Winpcap NPF
>>     service".
>>
>>     -- 
>>     John Bruder
>>     SISCO, Inc.
>>     6605 19 1/2 Mile Road
>>     Sterling Heights, MI 48314
>>     Phone: 586-254-0020,  Ext. 121
>>
>>
>>     _______________________________________________
>>     Winpcap-users mailing list
>>     Winpcap-users at winpcap.org <mailto:Winpcap-users at winpcap.org>
>>     https://www.winpcap.org/mailman/listinfo/winpcap-users
>>
>>
>>
>> ------------------------------------------------------------------------
>>
>> _______________________________________________
>> Winpcap-users mailing list
>> Winpcap-users at winpcap.org
>> https://www.winpcap.org/mailman/listinfo/winpcap-users
>
> _______________________________________________
> Winpcap-users mailing list
> Winpcap-users at winpcap.org
> https://www.winpcap.org/mailman/listinfo/winpcap-users

More information about the Winpcap-users mailing list