Richard Mundell wrote:
ARP traffic appears to be what is essentially administrative traffic from
other DSL customers
Not likely, given that he's not using DSL, he's using a cable modem; as
he said:
I have a Comcast Internet Cable connection.
DSL connections are point-to-point, so you shouldn't see traffic to or
from other customers (unless you're communicating directly with one of
those customers). I have the impression that at least some cable modem
connections are more like Ethernets, in that you're on a common network
with some other customers, and can see their traffic.
I don't know whether that's the case here, however; the ARP requests
*are* being sent from what appears to be a wide variety of IP addresses,
so they could be from other clients on the net.
(on the internet side of your connection) so your ISP's
router can figure out IP address to Ethernet address mappings (might also be
DHCP traffic... Not sure if that shows up in Wireshark as ARP traffic...
Given that IP address to Ethernet address mappings are done by making
ARP requests, they'll probably show up in Wireshark as ARP traffic.
The other traffic in the capture is a high volume of (failed) DNS lookups
from your PC to a host called xxz0n3dxx.dyndns.org. I've confirmed this DNS
entry doesn't exist,
Or, at least, it didn't exist at the time you tried it. "dyndns" stands
for "Dynamic DNS"; one service that DynDNS provides is free Dynamic DNS:
http://www.dyndns.com/services/dns/dyndns/
which lets you register a given IP address, even if it's not a static IP
address, with a particular host name. That page indicates what that can
be used for.
Now:
but I'm wondering if you might have some malware on
your PC which is trying to "phone home".
...why some software on his machine is trying to contact that machine is
another question; perhaps it's safe, but perhaps it's not.
