Ask Your Question

Revision history [back]

I looked at the first capture file listed, as noted in the answer @SYN-Bit, by opening the Statistics -> Protocol Hierarchy dialog you can see the traffic is mostly iSCSI traffic, reads and writes between 192.168.1.142 (probably your machine) & 192.168.1.210.

Using the Statistics -> Conversations dialog, TCP tab (check the Name resolution option) you can see again that most traffic is to the isci-target port (3260) on 192.168.1.210. There are some other smaller conversations to the same IP on ports, 6894, 6895 but these seem to be binary data with nothing standing out.

There is another conversation on port 1000 that does have some vaguely interesting text in it (use the filter tcp.stream == 4 and right click any packet and select Follow -> TCP Stream), where it seems that .242 is sending queries about temperatures and hardware info to .142 which responds with some information. This may or my not be malicious.

You can also view some of the contents of the data transfer over iSCSI, again by clearing the display filter, selecting one of the iSCSI packets and using Follow -> TCP Stream. Looks to be a mix of binary, English, JavaScript??, Portuguese and some other languages.

You should determine what the other computer is (.210) and why your computer is reading and writing data to it over the iSCSI protocol. The text in the follow stream window for the iSCSI traffic might be a clue to you about the data transfer.

I looked at the first capture file listed, as noted in the answer to your similar question by @SYN-Bit, by opening the Statistics -> Protocol Hierarchy dialog you can see the traffic is mostly iSCSI traffic, reads and writes between 192.168.1.142 (probably your machine) & 192.168.1.210.

Using the Statistics -> Conversations dialog, TCP tab (check the Name resolution option) you can see again that most traffic is to the isci-target port (3260) on 192.168.1.210. There are some other smaller conversations to the same IP on ports, 6894, 6895 but these seem to be binary data with nothing standing out.

There is another conversation on port 1000 that does have some vaguely interesting text in it (use the filter tcp.stream == 4 and right click any packet and select Follow -> TCP Stream), where it seems that .242 is sending queries about temperatures and hardware info to .142 which responds with some information. This may or my not be malicious.

You can also view some of the contents of the data transfer over iSCSI, again by clearing the display filter, selecting one of the iSCSI packets and using Follow -> TCP Stream. Looks to be a mix of binary, English, JavaScript??, Portuguese and some other languages.

You should determine what the other computer is (.210) and why your computer is reading and writing data to it over the iSCSI protocol. The text in the follow stream window for the iSCSI traffic might be a clue to you about the data transfer.