-3

I have never noticed something like this in my network before:

My IP: 192.168.1.46

enter image description here

enter image description here

enter image description here

It keeps repeating randomly and constantly.

At first, I thought I was infected by some type of malware. I completely uninstalled Kali and reinstalled. I was surprised when, after having deleted everything and installed the OS again, this traffic continued in my network.

One interesting point is that traffic stops when I shut wifi down it takes around 1-10 minutes to start again, apparently randomly. On top of this, the IP connecting to my computer (which is 192.168.1.46), keeps changing, such as some type of proxy. I have found with IP geolocation that they are from different countries.

Is there a person behind this? How to proceed?

schroeder
  • 123,438
  • 55
  • 284
  • 319
RobrSan
  • 1
  • 1
  • 4
    I cannot see any IP connecting to your computer as you claim but maybe they are buried somewhere in your non-descriptive screenshots of wireshark. I can only see your computer making HTTPS and HTTP connections to outside IP (and getting responses), some targets are Amazon Cloud (which can be anything), some owned by Google. – Steffen Ullrich Jul 06 '18 at 20:33
  • You are going to need to describe what is unusual in the capture. Nothing looks wrong at all. Next time, include exactly what each screenshot is telling you. – schroeder Jul 07 '18 at 13:52
  • 1
    From what I am seeing, `Source: your IP Dest: other IP`, then `Source: other IP type ACK`. The person "behind" all this is *you*. – schroeder Jul 07 '18 at 13:55
  • I see that you have looked up the geo-ip, but have you looked up the services? I'm seeing CDNs and DNS from some of the biggest Internet companies that exist (UltraDNS, Akamai). – schroeder Jul 07 '18 at 14:03

1 Answers1

1

Is there a person behind this?

Probably not (other than yourself).

How to proceed?

You could try running netstat -p to see which processes on your local machine are involved with this network activity. If you have Windows you could use procmon to further investigate what is responsible locally for the network activity.

hft
  • 4,910
  • 17
  • 32