When I start Wireshark, sometimes I’m unable to select the network interface to be used to analyze network traffic. I was able to resolve this by restarting a service called “NetGroup Packet Filter Driver“. Please note, this service can not be found in “Computer Management > Services“.
The procedure below can be followed to resolve this:
- Open a Command Prompt with administrative privileges.
- Execute the command: “sc query npf” and verify if the service is running.
- Execute the command: “sc stop npf” followed by the command: “sc start npf“.
- Open WireShark and press “F5“
Hope this helps!
C:\Windows\system32>sc query npf SERVICE_NAME: npf TYPE : 1 KERNEL_DRIVER STATE : 4 RUNNING (STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN) WIN32_EXIT_CODE : 0 (0x0) SERVICE_EXIT_CODE : 0 (0x0) CHECKPOINT : 0x0 WAIT_HINT : 0x0
C:\Windows\system32>sc stop npf SERVICE_NAME: npf TYPE : 1 KERNEL_DRIVER STATE : 1 STOPPED WIN32_EXIT_CODE : 0 (0x0) SERVICE_EXIT_CODE : 0 (0x0) CHECKPOINT : 0x0 WAIT_HINT : 0x0
C:\Windows\system32>sc start npf SERVICE_NAME: npf TYPE : 1 KERNEL_DRIVER STATE : 4 RUNNING (STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN) WIN32_EXIT_CODE : 0 (0x0) SERVICE_EXIT_CODE : 0 (0x0) CHECKPOINT : 0x0 WAIT_HINT : 0x0 PID : 0 FLAGS :