On Thu, Apr 03, 2003 at 12:50:57AM -0600, Talot12 wrote:
> I went to the services and noticed an unfamiliar service running. The
> name of the service was remote packet capture protocol V.0
> (experimental). The path to the executable was program
> files\winpcap\rpcapd.exe -d -f rpcapd.ini.
If somebody installed WinPcap 3.0 beta on that machine, that might cause
its remote packet capture service to run - the "News" page on the
WinPcap site:
http://winpcap.polito.it/news.htm
says:
10 February, 2003
The beta of WinPcap 3.0 is available from today in the download
section. The main improvements of this release are:
- experimental support for SMP machines
- kernel buffering rewritten from scratch
- experimental support for remote capture.
> My question is based on this information should I continue to pursue
> this app as the culprit
I have no idea whether it could cause those symptoms. You should ask
the WinPcap developers:
http://winpcap.polito.it/contact.htm
about that.
> or is it possible that someone used the software maliciously?
I suspect that service couldn't be used maliciously to do all those
things, but, again, you should ask the WinPcap developers about that.
