You won't see an entry for NPF (Netgroup Packet Filter) in your msinfo32 display
until you first run TESTAPP from the WinPCap developers kit at least one time.
Once you run TESTAPP at least one time however, then it should be in your
msinfo32 display from then on. (in other words, you only need to run TESTAPP
*once*. The first time it is run, it *creates* the entry for NPF. Once the entry
for NPF is created (by running TESTAPP *one time*), it does NOT need to ever be
created again. You do NOT need to run TESTAPP each time; you only need to run it
ONCE in order to create the NPF entry.)

Once TESTAPP has been run once (and the NPF entry appears in your "Drivers" list
of your msinfo32 duisplay), then from then on, FishPack will be able to start
the NPF kernel driver service (since it now exists). Note: the NPF (Netgroup
Packet Filter) entry in the msinfo32 display appears in the "Drivers" section of
the msinfo32 display. The name of the service is NPF and the description is
"Netgroup Packet Filter".

Please also note that you need to have *Administrator privileges* in order to
*create* and to *start* the NPF kerne; driver service. That is to say, you need
to be logged onto your Windows system as an "administrator" whenever you: a) run
the TESTAPP program for the very first time (to create the entry for NPF
service), and b) run a program that *starts* the NPF service. (Once the NPF
service has been created and/or started however, then *anyone* (i.e. any
non-administator users) may *use* the service).

For example:

Scenario #1:

Suppose you've just installed WinPCap. What you then need to do is run the
WinPCap "TESTAPP" program (from their developers kit) to complete the
installation. (Running the TESTAPP program is what *creates* the NPF entry in
Windows's Service Manager Database (msinfo display)). BUT, in order to run their
TESTAPP program (to create the NPF entry and thus complete the WinPCap install),
you need to be logged onto Windows as an *Administator*!

So okay. You do that. You logon as an administator and run the WinPCap TESTAPP
program (from their developers kit) and then run msinfo32 and check the
"Drivers" section. Yea! There's an entry for NPF (Netgroup Packet Filter)and its
"Started" status is "True" and its "State" is "running"!

Feeling pleased with yourself you start up Herc and notice that CTCI-W32 is now
working just fine! "Great!" you think. All is fine in the universe.

Some time later you decide to reboot Windows (or need to reboot it for whatever
reason). This takes us into our second scenerio.

Scenario #2:

You've just rebooted your Windows system and it's time to logon. You logon as a
*regular* (NON-Administrator) user. You then try starting Hercules and notice
... what the f**k?! Now CTCI-W32 isn't working! What's going on?!

You then run msinfo32 and notice the entry for NPF is there. Good! But then why
isn't CTCI-W32 working?

You then notice that although the NPF entry is still there, its "Started" state
is False and its "State" is "stopped".

"Hmmm..." you think. "Okay. I guess I need to run that TESTAPP thingy again for
some reason." So you run the TESTAPP program and it doesn't work either! Now
you're really confused!

So what's wrong? Answer: you're not logged on as Administrator!

You need to logon to Windows as an Administrator and THEN either: a) run
Hercules (which will start the NPF service), -or- b) run the TESTAPP program
(which is also able to start the NPF service). Once the NPF service has thus
been *started* [by an Administrator], you can then logoff and re-logon under
your normal user (NON-Administrator) account and run Hercules and/or TESTAPP all
you want! Now that the NPF service has been *started*, *anyone* can use it!

Yes, it's a pain-in-the-arse, but that's the way it is.

In summary:

You need to be an Administrator to:

a. *create* the NPF service.
b. *start* the NPF service.

Furthermore, you can ONLY *create* the service via TESTAPP, but you can *start*
the service via EITHER the TESTAPP program -or- via CTCI-W32 itself. (The
FishPack.dll -- which gets called by the TunTap32.dll which itself gets called
by Hercules -- attempts to start the NPF service if it's not already started).

Once again, you need to be an Administrator to run TESTAPP for the first time
after first installing WinPCap (in order to *create* the msinfo32 entry for the
NPF service), and you need to be an Administrator to *start* the NPF service
each time you reboot Windows.

Now, for those of you who feel that's too much of a PITA ("Pain In The Arse"),
question #19 of the WinPCap FAQ explains how you can modify the NPF service
entry to start automatically each time you reboot Windows:


http://winpcap.polito.it/misc/faq.htm#q-19

Q-19: "Is it possible to start WinPcap automatically when the system
boots?"

A: You can change the start settings of the NPF service to "automatic"
or "system". A way to do this is changing the registry key
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NPF\Start
from 0x3 (SERVICE_DEMAND_START) to 0x2 (SERVICE_AUTO_START) or 0x1
(SERVICE_SYSTEM_START). This works only in Windows NTx.


Hope this helps.

--
"Fish" (David B. Trout)
fish@...


> -----Original Message-----
> From: wo_w [mailto:wo_w@...]
> Sent: Wednesday, June 05, 2002 2:26 AM
> To: hercules-390@yahoogroups.com
> Subject: [hercules-390] Re: CTCI-W32 cann't run on W2K
>
>
> Well, THAT alone doesn't mean a lot...
>
> I've got CTCI-W32 to work, BUT - I don't see NPF in msinfo32 at all !!!
>
> And now for the 2nd BUT: I have to execute TESTAPP (from the WinPcap
> developers kit) first, as suggested by Fish. Even then I don't see
> NPF, but what the heck - it works...
>
>
> Cheers - Wolfgang
>
>
> --- In hercules-390@y..., "wwxch2000" <wwxch2000@y...> wrote:
> > Thanks,Fish.
> > I checked my system found the WinPCap is not installed porperly. No
> > NPF can be found. I don't know how to make it work.Although I
> > reinstalled it.
> > Wu Wen Xin