i think most of this has been answerd. if the problem is on the windows computers, it should be visible to my desktop, right? perhaps there is MORE traffic on my desktop that is hidden, but there is certainly too much to be explained by my doing nothing during this time but email and maybe a search or two for how to use wireshark. If I collect all the ip address (and i note there were a variety) that my desktop talked to, can i go somewhere and see if any are known bad actor sites? Carey
On 09/23/2025 11:56 AM CDT D. Hugh Redelmeier via Talk <talk@lists.gtalug.org> wrote:
From: CAREY SCHUG via Talk <talk@lists.gtalug.org>
this is just my home. one router to Comcast, one local node. I assumed wireshark wouild use promiscuous mode and record everything that went to/from comcast, no?
This is not particularly clear.
Is the router actually the box provided by Comcast? That would likely be a combination of a - modem to decode cable signal into ethernet - a router, including NAT, a packet filter - an ethernet (wired) switch - an AP (for WiFi)
Is this correct? What is the model?
"one local node" implies to me that you only have one computer but that seems to contradict other messages which suggest you want your Linux machine to monitor your Windows machine.
I'm guessing that the first thing to do is figure out what machine is generating the traffic. That probably doesn't require wireshark. There are lots of tools to do that (some for Linux, some for Windows. There might even be one in your Comcast router.
If malware is involved, it could be hiding the traffic. If so, you need to measure the traffic on another machine that is party to it. That would be the Comcast box unless you add some hardware. ------------------------------------ Description: GTALUG Talk Unsubscribe via Talk-unsubscribe@lists.gtalug.org Start a new thread: talk@lists.gtalug.org This message archived at https://lists.gtalug.org/archives/list/talk@lists.gtalug.org/message/AP6AC6T...