LinuxQuestions.org
Share your knowledge at the LQ Wiki.
Home Forums Tutorials Articles Register
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
Reload this Page Lots of unexplained WiFi traffic recently
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices


Reply
  Search this Thread
Old 07-15-2023, 12:23 AM   #1
TheJooomes
Member
 
Registered: May 2019
Posts: 192

Rep: Reputation: Disabled
Lots of unexplained WiFi traffic recently

The WiFi indicator on my laptop has been flashing about 90% of the uptime on my laptop at idle. It didn't used to be nearly this bad. It's to the point where I wonder if malware is the culprit.

I got a capture from Wireshark. Could someone more knowledgable than me please look at the feed and let me know if anything looks suspicious for an idle system.

I'm running Void Linux w/i3WM and the only thing I could think would be generating frequent network traffic is sshd. But even with that disabled it's still really bad.

172.233.214.246:81/wlp12s0.pcapng
LQ keeps saying invalid file.
 
Old 07-15-2023, 05:49 AM   #2
//////
Member
 
Registered: Nov 2005
Location: Land of Linux :: Finland
Distribution: Arch Linux && OpenBSD 7.4 && Pop!_OS && Kali && Qubes-Os
Posts: 824

Rep: Reputation: 350Reputation: 350Reputation: 350Reputation: 350
i have a program that maybe could help to solve what kind of traffic it is, its called sniffnet.
https://www.sniffnet.net
 
1 members found this post helpful.
Old 07-15-2023, 01:23 PM   #3
jayjwa
Member
 
Registered: Jul 2003
Location: NY
Distribution: Slackware, Termux
Posts: 794

Rep: Reputation: 253Reputation: 253Reputation: 253
There's two things that stand out, one is SNMP. There's GET requests to 10.0.0.104 from 105. 104 responds it's not evening listening for SNMP. If you use SNMP that's fine - it's just odd to see it on a home network. I couldn't find the OID (1.3.6.1.2.1.25.3.2.1.5.1) with a quick search, but it's probably something from HostResources (hr). Maybe 'snmpget -c public -v1 127.0.0.1 hrStorageSize.1'.

The second thing is UPNP, which is the M-SEARCH/SSDP stuff coming from 10.0.0.105.
https://serverfault.com/questions/64...t-does-it-mean

The rest of the stuff is the usual ARPs and IP6 network stuff. Did you leave a wireless network open? Misconfigured Windows machines around? I don't think it's malware.
 
1 members found this post helpful.
  


Reply



Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
need lots &lots of help sigsbyj Linux - Newbie 11 08-19-2011 03:27 PM
Unexplained Network Traffic with LQ blackhole54 LQ Suggestions & Feedback 7 08-27-2009 01:24 PM
Unexplained UDP traffic - DNS lookup pugsley Linux - Security 3 06-04-2007 05:52 AM
unexplained traffic jarod Linux - Security 3 08-11-2003 10:31 AM
unexplained Mandrake 8.2 traffic mr.moto Linux - Networking 6 08-27-2002 01:58 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 07:21 PM.

Contact Us - Advertising Info - Rules - Privacy - LQ Merchandise - Donations - Contributing Member - LQ Sitemap -
Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration