Solved

Questions on 'Remote Packet Capture Protocol' from Riverbed Technology, Inc.

Posted on 2016-09-18
5
849 Views
Last Modified: 2016-09-23
We were informed that the apps Rpcapd.exe in our Windows 10 should be disabled from msconfig.  In msconfig services tab, it's description is "Remote Packet Capture Protocol v.0 (experimental)" from the manufacturer "Riverbed Technology, Inc.".  A bit of googling we found that it's a file called Rpcapd.exe, used for capturing traffic when in remote and that it may be possible that is being used for keylogging.

Question:
What exactly is it?
Should we remove it?
What implication, if any,  is there if we "uncheck" it in services?

Thank you in advance.
0
Comment
Question by:rayluvs
  • 3
5 Comments
 
LVL 63

Accepted Solution

by:
btan earned 300 total points
ID: 41803648
What exactly is it?
>>Normally it is associated with wireshark which is not common in an user machine, it sniff and capture traffic packet for the machine. Looks like it has become part of Win10. The "d" is a common Linux reference to daemons (process). More info

http://www.bleepingcomputer.com/startups/rpcapd.exe-7147.html


Should we remove it?
>it comes with the OS, I dont see the necessity but can disable the services. I do suspect it may be used by Windows for debug dump though it is not certain of its existence.

What implication, if any,  is there if we "uncheck" it in services?
>I do not foresee any impact as it is not a common usage for user. But good to test out in another test machine or even VM.
0
 
LVL 93

Assisted Solution

by:John Hurst
John Hurst earned 200 total points
ID: 41803677
WinPCap (Riverbed) is not supported on Windows 10 and should not be used. Uninstall it.

Use Win10PCap instead. I have this and it installs properly. It supports the same functions as WinPCap.

http://www.win10pcap.org/
0
 
LVL 63

Assisted Solution

by:btan
btan earned 300 total points
ID: 41803691
in fact, the use or rpcapd (comes since Wireshark 1.6.2 and WinPcap 4.1.2) has not really been matured to be necessary. It can be used to capture traffic on the target remote machine (with WInPcap) by running Wireshark in your local computer - more details on the setup and testing http://www.marshalgraham.com/2011/10/remote-packet-captures-with-wireshark.html

If it is unnecessary esp it is not know how this appl get into your (local) machine then suggest remove it. Nonetheless, best to let the support team advice as it should not be only be particular to your machine, there maybe other Win10 machine if the team has this appl deployed to the users' machines.
0
 

Author Comment

by:rayluvs
ID: 41803715
Thanx! Great info guys!
0
 
LVL 63

Expert Comment

by:btan
ID: 41804046
As John shared, the supported Win10 pcap equivalent will have these system files wpcap.dll and drivers e.g. Win10Pcap.inf, Win10Pcap.sys and Win10Pcap.cat.
0

Featured Post

Ransomware: The New Cyber Threat & How to Stop It

This infographic explains ransomware, type of malware that blocks access to your files or your systems and holds them hostage until a ransom is paid. It also examines the different types of ransomware and explains what you can do to thwart this sinister online threat.  

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

If you thought ransomware was bad, think again! Doxware has the potential to be even more damaging.
As cyber crime continues to grow in both numbers and sophistication, a troubling trend of optimization has emerged over the last year.
Windows 8 came with a dramatically different user interface known as Metro. Notably missing from that interface was a Start button and Start Menu. Microsoft responded to negative user feedback of the Metro interface, bringing back the Start button a…
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…

791 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question