Ask Your Question
0

Unknown Xenix server, malformed packets, enterprise traffic on personal computer.

asked 2022-04-06 06:48:02 +0000

drawer1232 gravatar image

My computer acts weird when I am staying at my boyfriend's house. I have caught it connecting to chromecast destinations without my prompting and have found a lot of unknown traffic in Wireshark including enterprise network indicators from a personal device.

There were 2,000 expert information notes on my pcapng after 7 minutes of connection.

Do you see any red flags of being hacked in this connection? Is it normal for someone to have a secret at-home Xenix Dev server if they supposedly know nothing about networking or servers?

Scrubbed pcapng: https://1drv.ms/u/s!AlusbwXRtIdfgvclg...

edit retag flag offensive close merge delete
add a comment

1 Answer

Sort by ยป oldest newest most voted
0

answered 2022-04-07 18:14:13 +0000

Guy Harris gravatar image

"Xenix server" doesn't necessarily mean that the machine is running Xenix; it's just a flag in an (old) Microsoft protocol - the machine at 172.18.206.25 also claims to be an "NT server", and a "DFS server", which refers to an SMB protocol feature that was added to SMB well after Xenix was a dead operating system. It's also sending out MDNS messages, and MDNS is another protocol that came out after Xenix was dead.

172.18.206.25's MAC address is given with a prefix of "WesternD", so it's probably a machine made by Western Digital; they do make "Personal Cloud and Network Attached Storage" servers. That's probably what 172.18.206.25 is, so that traffic doesn't look suspicious.

edit flag offensive delete link more
add a comment

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Question Tools

2 followers

subscribe to rss feed

Stats

Asked: 2022-04-06 06:48:02 +0000

Seen: 106 times

Last updated: Apr 07 '22

Copyright Wireshark Foundation, 2017-2023 Content on this site is licensed under a Creative Commons Attribution Share Alike 3.0 license.
about | faq | help | privacy policy | terms of service
Powered by Askbot version 0.10.2