Solved

Questions on 'Remote Packet Capture Protocol' from Riverbed Technology, Inc.

Posted on 2016-09-18
5
1,209 Views
Last Modified: 2016-09-23
We were informed that the apps Rpcapd.exe in our Windows 10 should be disabled from msconfig.  In msconfig services tab, it's description is "Remote Packet Capture Protocol v.0 (experimental)" from the manufacturer "Riverbed Technology, Inc.".  A bit of googling we found that it's a file called Rpcapd.exe, used for capturing traffic when in remote and that it may be possible that is being used for keylogging.

Question:
What exactly is it?
Should we remove it?
What implication, if any,  is there if we "uncheck" it in services?

Thank you in advance.
0
Comment
Question by:rayluvs
  • 3
5 Comments
 
LVL 63

Accepted Solution

by:
btan earned 300 total points
ID: 41803648
What exactly is it?
>>Normally it is associated with wireshark which is not common in an user machine, it sniff and capture traffic packet for the machine. Looks like it has become part of Win10. The "d" is a common Linux reference to daemons (process). More info

http://www.bleepingcomputer.com/startups/rpcapd.exe-7147.html


Should we remove it?
>it comes with the OS, I dont see the necessity but can disable the services. I do suspect it may be used by Windows for debug dump though it is not certain of its existence.

What implication, if any,  is there if we "uncheck" it in services?
>I do not foresee any impact as it is not a common usage for user. But good to test out in another test machine or even VM.
0
 
LVL 94

Assisted Solution

by:John Hurst
John Hurst earned 200 total points
ID: 41803677
WinPCap (Riverbed) is not supported on Windows 10 and should not be used. Uninstall it.

Use Win10PCap instead. I have this and it installs properly. It supports the same functions as WinPCap.

http://www.win10pcap.org/
0
 
LVL 63

Assisted Solution

by:btan
btan earned 300 total points
ID: 41803691
in fact, the use or rpcapd (comes since Wireshark 1.6.2 and WinPcap 4.1.2) has not really been matured to be necessary. It can be used to capture traffic on the target remote machine (with WInPcap) by running Wireshark in your local computer - more details on the setup and testing http://www.marshalgraham.com/2011/10/remote-packet-captures-with-wireshark.html

If it is unnecessary esp it is not know how this appl get into your (local) machine then suggest remove it. Nonetheless, best to let the support team advice as it should not be only be particular to your machine, there maybe other Win10 machine if the team has this appl deployed to the users' machines.
0
 

Author Comment

by:rayluvs
ID: 41803715
Thanx! Great info guys!
0
 
LVL 63

Expert Comment

by:btan
ID: 41804046
As John shared, the supported Win10 pcap equivalent will have these system files wpcap.dll and drivers e.g. Win10Pcap.inf, Win10Pcap.sys and Win10Pcap.cat.
0

Featured Post

Flexible connectivity for any environment

The KE6900 series can extend and deploy computers with high definition displays across multiple stations in a variety of applications that suit any environment. Expand computer use to stations across multiple rooms with dynamic access.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

OnPage: Incident management and secure messaging on your smartphone
Ransomware continues to grow in reach and sophistication, putting data everywhere at risk. Learn how to avoid being caught in its sinister clutches with these 11 key tips.
The Task Scheduler is a powerful tool that is built into Windows. It allows you to schedule tasks (actions) on a recurring basis, such as hourly, daily, weekly, monthly, at log on, at startup, on idle, etc. This video Micro Tutorial is a brief intro…
Nobody understands Phishing better than an anti-spam company. That’s why we are providing Phishing Awareness Training to our customers. According to a report by Verizon, only 3% of targeted users report malicious emails to management. With compan…

685 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question