Reasonable amount of traffic?

asked 2021-08-18 07:44:41 +0000

I have disabled everything in windows network settings besides ipv4/ipv6. I use simplewall and block all services except I am a gamer and have a ton of games installed and allowed in simplewall, but no traffic is present / games are closed The only established connection in simplewall is kaspersky internet security [avp.exe] Yet, there's 413 packets in 60seconds of running wireshark.

If I allow more microsoft services [that I use], but would be idle, 1180 packets/min If I allow LLMNR / have windows network properties set to default - public >10k packets/min

Is there packets of concern? Some are color coded as black, some as red, I don't know the significance of the colors.

Majority of packets are DNS, DNS/TLS anyway to isolate what application is/why is it making so many DNS queries? With LLMNR etc, there seems to be much more garbage from firesticks/alexas in the house.

edit retag flag offensive close merge delete


Not sure what your actual question is. But DNS qeuries can be read and in alot of cases you can guestimate who is asking the question. If there is a conenction to a host you cen tell which application it is if you the right tools on the machine itself. For Windpws machines your first stop is Sysinternals.

hugo.vanderkooij gravatar imagehugo.vanderkooij ( 2021-08-18 15:31:32 +0000 )edit