Ask Your Question
0

Unknown Xenix server, malformed packets, enterprise traffic on personal computer.

asked 2022-04-06 06:48:02 +0000

My computer acts weird when I am staying at my boyfriend's house. I have caught it connecting to chromecast destinations without my prompting and have found a lot of unknown traffic in Wireshark including enterprise network indicators from a personal device.

There were 2,000 expert information notes on my pcapng after 7 minutes of connection.

Do you see any red flags of being hacked in this connection? Is it normal for someone to have a secret at-home Xenix Dev server if they supposedly know nothing about networking or servers?

Scrubbed pcapng: https://1drv.ms/u/s!AlusbwXRtIdfgvclg...

edit retag flag offensive close merge delete

1 Answer

Sort by ยป oldest newest most voted
0

answered 2022-04-07 18:14:13 +0000

Guy Harris gravatar image

"Xenix server" doesn't necessarily mean that the machine is running Xenix; it's just a flag in an (old) Microsoft protocol - the machine at 172.18.206.25 also claims to be an "NT server", and a "DFS server", which refers to an SMB protocol feature that was added to SMB well after Xenix was a dead operating system. It's also sending out MDNS messages, and MDNS is another protocol that came out after Xenix was dead.

172.18.206.25's MAC address is given with a prefix of "WesternD", so it's probably a machine made by Western Digital; they do make "Personal Cloud and Network Attached Storage" servers. That's probably what 172.18.206.25 is, so that traffic doesn't look suspicious.

edit flag offensive delete link more

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Question Tools

2 followers

Stats

Asked: 2022-04-06 06:48:02 +0000

Seen: 130 times

Last updated: Apr 07 '22