Ask Your Question

Could anyone help look at this capture to find suspicious activity?

asked 2019-09-05 07:08:16 +0000

Worldly_Outcome gravatar image

Hello, I have was wondering if anyone could take a look at this capture and try to help me pick out any weird activity. Ideally exactly where and what was sending the data but even if it is simply letting me know what jumps out to you that would be immensely appreciated. I understand that many of you may be busy so I know I am asking a favor. I have been suspicious of hacking and want to find some sort of proof.

Thank you, I have put a link to the mediafire upload of the capture below.

edit retag flag offensive close merge delete


Also any suggestions on where to go to get this looked at or tips on how to do it myself. I was able to see a few IP addresses with large amount of packets moving between them. Not sure on how to exactly dig into this to get more information though or is that is abnormal.

Worldly_Outcome gravatar imageWorldly_Outcome ( 2019-09-10 05:50:32 +0000 )edit

1 Answer

Sort by ยป oldest newest most voted

answered 2019-09-11 10:02:12 +0000

grahamb gravatar image

The question isn't one that's generally handled here. If you could point to a specific bit of traffic then someone might be interested to look at it.

You may get better support on a site dedicated to malware investigations, e.g. the security forum at Bleeping Computer.

edit flag offensive delete link more


Okay, thank you for the advice. I did find some some traffic that looked weird to me. I did some IP address look up but did not really give me much info other than it was from a state( I am in the USA) that was far from me. Not exactly sure how normal that is but the amount of data going back and forth between this address, along with its variants, had significantly higher packet exchanged between another address. A little under 210,000 packets. I am really new to this stuff yet not completely ignorant. Are there any other sources you can recommend for me to learn to to read this information better? As far as looking at the filters and interfaces it looks fairly straightforward. I can easily sort out the highest traffic and see the basic info about it. What I do not know is what ...(more)

Worldly_Outcome gravatar imageWorldly_Outcome ( 2019-09-11 20:42:23 +0000 )edit

It's actually quite difficult to capture traffic from other devices.

And as to working out what traffic might be significant, unfortunately every system is different, so it's not easy to generalise.

grahamb gravatar imagegrahamb ( 2019-09-12 09:37:28 +0000 )edit

Okay that is good. That makes it a bit easier at least.

I am running windows 10. The reason the one I mentioned seemed weird was because it was super high compared to everything else. Is there some tool that would help decipher exactly what was being sent back and forth?

Worldly_Outcome gravatar imageWorldly_Outcome ( 2019-09-13 03:08:33 +0000 )edit

Hopefully Wireshark will tell you the protocol being used and the IP address of the remote endpoint.

Hopefully the protocol being used will relate to an application on your PC and then using various internet tools to look up the remote IP you can see who "owns" that IP and roughly where they are located (Wireshark also do that with extra configuration) and you can determine whether the traffic is expected or not.

grahamb gravatar imagegrahamb ( 2019-09-13 09:30:28 +0000 )edit

yeah it does and I can figure out my way around it fairly easily. I think I understand how it works for the most part, I came here in hopes of finding someone to who has a strong grasp of this stuff to help me get answers quickly. I guess this is not a bad thing to learn either way. Is there any tool to help decipher what the packet contains? I see the information about info and was wondering if there is way to go deeper. Also I did look up some of the IP addresses I saw and the couple that I did were located in states quite far from mine. I am not sure how normal that is. I know the times I have looked at my log in activity on facebook it will say things like logged in city many miles away on such and such ...(more)

Worldly_Outcome gravatar imageWorldly_Outcome ( 2019-09-13 12:11:17 +0000 )edit

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Question Tools

1 follower


Asked: 2019-09-05 07:08:16 +0000

Seen: 854 times

Last updated: Sep 11 '19