Revision history [back]

I am conducting a TLS scanning for a set of domain names. I tried to monitor the client's behaviour using WireShark. I find strange connection initiated from my client in a ClientHello (I made sure from this point as I know my custom set of ciphersuites) to a domain not in my list. This is the source and dest. after anonymizing the source IP and name. I am gussing this can be normal due to CDNs like cloudflare etc.

Can an expert confirms this is ok? to see connections (several cases there) to a domain not in my list as the following:

src dest.
Protocol Length info, 12.13.44.56 e11847.g.akamaiedge.net TLSv1.2 233 Client Hello

Please, advise. Is this a problem? attack that is taking over my computer and initiates outgoing connections from my PC? or normal?

I am conducting a TLS scanning for a set of domain names. I tried to monitor the client's behaviour using WireShark. I find strange connection initiated from my client in a ClientHello (I made sure from this point as I know my custom set of ciphersuites) to a domain not in my list. This is the source and dest. after anonymizing the source IP and name. I am gussing this can be normal due to CDNs like cloudflare etc.

Can an expert confirms this is ok? to see connections (several cases there) to a domain not in my list as the following:

src dest.
Src,Dest.,Protocol,Length,Info

Protocol Length info, 12.13.44.56 e11847.g.akamaiedge.net TLSv1.2

12.13.44.5 , e11847.g.akamaiedge.net,TLSv1.2, 233 Client Hello

Please, advise. Is this a problem? attack that is taking over my computer and initiates outgoing connections from my PC? or normal?