Wireshark-users: [Wireshark-users] Anybody seen this before?
Date Index · Thread Index · Other Months · All Mailing Lists
Date Prev · Date Next · Thread Prev · Thread Next
From: GaryT <gary@xxxxxxxx>
Date: Tue, 09 Jul 2013 16:32:59 +1000
Has anyone seen an activity whereby someone supposedly dumps a load of data on a machine but the only place it can be found is in the capture file? AND much of the same data seems to appear repeatedly.
The "data" looks like a capture of browsing activity, showing many different URLs, search engine strings, and the resulting web site and/or domain names. When first noticing it I thought someone was taking (or reading) part of my browser cache, but looking closer I found the packets were INCOMING, not outgoing and absolutely NONE of the names could be applied to any of my (infrequent) search activity.
Initially it seemed as though hackers had been through and someone was playing games, but surely that can't be true? However, it appears for all the world like someone is sending me a load of rubbish. I don't know enough about the structure or the format of data packets to be able to determine what's happening.
What are the rules of this list? Can I send a part of a cap file in a message, or attach a text file perhaps? What is common practice here? 

GaryT



More information below if needed.

Information:
============
Have just joined this list, mainly to learn as much as possible. I've used Windows since the 1980s, have been through all versions up to XP where further upgrades, mainly for the sake of the publisher's bottom line became a joke.
Began using Linux in 2008 and since then learnt very litle. It's hard to switch an old brain after so many years of developed habits, good and bad. Used CommView under Windows in order to identify and observe uninvited guests and was glad to discover Wireshark to use with Linux. 

Currently using Version 1.2.7, running on Ubuntu.

Specifics from the "Help-About"
*********************************************************************
Compiled with GTK+ 2.20.0, with GLib 2.24.0, with libpcap 1.0.0, with libz 1.2.3.3, with POSIX capabilities (Linux), with libpcre 7.8, with SMI 0.4.8, with c-ares 1.7.0, with Lua 5.1, with GnuTLS 2.8.5, with Gcrypt 1.4.4, with MIT Kerberos, with GeoIP, with PortAudio V19-devel (built Feb 18 2010 22:31:30), without AirPcap.
Running on Linux 2.6.32-44-generic, with libpcap version 1.0.0, GnuTLS 2.8.5, Gcrypt 1.4.4. 

Built using gcc 4.4.3.
*********************************************************************
Am using Firefox 16,0,1 and recently installed a system named Ghostery which sounds a tad corny but performs impressively in the art of limiting the activities of intruders. 

Apart from that, my Ubuntu machine is fairly normal :-)