KFSensor's Network Protocol Analyzer feature makes use of industry standard network packet capturing libraries. This means KFSensor can work along side other security software such as Wireshark, which use the same libraries.
KFSensor will work without a network packet capturing library being installed but functionality associated with the Network Protocol Analyzer will then be disabled.
There are two different network packet capturing libraries to choose from; WinPCap or Npcap.
Both are free to use and both provide the functionality needed by KFSensor. If both are installed on the same machine then KFSensor will pick Npcap in preference to WinPCap.
It is best to download and install one of these libraries before installing KFSensor. Installing one later on will require an additional reboot of the machine.
WinPCap is the original network packet capturing library for Windows and KFSensor has worked with it for many years.
Unfortunately WinPCap is no longer being maintained. It is reliable for older versions of Windows, but can be difficult to install on versions of Windows 10.
The WinPCap installation program can either be obtained from the KeyFocus web site, or direct from the WinPCap web site:
Npcap is based on WinPCap, with an updated codebase to support the latest Windows APIs.
It is recommend for use on Windows 10.
Npcap is maintained by the Nmap project and for licensing reasons the Npcap installation must be downloaded directly from their web site:
To install KFSensor you must be logged on with full administration rights to the local machine.
In the next step you will be asked to choose the folder where KFSensor should be located.
The "Program Files" path is a good place to install KFSensor as it inherits a high level of access security. This is explained in the next section.
After selecting the program group where KFSensor should be installed in the Start menu, the installation will begin.
You will need to restart your machine before KFSensor can become operational.
You should register your copy of KFSensor within two days to make it fully operational.
You can then either start using KFSensor straight away or complete the secure aspects of the configuration, as described in the next section.