Wireshark mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Anybody seen this before?

From: Martin Visser <martinvisser99 () gmail com>
Date: Tue, 9 Jul 2013 22:16:30 +1000
When you say that "the only place it can be found is in the capture file"
I'm guessing by that you mean it is being sent to an IP or port that is
unknown to you.  Also just because something is obscure doesn't mean it
isn't normal. For instance, these days a lot of web based applications, are
driven by javascript, with lots of embedded code - you may well see a lot
of references to sites for advertising or other reasons.

Anyway is you want to upload a capture, the most useful place is
http://www.cloudshark.org/ (Just make sure it doesn't contain information
you want to keep private)

Also you wish to describe your capture method (is it of traffic to your
machine, or is a capture at your router).

Regards, Martin


Regards, Martin

MartinVisser99 () gmail com


On 9 July 2013 16:32, GaryT <gary () taig net> wrote:


Has anyone seen an activity whereby someone supposedly dumps a load of
data on a machine but the only place it can be found is in the capture
file?  AND much of the same data seems to appear repeatedly.

The "data" looks like a capture of browsing activity, showing many
different URLs, search engine strings, and the resulting web site and/or
domain names. When first noticing it I thought someone was taking (or
reading) part of my browser cache, but looking closer I found the packets
were INCOMING, not outgoing and absolutely NONE of the names could be
applied to any of my (infrequent) search activity.

Initially it seemed as though hackers had been through and someone was
playing games, but surely that can't be true?  However, it appears for all
the world like someone is sending me a load of rubbish. I don't know enough
about the structure or the format of data packets to be able to determine
what's happening.

What are the rules of this list?  Can I send a part of a cap file in a
message, or attach a text file perhaps?  What is common practice here?

GaryT



More information below if needed.

Information:
============
Have just joined this list, mainly to learn as much as possible. I've used
Windows since the 1980s, have been through all versions up to XP where
further upgrades, mainly for the sake of the publisher's bottom line became
a joke.

Began using Linux in 2008 and since then learnt very litle. It's hard to
switch an old brain after so many years of developed habits, good and bad.
Used CommView under Windows in order to identify and observe uninvited
guests and was glad to discover Wireshark to use with Linux.

Currently using Version 1.2.7, running on Ubuntu.

Specifics from the "Help-About"
*************************************************************************
Compiled with GTK+ 2.20.0, with GLib 2.24.0, with libpcap 1.0.0, with libz
1.2.3.3, with POSIX capabilities (Linux), with libpcre 7.8, with SMI 0.4.8,
with c-ares 1.7.0, with Lua 5.1, with GnuTLS 2.8.5, with Gcrypt 1.4.4, with
MIT Kerberos, with GeoIP, with PortAudio V19-devel (built Feb 18 2010
22:31:30), without AirPcap.

Running on Linux 2.6.32-44-generic, with libpcap version 1.0.0, GnuTLS
2.8.5, Gcrypt 1.4.4.

Built using gcc 4.4.3.
*************************************************************************

Am using Firefox 16,0,1 and recently installed a system named Ghostery
which sounds a tad corny but performs impressively in the art of limiting
the activities of intruders.

Apart from that, my Ubuntu machine is fairly normal :-)
______________________________**______________________________**
_______________
Sent via:    Wireshark-users mailing list <wireshark-users () wireshark org**



Archives:    http://www.wireshark.org/**lists/wireshark-users<http://www.wireshark.org/lists/wireshark-users>
Unsubscribe: 
https://wireshark.org/mailman/**options/wireshark-users<https://wireshark.org/mailman/options/wireshark-users>
            mailto:wireshark-users-**request () wireshark org<wireshark-users-request () wireshark org>
?subject=**unsubscribe


___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
             mailto:wireshark-users-request () wireshark org?subject=unsubscribe
Previous By Date Next
Previous By Thread Next

Current thread: