Npcap driver service's registry key is usually in:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\npf. In this key, you need to manually create a
REG_DWORD value named
the value can be (in decimal):
0, DEFAULT_TIMESTAMPMODE 1, TIMESTAMPMODE_SYNCHRONIZATION_ON_CPU_WITH_FIXUP 2, TIMESTAMPMODE_QUERYSYSTEMTIME 3, TIMESTAMPMODE_RDTSC (only supported on x86 systems) 99, TIMESTAMPMODE_SYNCHRONIZATION_ON_CPU_NO_FIXUP
If this value doesn't exsit, Npcap will regard
Don't forget to reboot the driver by
net stop npf and
net start npf to make this option change take effect.
You can also refer to https://www.wireshark.org/lists/wireshark-users/201008/msg00171.html and https://www.wireshark.org/lists/wireshark-users/201001/msg00125.html for the details about Timestamp Mode.