Huge thanks to our Platinum Members Endace and LiveAction,
and our Silver Member Veeam, for supporting the Wireshark Foundation and project.

Wireshark-dev: Re: [Wireshark-dev] Plan to make NPcap available for Wireshark

From: Yang Luo <hsluoyb@xxxxxxxxx>
Date: Wed, 8 Jul 2015 11:59:19 +0800
 
The Wireshark suite doesn't hard-code npf.sys per se, it just uses the Service Control Manager (SCM) to check the state of the "npf" service.  To allow co-existence of both WinPCap and NPcap on the same machine that service name should be different for the two libraries.

Arguably that check is a user convenience type of thing, because users have, in the past, stopped the service and been unable to capture.


I mean the "npf" service when I mentioned the driver name "npf.sys", usually the driver name and the service name are the same at most times. IMO this service status checking should be done in the wpcap.dll level. wpcap.dll will know what the service name is and do the job correctly. A good design is, the user software should not assume or invoke anything other than wpcap.dll. But this is what WinPcap has already been like, so no easy solution for this.