Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

Questions on 'Remote Packet Capture Protocol' from Riverbed Technology, Inc.

Posted on 2016-09-18
5
Medium Priority
?
3,237 Views
Last Modified: 2016-09-23
We were informed that the apps Rpcapd.exe in our Windows 10 should be disabled from msconfig.  In msconfig services tab, it's description is "Remote Packet Capture Protocol v.0 (experimental)" from the manufacturer "Riverbed Technology, Inc.".  A bit of googling we found that it's a file called Rpcapd.exe, used for capturing traffic when in remote and that it may be possible that is being used for keylogging.

Question:
What exactly is it?
Should we remove it?
What implication, if any,  is there if we "uncheck" it in services?

Thank you in advance.
0
Comment
Question by:rayluvs
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
5 Comments
 
LVL 64

Accepted Solution

by:
btan earned 1200 total points
ID: 41803648
What exactly is it?
>>Normally it is associated with wireshark which is not common in an user machine, it sniff and capture traffic packet for the machine. Looks like it has become part of Win10. The "d" is a common Linux reference to daemons (process). More info

http://www.bleepingcomputer.com/startups/rpcapd.exe-7147.html


Should we remove it?
>it comes with the OS, I dont see the necessity but can disable the services. I do suspect it may be used by Windows for debug dump though it is not certain of its existence.

What implication, if any,  is there if we "uncheck" it in services?
>I do not foresee any impact as it is not a common usage for user. But good to test out in another test machine or even VM.
0
 
LVL 98

Assisted Solution

by:John Hurst
John Hurst earned 800 total points
ID: 41803677
WinPCap (Riverbed) is not supported on Windows 10 and should not be used. Uninstall it.

Use Win10PCap instead. I have this and it installs properly. It supports the same functions as WinPCap.

http://www.win10pcap.org/
0
 
LVL 64

Assisted Solution

by:btan
btan earned 1200 total points
ID: 41803691
in fact, the use or rpcapd (comes since Wireshark 1.6.2 and WinPcap 4.1.2) has not really been matured to be necessary. It can be used to capture traffic on the target remote machine (with WInPcap) by running Wireshark in your local computer - more details on the setup and testing http://www.marshalgraham.com/2011/10/remote-packet-captures-with-wireshark.html

If it is unnecessary esp it is not know how this appl get into your (local) machine then suggest remove it. Nonetheless, best to let the support team advice as it should not be only be particular to your machine, there maybe other Win10 machine if the team has this appl deployed to the users' machines.
0
 

Author Comment

by:rayluvs
ID: 41803715
Thanx! Great info guys!
0
 
LVL 64

Expert Comment

by:btan
ID: 41804046
As John shared, the supported Win10 pcap equivalent will have these system files wpcap.dll and drivers e.g. Win10Pcap.inf, Win10Pcap.sys and Win10Pcap.cat.
0

Featured Post

When ransomware hits your clients, what do you do?

MSPs: Endpoint security isn’t enough to prevent ransomware.
As the impact and severity of crypto ransomware attacks has grown, Webroot has fought back, not just by building a next-gen endpoint solution capable of preventing ransomware attacks but also by being a thought leader.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Check out the latest tech news, community articles, and expert highlights in August's newsletter.
What's worse than having your data encrypted by ransomware? Getting attacked by a so-called "wiper," which simply destroys the data and offers you no hope of ever seeing it again.
Windows 10 is mostly good. However the one thing that annoys me is how many clicks you have to do to dial a VPN connection. You have to go to settings from the start menu, (2 clicks), Network and Internet (1 click), Click VPN (another click) then fi…
How to fix incompatible JVM issue while installing Eclipse While installing Eclipse in windows, got one error like above and unable to proceed with the installation. This video describes how to successfully install Eclipse. How to solve incompa…

715 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question