This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

why are there packets from pages that I didn’t visit during capture?

0

Hi everyone,

I'm very new to this whole packet analyzing thing and I would really appreciate any help you guys can offer.

The other day I started capturing packets on our wifi network and When I looked at the captured packets later, everything seemed normal except for several HTTP requests from (and to) my computer's IP to a specific website which I didn't visit during the capture. The last time I had visited that website was more than a month before the capture. Moreover, there were several HTTP and TCP packets from different pages on that website, as if someone was browsing through it.

When I saw these packets I doubled check my browser's history(chrome) and my browser's history confirms that the last visit to anything related to this website was more than a month ago.

This seems very wired specially that I can't see any other visits to other websites from my chrome's history. Also, this is a very sensitive governmental website.

I tried to run this filter "arp.duplicate-address-frame" on the capture to see if someone was spoofing my ip or anything like that but no results came up.

Does anyone know what might be going on here?

Thanks in advance

asked 29 Aug '16, 16:54

truthWins's gravatar image

truthWins
6112
accept rate: 0%


One Answer:

0

Browser background processing, most likely. They like to keep their caches/history updated, so that when you revisit them (statistically likely, since you've been there before) they can show you the site/page quicker.

answered 30 Aug '16, 02:45

Jaap's gravatar image

Jaap ♦
11.7k16101
accept rate: 14%