On Thu, Apr 03, 2003 at 12:50:57AM -0600, Talot12 wrote: > I went to the services and noticed an unfamiliar service running. The > name of the service was remote packet capture protocol V.0 > (experimental). The path to the executable was program > files\winpcap\rpcapd.exe -d -f rpcapd.ini.
If somebody installed WinPcap 3.0 beta on that machine, that might cause its remote packet capture service to run - the "News" page on the WinPcap site: http://winpcap.polito.it/news.htm says: 10 February, 2003 The beta of WinPcap 3.0 is available from today in the download section. The main improvements of this release are: - experimental support for SMP machines - kernel buffering rewritten from scratch - experimental support for remote capture. > My question is based on this information should I continue to pursue > this app as the culprit I have no idea whether it could cause those symptoms. You should ask the WinPcap developers: http://winpcap.polito.it/contact.htm about that. > or is it possible that someone used the software maliciously? I suspect that service couldn't be used maliciously to do all those things, but, again, you should ask the WinPcap developers about that.