# 'Remote Packet Capture ...'?



## octopus-garden (Feb 8, 2009)

Lately I've been checking my computer for things like suspicious programs and keyloggers. I thought I was done my search until I remembered that I should check 'Services' in System Configuration Utility. 

I came across something called 'Remote Packet Capture ..." and from what I read from various websites found in Google, it seems like it may be a monitoring program.. I'm not exactly sure of this though, but I was wondering if my suspicions are correct. The service does appear to be stopped at least.

If anyone could give me more information about 'Remote Packet Capture ...', it would definitely be appreciated!  Thanks in advance.


----------



## tetonbob (Jan 10, 2005)

If you open services.msc, scroll down to the service and check it's properties, what's the path to executable?

Something like this?

"C:\Program Files\WinPcap\rpcapd.exe" -d -f "C:\Program Files\WinPcap\rpcapd.ini"

If so, WinPcap has been installed. 

http://www.bleepingcomputer.com/startups/rpcapd.exe-7147.html

Why, I can't say. Is WinPcap in your Add or Remove Programs applet?

http://www.winpcap.org/


Edit:

Applications which use this driver:

http://www.winpcap.org/misc/links.htm#tools


----------



## octopus-garden (Feb 8, 2009)

Yeah, the path to executable looks something like that. 

I did find WinPap in my Add/Remove Programs applet as well.


----------



## tetonbob (Jan 10, 2005)

Do you use WireShark or any of the other apps listed in the link I edited in?

I have WireShark installed, and have the same service from WinPcap.


----------



## octopus-garden (Feb 8, 2009)

Nope, I don't use any of the apps on the list. I really doubt that my dad uses any of them either since he isn't very good with computers. As far as I know, nobody else put any of those apps on this computer, unless someone secretly put some sort of monitoring program on here like 'Busted!'

Should I just uninstall WinPcap then?


----------



## tetonbob (Jan 10, 2005)

Sure, if you don't think there's a valid reason for a packet capture app to be installed, and if this is your machine and you're the administrator of it. Are you?


----------



## octopus-garden (Feb 8, 2009)

Yeah, I'm the admin of it and it's also password protected. But, my uncle often fixes any issues that occur on this computer so I suspect he may have installed a monitoring program... Like most people, I would prefer to not have my activity monitored.

Thanks for your help!


----------



## tetonbob (Jan 10, 2005)

Please don't quote my posts, no need, I know what I've just said, and it makes me scroll further, thanks. :wink:

Most monitoring software require in the EULA that whoever is installing it notify those who would be monitored. 

Example, Busted:

http://www.pcsentinelsoftware.com/keylogger-busted-faq.htm#faq_27



> Will people know they are being monitored by Busted.Net?
> 
> Only if choose to show a warning message when the computer starts up ( go to the File Menu, then Settings, then check "Warn users at start-up Busted.Net is installed" ). Unless you choose this option Busted.Net is entirely invisible to the user - Busted.Net does not appear as an icon on your desktop, in the Windows system tray, and will not be revealed in your Windows task list. However, by the terms of the License Agreement you are required to notify users Busted.Net is installed on a machine they use and you are responsible for adhering to any legal requirements in your jurisdiction.


If there is monitoring software on this machine, I'm afraid I cannot assist you any further according to the forum rules. This started as a Q&A about a service, but seems to have developed into something different.

http://www.techsupportforum.com/rules.php



> We will not provide any user with information about the location of websites that assist with the following activities
> 
> † software pirating
> † hacking
> ...


Have a frank discussion with your uncle and your father if this is the case. Good luck.


----------



## octopus-garden (Feb 8, 2009)

Ohh, it's fine. 

Once again, thanks for all your help.


----------

