Wireshark-dev: Re: [Wireshark-dev] Plan to make NPcap available for Wireshark
From: Yang Luo <[email protected]>
Date: Wed, 8 Jul 2015 11:59:19 +0800
The Wireshark suite doesn't hard-code npf.sys per se, it just uses the Service Control Manager (SCM) to check the state of the "npf" service.  To allow co-existence of both WinPCap and NPcap on the same machine that service name should be different for the two libraries.

Arguably that check is a user convenience type of thing, because users have, in the past, stopped the service and been unable to capture.

I mean the "npf" service when I mentioned the driver name "npf.sys", usually the driver name and the service name are the same at most times. IMO this service status checking should be done in the wpcap.dll level. wpcap.dll will know what the service name is and do the job correctly. A good design is, the user software should not assume or invoke anything other than wpcap.dll. But this is what WinPcap has already been like, so no easy solution for this.