Questions on 'Remote Packet Capture Protocol' from Riverbed Technology, Inc.

Posted on 2016-09-18
Last Modified: 2016-09-23
We were informed that the apps Rpcapd.exe in our Windows 10 should be disabled from msconfig.  In msconfig services tab, it's description is "Remote Packet Capture Protocol v.0 (experimental)" from the manufacturer "Riverbed Technology, Inc.".  A bit of googling we found that it's a file called Rpcapd.exe, used for capturing traffic when in remote and that it may be possible that is being used for keylogging.

What exactly is it?
Should we remove it?
What implication, if any,  is there if we "uncheck" it in services?

Thank you in advance.
Question by:rayluvs
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
LVL 63

Accepted Solution

btan earned 300 total points
ID: 41803648
What exactly is it?
>>Normally it is associated with wireshark which is not common in an user machine, it sniff and capture traffic packet for the machine. Looks like it has become part of Win10. The "d" is a common Linux reference to daemons (process). More info

Should we remove it?
>it comes with the OS, I dont see the necessity but can disable the services. I do suspect it may be used by Windows for debug dump though it is not certain of its existence.

What implication, if any,  is there if we "uncheck" it in services?
>I do not foresee any impact as it is not a common usage for user. But good to test out in another test machine or even VM.
LVL 95

Assisted Solution

by:John Hurst
John Hurst earned 200 total points
ID: 41803677
WinPCap (Riverbed) is not supported on Windows 10 and should not be used. Uninstall it.

Use Win10PCap instead. I have this and it installs properly. It supports the same functions as WinPCap.
LVL 63

Assisted Solution

btan earned 300 total points
ID: 41803691
in fact, the use or rpcapd (comes since Wireshark 1.6.2 and WinPcap 4.1.2) has not really been matured to be necessary. It can be used to capture traffic on the target remote machine (with WInPcap) by running Wireshark in your local computer - more details on the setup and testing

If it is unnecessary esp it is not know how this appl get into your (local) machine then suggest remove it. Nonetheless, best to let the support team advice as it should not be only be particular to your machine, there maybe other Win10 machine if the team has this appl deployed to the users' machines.

Author Comment

ID: 41803715
Thanx! Great info guys!
LVL 63

Expert Comment

ID: 41804046
As John shared, the supported Win10 pcap equivalent will have these system files wpcap.dll and drivers e.g. Win10Pcap.inf, Win10Pcap.sys and

Featured Post

Forrester Webinar: xMatters Delivers 261% ROI

Guest speaker Dean Davison, Forrester Principal Consultant, explains how a Fortune 500 communication company using xMatters found these results: Achieved a 261% ROI, Experienced $753,280 in net present value benefits over 3 years and Reduced MTTR by 91% for tier 1 incidents.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Smart phones, smart watches, Bluetooth-connected devices—the IoT is all around us. In this article, we take a look at the security implications of our highly connected world.
Did you know that more than 4 billion data records have been recorded as lost or stolen since 2013? It was a staggering number brought to our attention during last week’s ManageEngine webinar, where attendees received a comprehensive look at the ma…
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…

739 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question