Yes, you are right, WinPcap is a service (but mainly a driver), named NetGroup Packet Filter Driver. The fact is that it cannot be seen in the Windows Services Manager.
You can find it in the registry at :
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NPF Not tested, but it seems that you can change the way the service starts. Navigate to the registry key above. Then you will find a REG DWORD value named Start. Values are :
- Value
0x3: SERVICE_DEMAND_START - Value
0x2: SERVICE_AUTO_START - Value
0x1: SERVICE_SYSTEM_START
In the doc they say that it's work only on Windows NTx, but give it a try ! On my system it is set to 0x2.
To view it in a GUI, goto (i am talking about Windows7, hope it will work on Windows8) :
- Run
msinfo32.exe - Then expand
Software environment - Then choose
System Drivers
Here you can get the status for npf service (but cannot interact with it)
Edit :
How can I directly confirm that this "service" is running on Windows 8?
You can use this from the command prompt to check the service state :
sc query "npf" or this, to check specificaly if it is running :
sc query "npf" | findstr RUNNING or sc query "npf" | find "RUNNING" Edit 2 :
Mysterious :
sc querylists 85 services - none of which is "npf" - butsc query npfwill find it.
Seems normal. Regarding the doc this is the way sc works.
By default, SC lists only services, not drivers. NPF is more a driver.
To get all drivers :
sc query type= driver(NPF will appears)To get all (Services + Drivers) :
sc query type= all(NPF will appears also)