Ask Your Question

Why Is There HTTP traffic?

asked 2022-06-11 00:32:19 +0000

Vtechie gravatar image

updated 2022-06-11 00:33:21 +0000

I connected my computer to the back of the Hitron Modem, just watched the traffic capture. I had no Web Browser active, yet I have HTTP traffic. So, why would that be happening.

Also, This shows a Cadant Device, and I was connected to the Hitron Modem and this is not the Hitron Modem Mac Address. So, what is happening here and why?

If your interested in telling me when I copied this from Libre Office, I had to enter everything on the right side, skip a line so it would not be all swished together.

Thank you,


Frame 127: 66 bytes on wire, 66 bytes captured on interface \Device\NPF_{MY COMPUTERS ID}, id 0

Arrival Time: Jun 10, 2022 11:39:52.983081000 Central Daylight Time

Ethernet II, Src: Dell_XX:XX:XX (XX:XX:XX :XX:XX:XX ), Dst: Cadant_XX:XX:XX (XX:XX:XX:XX:XX:XX )

Destination: Cadant_XX:XX:XX (XX:XX:XX:XX:XX:XX )

Source: Dell_XX:XX:XX (XX:XX:XX :XX:XX:XX )

Type: IPv4 (0x0800) Internet Protocol Version 4, Src: XX.XXX.140.197 (XX.XXX.140.197), Dst: XX.XXX.4.52 (XX.XXX.4.52)

0100 .... = Version: 4
.... 0101 = Header Length: 20 bytes (5)

Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT)

Total Length: 52

Identification: 0x4d32 (19762)

Flags: 0x40, Don't fragment

...0 0000 0000 0000 = Fragment Offset: 0

Time to Live: 128

Protocol: TCP (6)

Header Checksum: 0x0000 incorrect, should be 0xf6c2(may be caused by "IP checksum offload"?)

[Header checksum status: Bad]

[Calculated Checksum: 0xf6c2]

Source Address: XX.XXX.140.197(XX.XXX.140.197)

<Source or Destination Address: XX.XXX.140.197 (XX.XXX.140.197)>

<[Source Host: XX.XXX.140.197]>

<[Source or Destination Host:XX.XXX.140.197]>

Destination Address: XX.XXX.4.52(XX.XXX.4.52)

<Source or Destination Address: XX.XXX.4.52 (XX.XXX.4.52)>

<[Destination Host: XX.XXX.4.52]>

<[Source or Destination Host:XX.XXX.4.52]>

Transmission Control Protocol, Src Port: 54223 (54223), Dst Port: http (80), Seq: 0, Len: 0

Source Port: 54223 (54223)

Destination Port: http (80)

<Source or Destination Port: 54223 (54223)>

<Source or Destination Port: http (80)>

[Stream index: 0]

[Conversation completeness: Complete, WITH_DATA (31)]

[TCP Segment Len: 0]

Sequence Number: 0    (relative sequence number)

Sequence Number (raw): 1053122550

[Next Sequence Number: 1    (relative sequence number)]

Acknowledgment Number: 0

Acknowledgment number (raw): 0
1000 .... = Header Length: 32 bytes (8)

Flags: 0x002 (SYN)

    000. .... .... = Reserved: Not set

    ...0 .... .... = Nonce: Not set

    .... 0... .... = Congestion Window Reduced (CWR): Not set

    .... .0.. .... = ECN-Echo: Not set

. .... ..0. .... = Urgent: Not set

    .... ...0 .... = Acknowledgment: Not set

    .... .... 0... = Push: Not set

    .... .... .0.. = Reset: Not set

    .... .... ..1. = Syn: Set

    .... .... ...0 = Fin: Not set

    [TCP Flags: ··········S·]

Window: 64416

[Calculated window size: 64416]

Checksum: 0xb6f5 incorrect, should be 0x49c1(maybe caused by "TCP checksum offload"?)

    [Expert Info (Error/Checksum): Bad checksum [should be 0x49c1]]

        [Bad checksum [should be 0x49c1 ...
edit retag flag offensive close merge delete

1 Answer

Sort by » oldest newest most voted

answered 2022-06-11 08:25:54 +0000

grahamb gravatar image

You're assuming that traffic on TCP Port 80 is HTTP, but your wall of text doesn't show that.

While port 80 is the "standard" port for HTTP traffic, it can also be used for other purposes and by applications other than a web browser, including system services checking if the wider internet is available.

There's nothing to be concerned about here, although the data content of the TCP stream might show more.

edit flag offensive delete link more

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Question Tools

1 follower


Asked: 2022-06-11 00:32:19 +0000

Seen: 49 times

Last updated: Jun 11