"If I collect all the ip address (and i note there were a variety) that my desktop talked to, can i go somewhere and see if any are known bad actor sites?" 

The IP addresses will generally point to large host providers, who sell individual IPs to anyone. Generally they ALL have bad actors but pay their dues, so the host providers look the other way.

On Tue, 23 Sept 2025 at 13:13, CAREY SCHUG via Talk <talk@lists.gtalug.org> wrote:
i think most of this has been answerd.  if the problem is on the windows computers, it should be visible to my desktop, right?  perhaps there is MORE traffic on my desktop that is hidden, but there is certainly too much to be explained by my doing nothing during this time but email and maybe a search or two for how to use wireshark.

If I collect all the ip address (and i note there were a variety) that my desktop talked to, can i go somewhere and see if any are known bad actor sites?

Carey

> On 09/23/2025 11:56 AM CDT D. Hugh Redelmeier via Talk <talk@lists.gtalug.org> wrote:
>

> > From: CAREY SCHUG via Talk <talk@lists.gtalug.org>
>
> > this is just my home. one router to Comcast, one local node.  I assumed
> > wireshark wouild use promiscuous mode and record everything that went
> > to/from comcast, no?
>
> This is not particularly clear.
>
> Is the router actually the box provided by Comcast?
> That would likely be a combination of a
> - modem to decode cable signal into ethernet
> - a router, including NAT, a packet filter
> - an ethernet (wired) switch
> - an AP (for WiFi)
>
> Is this correct?
> What is the model?
>
> "one local node" implies to me that you only have one computer but that
> seems to contradict other messages which suggest you want your Linux
> machine to monitor your Windows machine.
>
> I'm guessing that the first thing to do is figure out what machine is
> generating the traffic.  That probably doesn't require wireshark.
> There are lots of tools to do that (some for Linux, some for Windows.
> There might even be one in your Comcast router.
>
> If malware is involved, it could be hiding the traffic.  If so, you need
> to measure the traffic on another machine that is party to it.  That would
> be the Comcast box unless you add some hardware.
> ------------------------------------
> Description: GTALUG Talk
> Unsubscribe via Talk-unsubscribe@lists.gtalug.org
> Start a new thread: talk@lists.gtalug.org
> This message archived at https://lists.gtalug.org/archives/list/talk@lists.gtalug.org/message/AP6AC6TBWUTS34F3Q7CZQL4P2GKZKFVS/
------------------------------------
Description: GTALUG Talk
Unsubscribe via Talk-unsubscribe@lists.gtalug.org
Start a new thread: talk@lists.gtalug.org
This message archived at https://lists.gtalug.org/archives/list/talk@lists.gtalug.org/message/HAIQOXQSU4CDTO6L7MMOMKZYJVUQW46Y/