What is it?
WinPcap allows applications to capture and transmit network packets and consists of a driver, that extends the operating system to provide low-level network access, and a library that is used to easily access the low-level network layers. WinPcap comes with Remote Capture capabilities.This requires a remote daemon (called rpcapd) which performs the capture and sends data back and a local client that sends the appropriate commands and receives the captured data.
Description of rpcapd.exe from CACE Technologies
“WinPcap is the industry-standard tool for link-layer network access in Windows environments: it allows applications to capture and transmit network packets bypassing the protocol stack, and has additional useful features, including kernel-level packet filtering, a network statistics engine and support for remote packet capture. WinPcap consists of a driver, that extends the operating system to provide low-level network access, and a library that is used to easily access the low-level network layers. This library also contains the Windows version of the well known libpcap Unix API. WinPcap extends the standard WinPcap code in such a way that all WinPcap-based tools can expoit remote capture capabilities. For instance, the capabillity to interact with a remote daemon are added to the client software without any explicit modification to it. Vice versa, the remote daemon must be explicitely installed (and configured) on the remote machine.”
How does rpcapd.exe run?
Service - rpcapd.exe runs as a background Windows Service under the service name rpcapd.
|What is the community is seeing?||What is the community is doing?|
|About 0.4% of all Boost users have the rpcapd.exe service running.||Of the 0.4% of rpcapd.exe users, 14.3% have disabled it.|
Typical file (disk image) location:
What else is related?
What Windows OS versions does this run on?
Windows Vista Ultimate (6.0.6000.0)
File name: rpcapd.exe
Name: Remote Packet Capture Daemon
Version: 3, 1, 0, 27
Size: 84 KB
Original file name: rpcapd.exe
PE image details
File entropy: 5.52011
File packed: No