Solved

Questions on 'Remote Packet Capture Protocol' from Riverbed Technology, Inc.

Posted on 2016-09-18
5
370 Views
Last Modified: 2016-09-23
We were informed that the apps Rpcapd.exe in our Windows 10 should be disabled from msconfig.  In msconfig services tab, it's description is "Remote Packet Capture Protocol v.0 (experimental)" from the manufacturer "Riverbed Technology, Inc.".  A bit of googling we found that it's a file called Rpcapd.exe, used for capturing traffic when in remote and that it may be possible that is being used for keylogging.

Question:
What exactly is it?
Should we remove it?
What implication, if any,  is there if we "uncheck" it in services?

Thank you in advance.
0
Comment
Question by:rayluvs
  • 3
5 Comments
 
LVL 62

Accepted Solution

by:
btan earned 300 total points
ID: 41803648
What exactly is it?
>>Normally it is associated with wireshark which is not common in an user machine, it sniff and capture traffic packet for the machine. Looks like it has become part of Win10. The "d" is a common Linux reference to daemons (process). More info

http://www.bleepingcomputer.com/startups/rpcapd.exe-7147.html


Should we remove it?
>it comes with the OS, I dont see the necessity but can disable the services. I do suspect it may be used by Windows for debug dump though it is not certain of its existence.

What implication, if any,  is there if we "uncheck" it in services?
>I do not foresee any impact as it is not a common usage for user. But good to test out in another test machine or even VM.
0
 
LVL 92

Assisted Solution

by:John Hurst
John Hurst earned 200 total points
ID: 41803677
WinPCap (Riverbed) is not supported on Windows 10 and should not be used. Uninstall it.

Use Win10PCap instead. I have this and it installs properly. It supports the same functions as WinPCap.

http://www.win10pcap.org/
0
 
LVL 62

Assisted Solution

by:btan
btan earned 300 total points
ID: 41803691
in fact, the use or rpcapd (comes since Wireshark 1.6.2 and WinPcap 4.1.2) has not really been matured to be necessary. It can be used to capture traffic on the target remote machine (with WInPcap) by running Wireshark in your local computer - more details on the setup and testing http://www.marshalgraham.com/2011/10/remote-packet-captures-with-wireshark.html

If it is unnecessary esp it is not know how this appl get into your (local) machine then suggest remove it. Nonetheless, best to let the support team advice as it should not be only be particular to your machine, there maybe other Win10 machine if the team has this appl deployed to the users' machines.
0
 

Author Comment

by:rayluvs
ID: 41803715
Thanx! Great info guys!
0
 
LVL 62

Expert Comment

by:btan
ID: 41804046
As John shared, the supported Win10 pcap equivalent will have these system files wpcap.dll and drivers e.g. Win10Pcap.inf, Win10Pcap.sys and Win10Pcap.cat.
0

Featured Post

Free camera licenses with purchase of My Cloud NAS

Milestone Arcus software is compatible with thousands of industry-leading cameras for added flexibility. Upon installation on your My Cloud NAS, you will receive two (2) camera licenses already enabled in the software. And for a limited time, get additional camera licenses FREE.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Never store passwords in plain text or just their hash: it seems a no-brainier, but there are still plenty of people doing that. I present the why and how on this subject, offering my own real life solution that you can implement right away, bringin…
These days, all we hear about hacktivists took down so and so websites and retrieved thousands of user’s data. One of the techniques to get unauthorized access to database is by performing SQL injection. This article is quite lengthy which gives bas…
The viewer will learn how to successfully create a multiboot device using the SARDU utility on Windows 7. Start the SARDU utility: Change the image directory to wherever you store your ISOs, this will prevent you from having 2 copies of an ISO wit…
With the advent of Windows 10, Microsoft is pushing a Get Windows 10 icon into the notification area (system tray) of qualifying computers. There are many reasons for wanting to remove this icon. This two-part Experts Exchange video Micro Tutorial s…

910 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

26 Experts available now in Live!

Get 1:1 Help Now