Packet capture rate at 14,000 per second without anything running, is my PC compromised ?
On 26 February, I was sitting in an internet cafe shop, running Wireshark and Snort to measure traffic on the computer that I was sitting at. The rate of packet capture per second was too high (peaked at 14,000) that Wireshark got malfunctioned, whereas Snort still worked normally https://imgbox.com/41aBuJK2 . So, I saved only Snort log files instead of pcap files from Wireshark https://mega.nz/folder/11MF1aYI#cNcAE... .
Recording video: https://www.youtube.com/watch?v=5m6gI...
When analyzing the log files on Wireshark, I only see that almost all of conversations of my client computer are with an another computer in the shop, whose local IP address is 192.168.1.242. However, I'm pretty sure that kids in the internet cafe shop plus the owner did not do anything to transfer files between my computer and theirs. Additionally, this has already occurred many times in not just only that internet shop but also other shops.
As I have been cyber-spied on intensely by Vietnam. I suspect that this is Vietnam cyber-espionage on me. Since this is a nation state actor, it is not surprising when its cyber-spies are capable of hiding their identity by using one of the computers in internet cafe shops to intrude into the other ones.
fixed 192.168.1.242, not 192.168.1.241
@SYN-bit@grahamb , please give some thoughts about this. I put pcap files captured by Wireshark in Caploader (trial version) and then double-clicked on the conversation that generated the highest number of capture packets (screenshot: https://imgbox.com/jRVUD3Wa) to see the content of the conversation. The contents show Porttugese and Indonesian texts like this:
Indonesian: https://controlc.com/9b236d03 (https://imgbox.com/7JQvpq1S)
Portugese: https://controlc.com/bc035899 (https://imgbox.com/HSqgxFG1)
Download links to the pcap files are put in the description of this Youtube video: https://www.youtube.com/watch?v=2xoBF...
Videos aren't useful when attempting to analyze traffic. Please post the capture files on a public share and then a link to them back here.
@grahamb I uploaded the capture files to Mega.nz, which you can download them here:
Link 1 (1.08 Gb): https://mega.nz/file/DrwCzaKQ#UruEWmr... Link 2 (3.15 Gb): https://mega.nz/file/Cq4UxY4K#QIFQucZ... Link 3 (1.16 Gb): https://mega.nz/file/OuhgQaLA#2A1d_Vc...
For capture files in link1 & link2, I opened them in Caploader (free trial version) and double-clicked on the most intense conversation to see the content of the conversation, and then I copied and pasted the contents here:
https://controlc.com/9b236d03https://controlc.com/bc035899
As I'm just a layman in Wireshark analysis, these codes look meaningless to me. Please help me to analyze them, grahamb.