Ask Your Question
0

Wireshark suddenly captured lots of traffic without anything running + CPU usage jumped from 0% to 30%. Could somebody interpret what happened by looking at pcap file

asked 2022-04-19 20:51:00 +0000

laurentz1241 gravatar image

updated 2022-04-19 20:53:37 +0000

I use Parrot Security OS. There wasn't anything running except for Wireshark and htop. I left my PC to go upstairs for about 2 minutes and returned. After returning, I saw CPU usage of my PC had been jumping to about 30% and in htop which listed all running processes by percentage of their CPU consumption, I saw dpkg query was taking up the most CPU usage as shown in this screenshot. The screenshot was taken about 20 second after the CPU usage had dropped to its normal state. Checking the pcap file captured by Wireshark, it's like my PC suddenly commanded itself to download and install some software without using the terminal, and everything was done by using CPU rather than Network connection b/c, in the screenshot, the system monitor shows that CPU usage was high while Network usage was low.

As I'm just a layman in Wireshark analysis, could somebody take a look at the capture file and tell me what happened. As I've been cyber-spied on by Vietnam, so it's likely that Vietnam's cyber-spies must have done this.

edit retag flag offensive close merge delete
add a comment

1 Answer

Sort by ยป oldest newest most voted
0

answered 2022-04-20 05:04:32 +0000

Jaap gravatar image

Not a Wireshark question. This is the system maintaining itself through unattended upgrades.

edit flag offensive delete link more

Comments

I checked file dpkg.log at /var/log/dpkg.log and don't see anything installed when the strange traffic was being captured by Wireshark https://imgbox.com/V0t1CGXVhttps://imgbox.com/A2jejERM

I also checked files inside folder unattended-upgrades at /var/log/unattended-upgrades and don't see anything installed on the date when the strange thing happened https://imgbox.com/prt5zJKehttps://imgbox.com/GwAgw0Pahttps://imgbox.com/K0Qa3X54

Is all history of unattended upgrades stored in dpkg.log and unattended-upgrades.log and unattended-upgrades-dpkg.log ?

laurentz1241 gravatar imagelaurentz1241 ( 2022-04-20 07:29:42 +0000 )edit

Well, if nothing was installed then the system must have been up to date already. Again, not a Wireshark question, but something to discuss on the parrot OS community

Jaap gravatar imageJaap ( 2022-04-20 11:01:35 +0000 )edit
add a comment

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Question Tools

1 follower

subscribe to rss feed

Stats

Asked: 2022-04-19 20:51:00 +0000

Seen: 297 times

Last updated: Apr 20 '22

Related questions

Packet capture rate at 14,000 per second without anything running, is my PC compromised ?

Capture incoming packets from remote web server

How to set packet metadata in realtime?

Monitor device

Why would I be getting "LEN 1 (Malformed Packet)"... "(Malformed Packet: RTCP)" on UDP Packets

What is wrong with my internets?!

How do I dissect multiple packets?

How do I get relative ack number greater than sequence number?

How do I use the fragment_add_seq_check function in UDP packet reassembly?

Is it possible to use reassembly on non-split packets?

Copyright Wireshark Foundation, 2017-2023 Content on this site is licensed under a Creative Commons Attribution Share Alike 3.0 license.
about | faq | help | privacy policy | terms of service
Powered by Askbot version 0.10.2